Skip to main content

The most recent patch for this version is 7.0.1.  Learn more  

Version: 7.0

Additional configuration

Updating hostname and SSL Certificate

ASM is preconfigured, so it does not need any extra configuration when it runs on localhost. However, if it runs on a machine with a different hostname than localhost, the hostname and the SSL Certificate common name need to be updated before building and running ASM.

How to configure the hostname

  1. Navigate to the docker/ folder of the extracted distribution.
  2. Update the HOST variable in the .env file. The default value is localhost.
  3. Save the file and exit.

How to configure SSL Certificate common name

There are two ways to configure the SSL Certificate. The first one generates a self-signed SSL certificate, and should be used in dev and test environments. The second provides the ability to import trusted certificates, and should be used in production environments.

Option 1: Generate a Self-Signed Certificate

  1. Navigate to the docker/ folder of the extracted distribution.
  2. In the .env file, update the SELF_SIGNED variable to true.
  3. In the .env file, update the CERTIFICATE_CN variable. The default value is *. This is the Common Name of the certificate (CN) to be generated.
  4. Save the file and exit.

Option 2: Import a Certificate

ASM requires a PKCS#12 (Public Key Cryptography Standard #12) Certificate. In case you already have a certificate with different format (for example .pem), you should convert it to PKCS#12. The certificate file must be named as cert.keystore.p12. During the creation of the certificate, the name (or alias) must be set to server.

  1. Navigate to the docker/ folder of the extracted distribution.
  2. In the .env file, update the SELF_SIGNED variable to false.
  3. Copy the cert.keystore.p12 certificate file into the docker/api.gateway/resources/ folder.
  4. Save the file and exit.

Updating attribute connectors

ASM is installed with a default set of standard attribute connectors. However, the attribute connectors are developed, maintained, and released independently of releases of ASM. New and updated versions may be released and made available for download at any time.

Contact Axiomatics Customer Support for information on latest versions and available downloads.

Standard attribute connector versions

This release of ASM is delivered with the following versions of the standard attribute connectors:

  • LDAP Attribute Connector 6.1.1
  • SQL Attribute Connector 6.2.2
  • Table Attribute Connector 7.0.0

Important: Earlier versions of the attribute connectors should be considered incompatible with this version of ASM and should not be used. Updated versions of the attribute connectors may be released, which may be installed and used with this version of ASM subject to compatibility information for each attribute connector, respectively.

LDAP Attribute Connector

The LDAP Attribute Connector is used for connection to LDAP data sources. It is already deployed and does not need further installation.

SQL and Table Attribute Connectors

The SQL Attribute Connector and the Table Attribute Connector are both used for connections to SQL data sources. The functionality of the Table Attribute Connector is slightly more restrictive than the SQL Attribute Connector, but it is easier to configure. For more information about the differences between the attribute connectors, see the section Attribute Connectors.

Only the JDBC connection type is supported for the SQL Attribute Connector and the Table Attribute Connectors.

Updating standard attribute connectors

If an updated version of an attribute connector is released, it is easy to check against what is already installed and decide whether an update is required. (See Standard attribute connector versions above for the versions that are included in this ASM release.)

Refer to the documentation accompanying each attribute connector for more information on changes and functional updates in new releases.

  1. Extract the contents of the downloaded attribute connector distribution file(s) in the file system and locate the attribute connector jar file(s). (See the included documentation for more information.)

  2. Stop ASM if it is running. To do that, press CTRL+C in the console. (Alternatively, navigate to the docker/ folder and issue the command docker-compose stop.)

  3. In a second file system window, navigate to <root path>/docker/asm.core/attribute.connectors/

There you will find a folder for each of the standard attribute connectors, plus one for custom attribute connectors.

  1. Copy the updated attribute connector .jar file(s) to the relevant folder(s). For example, the sql-attribute-connector-<version>.jar would go into the <root path>/docker/asm.core/attribute.connectors/sql-attribute-connector folder, etc.
  2. From the docker/ folder, run the command docker-compose build --no-cache asm. This will rebuild the Docker image that contains the attribute connectors.
  3. Finally, also from the docker/ folder, run the command docker-compose up. This restarts ASM, which will now use the new attribute connector(s).

This concludes the update.

Note: The attribute connectors can be updated individually. If an attribute connector folder under docker/asm.core/attribute.connectors/ is empty, the deployed ASM will continue to use the attribute connector that was included in the release. The folder custom-attribute-connectors is rescanned on every start to reflect the folder content.

Custom attribute connectors

When a custom Attribute Finder has been set up on the PDP (Policy Decision Point) side, the same same Attribute Finder package must be made available to ASM as an attribute connector so that it shows up in the list of available Attribute Connector types that can be chosen in the ASM GUI.

Attribute Finders are built for the Java ServiceLoader.

Note: Legacy Attribute Finders created for the JSPF plugin framework are supported for use with the current release, but Axiomatics strongly recommends converting them to the Java ServiceLoader mechanism.

Adding a Java ServiceLoader Attribute Finder

An Attribute Finder built for the Java ServiceLoader can be plugged into the ASM system by following these steps:

  1. Stop ASM if it is running. To do that, press CTRL+C in the console. (Alternatively, navigate to the docker/ folder and issue the command docker-compose stop.)

  2. Navigate to <root path>/docker/asm.core/attribute.connectors/custom-attribute-connectors

  3. Copy the the Attribute Finder (that is, the custom attribute connector .jar file) to this folder.

  4. From the docker/ folder, run the command docker-compose build --no-cache asm. This will rebuild the Docker image that contains the attribute connectors.

  5. Finally, also from the docker/ folder, run the command docker-compose up. This restarts ASM, which will now use the custom attribute connector(s).