A Forum reader recently asked:
"I saw a demo of a rather nice idea and I'd like to know how it was done. It showed an application being protected by Access Manager 3. When a user got an 'access denied' due to not having been given access to the application, the user would be redirected over to the UserApp workflow request page to fill in a form requesting access to the application. Then the workflow would be kicked off to the approvers.
I think I know how to set up the workflow part of this. And I'm guessing that to make this work that the UserApp also has to be a protected application behind Access Manager, so as to get the user logged in to it via single-sign-on. But how do I redirect the Access Manager 3 'access denied' error to a UserApp workflow page?"
And here's the response from Jason Sabin ...
This is typically performed by the new Access Gateway Authorization Policy.
For example, let's say a user has requested a web resource that he currently does not have access to. This is checked for in the Authorization Policy. Instead of just issuing a Deny message to the user, you can specify a URL to redirect to. This URL can point to anywhere, a custom page, a request for workflow, etc.
Here is a really simple example of an authorization policy that demonstrates this. I am using Roles as an example, but you can use anything within the policy to do this.
Example AG Authorization Policy
If URL Path [current]
Data Entry Field [/newWebResource]
If Current Role of User
URL [Your workflow request URL]
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.