CAQ and ASM 6.2.x integration
Contextual Authorization Query (CAQ) service supports Authorization Domain version 2 format (YAML-based authorization domain) that is compatible with the format produced and supported by ASM 7.0 and on.
However, CAQ can also support integration with ASM 6.2.x by using the Authorization Domain Converter (DOMCONV) tool to convert Authorization Domains in version 1 to version 2 YAML format.
Downloading the file
The DOMCONV application file is provided separately by Axiomatics. Please contact Axiomatics Customer SupportOpens in a new tab to get the ZIP file that contains the full distribution of the Authorization Domain Converter.
Next, unpack the .zip
file to the directory from where you want to run Authorization Domain Converter.
You can also refer to the DOMCONV documentation included in the unzipped domconv
folder for more information on the DOMCONV tool and its installation.
Converting an Authorization Domain
The instructions below describe how to use the DOMCONV tool for converting a version 1 YAML format Authorization Domain into a version 2 one.
According to your specific setup execute the following command:
- Windows
- Unix
In Windows command line:
> .\bin\domconv.bat convert <domain xml file path>
In case you want to use an authorization domain with a fully populated attribute dictionary, you have to extract from ASM an attributes' XML file and convert it too.
Add the -a
flag to produce the full set of attribute definitions from the attributes' XML file:
> .\bin\domconv.bat convert <domain xml file path> -a <attributes.xml>
$ ./bin/domconv convert <domain xml file path>
In case you want to use an authorization domain with a fully populated attribute dictionary, you have to extract from ASM an attributes' XML file and convert it too.
Add the -a
flag to produce the full set of attribute definitions from the attributes' XML file:
$ ./bin/domconv convert <domain xml file path> -a <attributes.xml>
Regardless of your particular setup, it is highly recommended to run DOMCONV using the -a
flag, so that the resulting domain contains a full set of attribute definitions.
Setting the attribute connectors classpath
In case of domains using attribute connectors you need to make sure that these are available to the DOMCONV tool before the conversion.
The tool will look for these extra attribute connector dependencies according to the value of the environment variable CONNECTORS_CLASSPATH
.
The CONNECTORS_CLASSPATH
variable should be set to point to the attribute connector implementations and their dependencies, following standard Java classpath conventions, depending on your operating system.
- Windows
- Unix
Run the following commands to set the classpath and to start the conversion:
> set CONNECTORS_CLASSPATH=<attribute connectors classpath>
> .\bin\domconv.bat convert <domain xml file path> -a <attributes.xml>
Example:
If all the attribute connector dependencies needed to convert sample_domain.xml
are in the ./connector1
and ./connector2
directories, then the commands would be:
> set "CONNECTORS_CLASSPATH=connector1/*;connector2/*"
> .\bin\domconv.bat convert sample_domain.xml -a my_attributes.xml
Use of a semi-colon (;
) to separate different paths. In addition, the quotation marks ("
) should include the whole variable assignment expression, not just the value connector1/*;connector2/*
.
Run the following commands to set the classpath and to start the conversion:
$ export CONNECTORS_CLASSPATH=<attribute connectors classpath>
$ ./bin/domconv convert <domain xml file path> -a <attributes.xml>
Example:
If all the attribute connector dependencies needed to convert sample_domain.xml
are in the ./connector1
and ./connector2
directories, then the commands would be:
$ export CONNECTORS_CLASSPATH="connector1/*:connector2/*"
$ ./bin/domconv convert sample_domain.xml -a my_attributes.xml
Use of a colon (:
) to separate different paths.
You can also use:
$ CONNECTORS_CLASSPATH="connector1/*:connector2/*" ./bin/domconv convert some_domain.xml