Tuesday, 14 October 2014

How to Configure extended attributes in WebSEAL

Steps to Configure extended attributes

1 Login to WebSEAL server.
2 Open the WebSEAL instance configuration file.
Location: /web/pdweb/etc/webseald-<instance-name>.conf
3 In the [aznapi-entitlement-services] stanza, add the property
ISAM_CRED_ATTRS_IDS = azn_ent_cred_attrs
4 In the [aznapi-configuration] stanza, add the property
cred-attribute-entitlement-services= ISAM_CRED_ATTRS_IDS
5 At the end of the file, add the following lines of properties

[ISAM_CRED_ATTRS_IDS]
user = azn_cred_registry_id
[ISAM_CRED_ATTRS_IDS:user]
tagvalue_credattrs_givenname = givenname
tagvalue_credattrs_sn = sn
tagvalue_credattrs_uid = uid


Run the below commands to set the extended attributes at the junction level

pdadmin sec_master> object list /WebSEAL
pdadmin sec_master> object modify /WebSEAL/myssoenv-mywebinst1/MyJct set attribute HTTP-Tag-Value credattrs_uid=SM_USER
or
pdadmin sec_master> object modify /WebSEAL/myssoenv-mywebinst1/MyJct set attribute HTTP-Tag-Value credattrs_uid=uid
pdadmin sec_master> object modify /WebSEAL/myssoenv-mywebinst1/MyJct set attribute HTTP-Tag-Value credattrs_sn=sn
pdadmin sec_master> object show /WebSEAL/myssoenv-mywebinst1/MyJct                                                
Where MyJct is my Junction name

By
Nandavaram Pavan Kumar
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)