To perform conditional URL evaluation (where there are arguments in the URL that will change and impact the policy decision), a custom policy evaluation plugins needs implementing - http://docs.forgerock.org/en/openam/11.0.0/dev-guide/index/chap-policy-spi.html
Use Case
URL to contain all information required to make a policy decision, but components of the URL vary adding context.
Eg – http://app.example.com/orgs/*/users/*?action=patch
In this example an organisation number prefixs users, whilst the user number suffixes users. A condition should exist where only users who are managers AND managers of the same organisation of the user they're accessing should be allowed.
Manager1, org=123 – http://app.example.com/orgs/123/user/456?action=patchALLOW Manager2, org=124 - http://app.example.com/orgs/123/user/456?action=patchDENY Manager2, org=123 - http://app.example.com/orgs/124/user/567?action=patchALLOW Manager1, org=123 - http://app.example.com/orgs/124/user/567?action=patchDENY
Imple…
Use Case
URL to contain all information required to make a policy decision, but components of the URL vary adding context.
Eg – http://app.example.com/orgs/*/users/*?action=patch
In this example an organisation number prefixs users, whilst the user number suffixes users. A condition should exist where only users who are managers AND managers of the same organisation of the user they're accessing should be allowed.
Manager1, org=123 – http://app.example.com/orgs/123/user/456?action=patchALLOW Manager2, org=124 - http://app.example.com/orgs/123/user/456?action=patchDENY Manager2, org=123 - http://app.example.com/orgs/124/user/567?action=patchALLOW Manager1, org=123 - http://app.example.com/orgs/124/user/567?action=patchDENY
Imple…