Attribute Connector Management
An Attribute Connector Configuration is a representation of an attribute source that a Policy Decision Point (PDP) can use to obtain values for attributes referenced in their XACML policies. Attribute Connector Configurations are first order objects with their own life cycles in the Axiomatics Services Manager and can be created, modified and deleted independently of the Authorization Domain or other objects in the Axiomatics Services Manager. A clear strategy for managing Attribute Connector Configurations should be developed, however, as they may be associated with an Authorization Domain.
Attribute Connectors
The Axiomatics Services Manager comes with built-in support for a number of attribute sources, for example, LDAP, SQL, and TABLE.
When an Attribute Connector is associated with an Authorization Domain, the Attribute Connector configuration is automatically deployed to the PDPs in the domain so that they can obtain all the attributes provided by the Attribute Connector.
On a high level, an Attribute Connector contains the following information:
General information describing the Attribute Connector
Connection information on how to access the attribute source
A set of attributes where each attribute contains an attribute identifier, category, datatype and information on how to read the attribute from the attribute source
The general part of an Attribute Connector is independent of the attribute connector type but the connection information does depend on the type of connector.
Attributes must exist in the Attribute Dictionary before they can be set for an Attribute Connector.
Field | Description | Supported format |
---|---|---|
Name | The name of the Attribute Connector as it is referenced in the Axiomatics Services Manager system. This should normally be kept short and meaningful to the administrator. | Any string |
Description | Free-form description of the attribute connector. | Any string |
Type | The type of attribute source. | For example, "LDAP", "SQL", or "TABLE" |
The part of an Attribute Connector, including the data for each attribute in the set of attributes that the attribute source provides, can be found in the sub-sections:
Create an Attribute Connector
Create a new Attribute Connector:
- by creating it from scratch
- by cloning an existing Attribute Connector
A new Attribute Connector is created by clicking the Create icon in the action bar above the Attribute Connector list. This opens an empty form in the Tools side panel where all the information for the new Attribute Connector can be filled in.
After clicking the Create icon and opening the form in the Tools side panel, define a new Attribute Connector as follows:
Fill in the general information for the new Attribute Connector.
Click the Configuration link to open the base form for the specific attribute connector type.
This form will depend on the type selected (LDAP, SQL, TABLE, or custom).
Fill in the form.
See LDAP Attribute Connector, SQL Attribute Connector, and Table Attribute Connector for descriptions of the input fields.
Click Add at the bottom of the form to add attribute mappings for the Attribute Connector.
This will open an attribute form in the Tools side panel.
Fill in the form.
Click Apply.
This will add the attribute mapping for the Attribute Connector and return to the base form for the Attribute Connector type.
Keep adding attributes by repeating the three previous steps until all desired attributes have been added.
Click Apply to close the form specific to the Attribute Connector type.
Click Apply to save the new Attribute Connector.
Attribute Connectors can also be cloned. The Axiomatics Services Manager enables the user to clone multiple entities simultaneously. Select one or more elements on the Attribute Connector list by checking the appropriate checkboxes and click the Clone button. This creates identical copies of the original Attribute Connectors.
To prevent the user from confusing the various clones of any one Attribute Connector, numeric suffixes are automatically added to the name of each cloned item. The indexing system identifies the clone according to its sequential relation to its original Attribute Connector and to its subsequent iterations. For example, the suffix -1-2 indicates the item is the second clone made from the first clone generated.
After cloning, the cloned Attribute Connectors appear in the attribute list and can be modified as desired.
Modify an Attribute Connector
Modify an Attribute Connector by selecting the attribute finder from the list in the Attribute Connector List view.
Once an Attribute Connector has been saved, it is not possible to change the type of attribute source.
Changes to general information regarding the Attribute Connector are made directly in the Tools side panel.
Changes to Attribute Connector type specific data are made by clicking the Configuration link in the Tools side panel.
The set of attributes in the Attribute Connector are managed as follows using the list in the type-specific Tools side panel:
Delete an attribute by selecting it on the list and clicking Remove.
Add an attribute by clicking Add and filling in the form as described in Create an attribute connector.
Modify an attribute by clicking the attribute name on the list and making the desired changes on the form.
Delete an Attribute Connector
Delete one or more Attribute Connectors by selecting the checkbox(es) to the left of the name(s) on the attribute list and then click the Remove button in the action bar.
If an Attribute Connector is used in a domain configuration, it cannot be removed this way and any attempt will result in a notification.
Export an Attribute Connector
Export an attribute connector and save it in XML format as follows:
Select the checkbox to the left of the attribute connector to be exported in the list of attribute connectors.
This will enable the Export button in the action bar.
Click Export.
The attribute connector is exported and saved as an XML file.
It is only possible to export a fully configured attribute connector. As long as the configuration is partial, the Export button is disabled. Also, only one attribute connector can be exported at a time.
Import an Attribute Connector
Import Attribute Connectors previously exported from ASM or external applications.
To import an Attribute Connector's configuration, follow the steps below:
Open the Attribute Connector list and click Import.
Select the XML file containing the Attribute Connector's configuration and click Open.
When the file is uploaded, the edit mode of the Attribute Connector will open automatically.
To verify that the Attribute Connector's configuration was imported properly, click the Configuration link and check the settings.
All attribute connectors are imported as "Untitled". Enter a name for the configuration, and edit the description if necessary.
Click Apply to save the imported attribute connector.
When importing custom attribute connectors, the type information is lost. Simply reselect it using the Type drop-down menu before going on to checking the configuration.