Skip to main content


Showing posts from February, 2014

Conditional URL Policy Evaluation in OpenAM

To perform conditional URL evaluation (where there are arguments in the URL that will change and impact the policy decision), a custom policy evaluation plugins needs implementing - Use Case URL to contain all information required to make a policy decision, but components of the URL vary adding context. Eg –*/users/*?action=patch In this example an organisation number prefixs users, whilst the user number suffixes users. A condition should exist where only users who are managers AND managers of the same organisation of the user they're accessing should be allowed. Manager1, org=123 – ALLOW Manager2, org=124 - DENY Manager2, org=123 - ALLOW Manager1, org=123 -