Attribute connectors
In some configurations, a policy decision cannot be reached using only the data provided in the initial request. In these instances, the Access Decision Service (ADS) utilizes Attribute connectors acting as Policy Information Points (PIP). These connectors bridge the gap to external sources, such as databases or LDAP directories, to retrieve missing attribute values.
While Axiomatics provides several standard Attribute connectors, custom ones can be developed to fetch data from unsupported sources. Each Attribute connector configuration defines the source type, the specific attributes provided, and the retrieval methods. This configuration is stored within the authorization domain and executed by the ADS during runtime evaluation.
ADS includes the following standard Attribute connectors:
Table and SQL Attribute connectors
Both used for connections to SQL data sources. The main differences are that the Table Attribute connector assumes attributes can be fetched directly from columns in the database and that it does not support arbitrary SQL queries.
LDAP Attribute connector
Used for connection to LDAP data sources.
HTTP Attribute Connector
Used to connect to a web service and retrieve its payload which it then returns to the PDP.
Parser Attribute Connectors
Takes a string in a structured format and extracts nested values from it. Consists of the following:
JSON Parser
XML Parser
JWT Parser
Visit the Attribute connectors documentationOpens in a new tab for further details.
Custom Attribute connectors
You can create custom Attribute connectors to fetch attributes not supported by the standard ones. These custom Attribute connectors, also known as Attribute Finders, are built for the Java ServiceLoader.
When you set up a custom Attribute Finder in ADS, you also need to make that same Attribute Finder package available to Axiomatics Services Manager (ASM) as an Attribute connector. This ensures it appears in the list of available Attribute connector types you can choose from in the ASM GUI.