Using Identity Manager Roles as Access Manager Roles

Using Identity Manager Roles as Access Manager Roles

This aims to join the dots between Identity Manager Role(s) and Access Manager Role(s) in a dynamic way.

Firstly, we need to create a new custom shared attribute. The nrfMemberOf attribute holds all the currently active/assigned IDM Roles, whether they be Parent, Child or Group Roles.

nrfMemberOf_LDAP.png

Next, we need to create a Virtual Attribute to process this DN value to get just the Role Name:

AssignRoles_VA.png

The Advanced Javascript code would be:

function main(P1)
{
	var nrf_role = [];
	var re = new RegExp("^cn=([^,]+).+", "i");
	if (P1 instanceof Array)
	{
		for (var i = 0; i < P1.length; i++)
		{
			var nrfData = P1[i].match(re)||['0'];
			if ((nrfData[1] != null) && (nrfData[1].length != 0))
			{
				nrf_role[i] = nrfData[1];
			}
		}
	}
	else
	{
		var nrfData = P1.match(re)||['0'];
		if ((nrfData[1] != null) && (nrfData[1].length != 0))
		{
			nrf_role = nrfData[1];
		}
	}
	return nrf_role;
}

Finally, we create an Identity Server: Roles policy to active each IDM Role as a NAM Role:

ActivateRole.png

Once the Role is activated on the Identity Server(s) and an update performed, then the role names become available for use by the rest of Access Manager (although they will need to be manually typed as NAM will not know the names of the available roles - also refer to Idea Allow dynamic Roles in Appmarks).

The complete set of Roles can also be injected into a header for use by the end web service too:

InjectRoles.png

PHP Code to display this header would be:

< ?php print($_SERVER['HTTP_AG_ROLES']); ?>

And might display something like (depending on what is assigned to the user):

complianceAdmin,provAdmin,provManager,rbpmAdmin,reportAdmin,resourceAdmin,resourceManager,roleAdmin,roleManager,secAdmin

Labels (2)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
5 of 5
Last update:
‎2020-01-31 11:43
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.