0 Replies Latest reply: Jul 22, 2010 5:39 PM by 807573 RSS

    OpenSSO policy decision on OriginalRequestedURL

    807573
      Our need is to mediate access to application sub folders based on the login id, without the need to prepare a policy for each user of the set of sub folders by id.

      Example: lets login as rob; rob has access to resource https://reportApp.example.com/reports/rob/* but jim does not.
      I'd prepare a policy for the subjects to access https://reportApp.example.com/reports/* and then conditionaly allow access to login id rob to his reports.

      I've examined document http://docs.sun.com/app/docs/doc/820-3748/giaww?l=en&a=view and built some test examples. While the principal name is available in SSOToken token, the Map env holds the url defined in the policy - In the example; https://reportApp.example.com/reports/* - therefore not able to be examined for the requested sub folder /rob/

      I've not been able to find away to express at the policy decision point the actual url presented to the agent. In the example above something like https://reportApp.example.com/reports/rob/myreport.pdf

      Some feedback on the resource requested by the user as presented to the agent would be most helpful.