Attribute Connector Management
An Attribute Connector Configuration is a representation of an attribute source that a Policy Decision Point (PDP) can use to obtain values for attributes referenced in their XACML policies. Attribute Connector Configurations are first order objects with their own life cycles in the Axiomatics Services Manager and can be created, modified and deleted independently of the Authorization Domain or other objects in the Axiomatics Services Manager. A clear strategy for managing Attribute Connector Configurations should be developed, however, as they may be associated with an Authorization Domain.
Attribute Connectors
The Axiomatics Services Manager comes with built-in support for a number of attribute sources, for example, LDAP, SQL, and TABLE.
When an Attribute Connector is associated with an Authorization Domain, the Attribute Connector configuration is automatically deployed to the PDPs in the domain so that they can obtain all the attributes provided by the Attribute Connector.
On a high level, an Attribute Connector contains the following information:
General information describing the Attribute Connector
Connection information on how to access the attribute source
A set of attributes where each attribute contains an attribute identifier, category, datatype and information on how to read the attribute from the attribute source
The general part of an Attribute Connector is independent of the attribute connector type but the connection information does depend on the type of connector.
Note: Attributes must exist in the Attribute Dictionary before they can be set for an Attribute Connector.
| Field | Description | Supported format |
|---|---|---|
| Name | The name of the Attribute Connector as it is referenced in the Axiomatics Services Manager system. This should normally be kept short and meaningful to the administrator. | Any string |
| Description | Free-form description of the attribute connector. | Any string |
| Type | The type of attribute source. | For example, "LDAP", "SQL", or "TABLE" |
The part of an Attribute Connector, including the data for each attribute in the set of attributes that the attribute source provides, can be found in the sub-sections:
Creating an Attribute Connector
A new Attribute Connector can be created in two ways:
by creating a new Attribute Connector from scratch
by cloning an existing Attribute Connector
A new Attribute Connector is created by clicking the Create icon in the action bar above the Attribute Connector list. This opens an empty form in the Tools side panel where all the information for the new Attribute Connector can be filled in.
After clicking the Create icon and opening the form in the Tools side panel, continue defining a new Attribute Connector as follows:
Fill in the general information for the new Attribute Connector
Click the "Configuration" link to open the base form for the specific attribute connector type. This form will depend on the type selected (LDAP, SQL, TABLE, or custom).
Fill in the form. (See LDAP Attribute Connector, SQL Attribute Connector, and Table Attribute Connector, respectively, for descriptions of the input fields.)
Click Add at the bottom of the form to add attribute mappings for the Attribute Connector. This will open an attribute form in the Tools pane.
Fill in the form.
Click Apply. This will add the attribute mapping for the Attribute Connector and return to the base form for the Attribute Connector type
Keep adding attributes by repeating the three previous steps until all desired attributes have been added.
Click Apply to close the form specific to the Attribute Connector type.
Click Apply to save the new Attribute Connector.
Attribute Connectors can also be cloned. The Axiomatics Services Manager enables the user to clone multiple entities simultaneously. Select one or more elements on the Attribute Connector list by checking the appropriate checkboxes and click the Clone button. This creates identical copies of the original Attribute Connectors.
Note: To prevent the user from confusing the various clones of any one Attribute Connector, numeric suffixes are automatically added to the name of each cloned item. The indexing system identifies the clone according to its sequential relation to its original Attribute Connector and to its subsequent iterations. For example, the suffix -1-2 indicates the item is the second clone made from the first clone generated.
After cloning, the cloned Attribute Connectors appear in the attribute list and can be modified as desired.
Modifying an Attribute Connector
Modifying an Attribute Connector is done by selecting the attribute finder from the list in the "Attribute Connector List" view.
Note: Once an Attribute Connector has been saved, it is not possible to change the type of attribute source.
Changes to general information regarding the Attribute Connector are made directly in the Tools side panel
Changes to Attribute Connector type specific data are made by clicking the "Configuration" link in the Tools side panel
The set of attributes in the Attribute Connector are managed as follows using the list in the type specific Tools side panel:
An attribute can be deleted by selecting it on the list and clicking the Remove button.
An attribute can be added by clicking the Add button and filling in the form as described in "Creating an attribute connector"
An attribute can be modified by clicking the attribute name on the list and making the desired changes on the form.
Deleting an Attribute Connector
An Attribute Connector can be deleted by checking the checkbox to the left of its name on the attribute list and then clicking the Remove button in the action bar. ASM supports bulk removal, meaning several items may be removed at once. However, if an Attribute Connector is used in a domain configuration, it cannot be removed in this way and any attempt to do so will result in a notification.
Attribute Connector export
It is possible to export an attribute connector and save it in XML format. The following steps are required:
Select the attribute connector to be exported by selecting the check box to the left of its name in the list of attribute connectors. This will enable the Export button in the action bar.
Click the Export button.
The attribute connector is exported and saved as an XML file.
Note: It is only possible to export a fully configured attribute connector. As long as the configuration is partial, the Export button is disabled. Also, only one attribute connector can be exported at a time.
Attribute Connector import
ASM also provides an import function for previously exported Attribute Connectors or for Attribute Connectors exported from external applications.
To import an Attribute Connector's configuration, follow the steps below:
Open the Attribute Connector list and click the Import button.
Select the XML file containing the Attribute Connector's configuration. Click the Open button.
When the file is uploaded, the edit mode of the Attribute Connector will open automatically.
To verify that the Attribute Connector's configuration was imported properly, click the Configuration link and check the settings.
All attribute connectors are imported as "Untitled". Enter a name for the configuration, and edit the description if necessary.
Click Apply to save the imported attribute connector.
Note: When importing custom attribute connectors, the type information is lost. Simply reselect it using the Type drop-down menu before going on to checking the configuration.