Symantec Access Management

  • 1.  Policy Expression is not picking the variable value from user directory.

    Posted Sep 09, 2014 06:10 AM
    I have created a Policy expression with the use of user context variable and static variable.

     

    while executing the policy policy server is not picking the user context value.
    log Snippet:
    [09/09/2014][15:24:22.743][15:24:22][2084][2688][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][s861/r692][agent2][][test][][test realm][test][][][][][][][][][][][][][<RVARS><Var name="EmployeeType" rtype="3" isnull="1"><![CDATA[]]></Var><Var name="staticvalue" rtype="3"><![CDATA[employee]]></Var></RVARS>][Send response attribute 147, data size is 139]
    [09/09/2014][15:24:22.743][15:24:22][2084][2688][Sm_Az_Message.cpp:595][CSm_Az_Message::ProcessMessage][s861/r692][agent2][][test][][test realm][test][][][][][][][][][][][][][][** Status: Not Authorized. ]

     

    Can anyone help me to understand why this is not working? I see isnull is set to 1 but haven't set non of the variable.



  • 2.  Re: Policy Expression is not picking the variable value from user directory.

    Posted Sep 10, 2014 09:15 AM

    Anybody has worked on this. It would be helpful If anybody could show some light on this.

     

    Thanks for advance.



  • 3.  Re: Policy Expression is not picking the variable value from user directory.

    Posted Sep 10, 2014 01:11 PM

    attach a screen shot of the policy



  • 4.  Re: Policy Expression is not picking the variable value from user directory.

    Posted Sep 11, 2014 04:23 AM

     

     

     

     



  • 5.  Re: Policy Expression is not picking the variable value from user directory.

    Posted Sep 11, 2014 08:56 AM

    Use "User Property" instead of "Directory Entry Property" in your Variable "EmployeeType". It works fine. Checks for an attribute in the User Directory and returns the value corresponding to the attribute.

     

     

    Capture.JPG



  • 6.  Re: Policy Expression is not picking the variable value from user directory.

    Posted Sep 11, 2014 08:58 AM

    use "User Property" instead of "Directory Entry Property". This works for me. Checks for an attribute in the User Directory and returns the value corresponding to the attribute.

     

    Capture.JPG



  • 7.  Re: Policy Expression is not picking the variable value from user directory.

    Posted Sep 12, 2014 01:14 AM

    Hi HubertDennis,

     

    Thanks for your inputs

     

    this works fine in my setup also, but I want to understand why this is not working while selecting "Directory Entry Property".

     

    Could you please help me here?



  • 8.  Re: Policy Expression is not picking the variable value from user directory.

    Posted Sep 12, 2014 11:59 AM

    I'll check and let you know. Am unsure why "Directory Entry Property" would be used. I am going to check that.

     

    However is there any specific reason why you'd like to adopt "Directory Entry Property" when the same purpose is being served by "User Property".

     

     

    Regards

     

    Hubert



  • 9.  Re: Policy Expression is not picking the variable value from user directory.
    Best Answer

    Posted Sep 12, 2014 05:00 PM

    It worked with "Directory Entry Property". You need to enter the absolute DN in the DN property field. It makes me think that it would be tied to one particular UserDN hence is very restrictive. I would still personally prefer to use "User Property" instead of "Directory Entry Property"; unless there is a valid use case you are looking into.

     

    Please see the screenshots and trace logs from Policy Server for the IsAuthorized call.

     

    If you are happy with the resolution, please mark the case closed. Thank You.

     

     

    cq_1.JPG

     

    cq_2.JPG

     

     

    [16:50:52.163][CServer.cpp:5687][CServer::ProcessRequest][][Enter function CServer::ProcessRequest][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][SmAuthUser.cpp:1372][CSmAuthUser::CSmAuthUser][][Enter function CSmAuthUser::CSmAuthUser][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][SmAuthUser.cpp:1417][CSmAuthUser::CSmAuthUser][][Leave function CSmAuthUser::CSmAuthUser][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][Sm_Az_Message.cpp:154][CSm_Az_Message::ProcessMessage][][Enter function CSm_Az_Message::ProcessMessage][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][SmMessage.cpp:513][CSmMessage::ParseAgentMessage][][Receive request attribute 208, data size is 28][fe80::68cc:739f:4cfc:9695%11][wa_smtest][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][SmMessage.cpp:513][CSmMessage::ParseAgentMessage][][Receive request attribute 200, data size is 0][wa_smtest][wa_smtest][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][SmMessage.cpp:513][CSmMessage::ParseAgentMessage][][Receive request attribute 217, data size is 9][localhost][wa_smtest][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][SmMessage.cpp:513][CSmMessage::ParseAgentMessage][][Receive request attribute 201, data size is 20][/BasicAuth/test.html][wa_smtest][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][SmMessage.cpp:513][CSmMessage::ParseAgentMessage][][Receive request attribute 202, data size is 3][GET][wa_smtest][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][SmMessage.cpp:513][CSmMessage::ParseAgentMessage][][Receive request attribute 204, data size is 39][06-00093432-e1a7-12e9-b372-00017f00d086][wa_smtest][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][SmMessage.cpp:513][CSmMessage::ParseAgentMessage][][Receive request attribute 205, data size is 28][HTlZx4bGik4uA21ayXX9FsZ1koo=][wa_smtest][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][SmMessage.cpp:513][CSmMessage::ParseAgentMessage][][Receive request attribute 209, data size is 416][ryNsSo4FswL2xqUaYtQpDgLnOoyuC48xPpibTVgoZD1kp6w1dxQfhDzdHDZPh5GhLrRPQegg2tILKGkPL5fvRwfInqzrDp3ACGHGG0vzoNT33QDNyjpq8cW+iFvFhEQWXVy/m+pdIKZZ9V+GEcFV1/VqpazPihwlLeGbRs7fhgfh+m5H+ya/1v6HZd3xDiusDDjmQu94K5GrEevXzsGITy/k6B6t1uA3kA71QK5qqFXWJWewu5ABxTaObEEkbCIeAKhHnksLQ7AHb0yhfurlla4WoFQYNeNRqZNfNeHT5WcaSlHloGdv7CYUJ1SzrO2oRoSmFbl95Ln89QSE9JRSk/TUehclWqfdP2dz1ig7RMJK/tFBPXIl0VDdDPMGn1STrU+Ct3nHxY3PKplOTtBWtBd6FZ9o43c6][wa_smtest][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][SmMessage.cpp:513][CSmMessage::ParseAgentMessage][][Receive request attribute 134, data size is 5][FALSE][wa_smtest][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][Sm_Az_Message.cpp:205][CSm_Az_Message::ProcessMessage][AuthorizeEx][** Received agent request.][wa_smtest][wa_smtest][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][Sm_Az_Message.cpp:387][CSm_Az_Message::AnalyzeAzMessage][][Enter function CSm_Az_Message::AnalyzeAzMessage][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.163][Sm_Az_Message.cpp:395][CSm_Az_Message::AnalyzeAzMessage][][Leave function CSm_Az_Message::AnalyzeAzMessage][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.163][IsAuthorized.cpp:78][CSm_Az_Message::IsAuthorized][][Enter function CSm_Az_Message::IsAuthorized][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.164][IsAuthorized.cpp:172][CSm_Az_Message::IsAuthorized][][Validate session and session type for the user.][2][][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][][][ud_sjds7][][][][][][][][][][][][]

    [16:50:52.164][SmAuthDir.cpp:22][SmAuthQuery][][Enter function SmAuthQuery][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.164][SmAuthDir.cpp:41][SmAuthQuery][][Leave function SmAuthQuery][][][][][][][][][][][][][][Sm_AuthApi_Success][][][][][][][]

    [16:50:52.164][SmAuthorization.cpp:2256][CSmAz::GetRealmList][][Enter function CSmAz::GetRealmList][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.164][SmAuthorization.cpp:2274][CSmAz::GetRealmList][][Leave function CSmAz::GetRealmList][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.164][IsAuthorized.cpp:1045][CSm_Az_Message::InitAuthUser][][Enter function CSm_Az_Message::InitAuthUser][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.164][SmAzMapping.cpp:270][CSmAzMapping::GetAzUser][][Enter function CSmAzMapping::GetAzUser][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.164][SmAzMapping.cpp:747][CSmAzMapping::ProcessRealm][][Enter function CSmAzMapping::ProcessRealm][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.164][SmAzMapping.cpp:756][CSmAzMapping::ProcessRealm][][Realm Authorization Mapping optimized][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.164][SmAzMapping.cpp:758][CSmAzMapping::ProcessRealm][][Leave function CSmAzMapping::ProcessRealm][][][][][][][][][][][][][][NULL][][][][][][][]

    [16:50:52.164][SmAzMapping.cpp:331][CSmAzMapping::GetAzUser][][Failed to find any valid user using Identity Mapping][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.164][SmDsObj.cpp:75][CSmDsObj::CSmDsObj][][Start of call LookupProvider.][][][][][][][][][][][][][][][][][][LDAP:][][][]

    [16:50:52.164][SmDsProviderMap.cpp:109][CSmDsProviderMap::LookupProvider][][Enter function CSmDsProviderMap::LookupProvider][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.164][SmDsProviderMap.cpp:204][CSmDsProviderMap::LookupProvider][][Leave function CSmDsProviderMap::LookupProvider][][][][][][][][][][][][][][Ok][][][][][][][]

    [16:50:52.165][SmDsObj.cpp:77][CSmDsObj::CSmDsObj][][Return from call LookupProvider.][][][][][][][][][][][][][][Ok][][][][][][][]

    [16:50:52.165][SmDsDir.cpp:66][CSmDsDir::CSmDsDir][][Start of call InitDir.][][][][][][][][][][][][][][][][][][About to initialize directory, Oid='0e-00048613-feb8-12e8-b372-00017f00d086', Name='ud_sjds7'][][][]

    [16:50:52.165][SmDsDir.cpp:81][CSmDsDir::CSmDsDir][][Return from call InitDir.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.165][SmDsObj.cpp:94][CSmDsObj::IsValid][][Start of call IsValid.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.165][SmDsObj.cpp:96][CSmDsObj::IsValid][][Return from call IsValid.][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.165][SmDsObj.cpp:75][CSmDsObj::CSmDsObj][][Start of call LookupProvider.][][][][][][][][][][][][][][][][][][LDAP:][][][]

    [16:50:52.165][SmDsProviderMap.cpp:109][CSmDsProviderMap::LookupProvider][][Enter function CSmDsProviderMap::LookupProvider][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.165][SmDsProviderMap.cpp:204][CSmDsProviderMap::LookupProvider][][Leave function CSmDsProviderMap::LookupProvider][][][][][][][][][][][][][][Ok][][][][][][][]

    [16:50:52.165][SmDsObj.cpp:77][CSmDsObj::CSmDsObj][][Return from call LookupProvider.][][][][][][][][][][][][][][Ok][][][][][][][]

    [16:50:52.165][SmDsUser.cpp:95][CSmDsUser::CSmDsUser][][Start of call InitUser.][][][][][][][][][][][][][][][][][][About to initialize User 'cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com' in dir 'ud_sjds7'][][][]

    [16:50:52.165][SmDsUser.cpp:106][CSmDsUser::CSmDsUser][][Return from call InitUser.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.165][SmDsObj.cpp:94][CSmDsObj::IsValid][][Start of call IsValid.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.165][SmDsObj.cpp:96][CSmDsObj::IsValid][][Return from call IsValid.][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.165][SmAzMapping.cpp:591][CSmAzMapping::GetAzUser][][Leave function CSmAzMapping::GetAzUser][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.165][SmDsObj.cpp:94][CSmDsObj::IsValid][][Start of call IsValid.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.165][SmDsObj.cpp:96][CSmDsObj::IsValid][][Return from call IsValid.][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.165][SmDsObj.cpp:94][CSmDsObj::IsValid][][Start of call IsValid.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.165][SmDsObj.cpp:96][CSmDsObj::IsValid][][Return from call IsValid.][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.165][IsAuthorized.cpp:1161][CSm_Az_Message::InitAuthUser][][Leave function CSm_Az_Message::InitAuthUser][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.165][IsAuthorized.cpp:685][CSm_Az_Message::IsAuthorized][][Authorizing user...][][wa_smtest][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

    [16:50:52.165][SmAuthorization.cpp:1405][CSmAz::IsOk][][Enter function CSmAz::IsOk][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.165][SmAuthorization.cpp:1443][CSmAz::IsOk][][Start of user policy analysis for realm.][][][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

    [16:50:52.165][SmAuthorization.cpp:1535][CSmAz::IsOk][][Check the Policy.][][][][][][][][cq][][cq_test][][][][][][][][][][][]

    [16:50:52.166][SmAuthorization.cpp:1578][CSmAz::IsOk][][Check the Rule][][][][][][cq_rule_prot_BasicAuth][][cq][][][][][][][][][][][][][]

    [16:50:52.166][SmAuthorization.cpp:663][CSmAz::TestRule][][Enter function CSmAz::TestRule][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.166][SmAuthorization.cpp:768][CSmAz::TestRule][][Leave function CSmAz::TestRule][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.166][SmAuthorization.cpp:775][CSmAz::TestPolicy][][Enter function CSmAz::TestPolicy][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.166][SmAuthorization.cpp:794][CSmAz::TestPolicy][][Evaluating policy...][][][][][][][][cq][][cq_test][][][][][][][][][][][]

    [16:50:52.166][SmAuthorization.cpp:2180][CSmAz::ProcessActiveExpression][][Enter function CSmAz::ProcessActiveExpression][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.166][SmAuthorization.cpp:146][ResolveNestedVariables][][Enter function ResolveNestedVariables][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.166][SmAuthorization.cpp:272][ResolveNestedVariables][][Leave function ResolveNestedVariables][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.167][SmActiveExpr.cpp:501][CSmActiveExpr::GetActiveValue][][Enter function CSmActiveExpr::GetActiveValue][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.167][SmActiveExpr.cpp:382][CSmActiveExprLibrary::Lookup][][Enter function CSmActiveExprLibrary::Lookup][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.167][SmActiveExpr.cpp:416][CSmActiveExprLibrary::Lookup][][Leave function CSmActiveExprLibrary::Lookup][][][][][][][][][][][][][][ok][][][][][][][]

    [16:50:52.167][SmActiveExpr.cpp:358][CSmActiveExprLibrary::GetActiveFunction][][Enter function CSmActiveExprLibrary::GetActiveFunction][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.167][SmActiveExpr.cpp:376][CSmActiveExprLibrary::GetActiveFunction][][Leave function CSmActiveExprLibrary::GetActiveFunction][][][][][][][][][][][][][][ok][][][][][][][]

    [16:50:52.167][SmDsDir.cpp:182][CSmDsDir::GetConnectionObject][][Start of call GetDirConnectionObject.][][][][][][][][][][][][][][][][][][Get dir connection object.][][][]

    [16:50:52.167][SmDsDir.cpp:184][CSmDsDir::GetConnectionObject][][Return from call GetDirConnectionObject.][][][][][][][][][][][][][][Ok][][][][][][][]

    [16:50:52.167][SmDsDir.cpp:190][CSmDsDir::GetRawHandle][][Start of call GetDirRawHandle.][][][][][][][][][][][][][][][][][][Get dir raw handle][][][]

    [16:50:52.167][SmDsDir.cpp:192][CSmDsDir::GetRawHandle][][Return from call GetDirRawHandle.][][][][][][][][][][][][][][Ok][][][][][][][]

    [16:50:52.168][SmJVMSupport.cpp:113][GetJVMEnv][][SmJVMSupport, Successfully attached JVM to thread][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.171][SmAuthUser.cpp:758][GetDsDnProp][][Enter function GetDsDnProp][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.171][SmAuthUser.cpp:3408][CSmAuthUser::GetDnProp][][Enter function CSmAuthUser::GetDnProp][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.171][SmDsObj.cpp:94][CSmDsObj::IsValid][][Start of call IsValid.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.171][SmDsObj.cpp:96][CSmDsObj::IsValid][][Return from call IsValid.][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.171][SmDsObj.cpp:94][CSmDsObj::IsValid][][Start of call IsValid.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.171][SmDsObj.cpp:96][CSmDsObj::IsValid][][Return from call IsValid.][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.171][SmDsDir.cpp:631][CSmDsDir::GetDirObjInfo][][Start of call GetDirObjInfo.][][][][][][][][][][][][][][][][][][Parameters: 'cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com', '', '', 0][][][]

    [16:50:52.173][SmDsDir.cpp:633][CSmDsDir::GetDirObjInfo][][Return from call GetDirObjInfo.][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.173][SmDsUser.cpp:834][CSmDsUser::ResolvePolicyObject][][Enter function CSmDsUser::ResolvePolicyObject][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.173][SmDsObj.cpp:94][CSmDsObj::IsValid][][Start of call IsValid.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.173][SmDsObj.cpp:96][CSmDsObj::IsValid][][Return from call IsValid.][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.173][SmDsUser.cpp:842][CSmDsUser::ResolvePolicyObject][][Start of call HasRelationship.][][][][][][][][][][][][][][][][][][Policy resolution for user: 'cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com', filter: 'cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com', type: 1, recursive: No][][][]

    [16:50:52.173][SmDsUser.cpp:849][CSmDsUser::ResolvePolicyObject][][Return from call HasRelationship.][][][][][][][][][][][][][][1][][][][][][][]

    [16:50:52.173][SmDsUser.cpp:858][CSmDsUser::ResolvePolicyObject][][Leave function CSmDsUser::ResolvePolicyObject][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.173][SmDsObj.cpp:75][CSmDsObj::CSmDsObj][][Start of call LookupProvider.][][][][][][][][][][][][][][][][][][LDAP:][][][]

    [16:50:52.173][SmDsProviderMap.cpp:109][CSmDsProviderMap::LookupProvider][][Enter function CSmDsProviderMap::LookupProvider][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.173][SmDsProviderMap.cpp:204][CSmDsProviderMap::LookupProvider][][Leave function CSmDsProviderMap::LookupProvider][][][][][][][][][][][][][][Ok][][][][][][][]

    [16:50:52.174][SmDsObj.cpp:77][CSmDsObj::CSmDsObj][][Return from call LookupProvider.][][][][][][][][][][][][][][Ok][][][][][][][]

    [16:50:52.174][SmDsUser.cpp:95][CSmDsUser::CSmDsUser][][Start of call InitUser.][][][][][][][][][][][][][][][][][][About to initialize User 'cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com' in dir 'ud_sjds7'][][][]

    [16:50:52.174][SmDsUser.cpp:106][CSmDsUser::CSmDsUser][][Return from call InitUser.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.174][SmDsObj.cpp:94][CSmDsObj::IsValid][][Start of call IsValid.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.174][SmDsObj.cpp:96][CSmDsObj::IsValid][][Return from call IsValid.][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.174][SmDsAliases.cpp:328][CSmDsAliases::GetSmDsAliases][][Enter function CSmDsAliases::GetSmDsAliases][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.174][SmDsAliases.cpp:377][CSmDsAliases::GetSmDsAliases][][Leave function CSmDsAliases::GetSmDsAliases][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.174][SmDsAliases.cpp:534][CSmDsAliases::GetAttributeNameFromAlias][][Enter function CSmDsAliases::GetAttributeNameFromAlias][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.174][SmDsAliases.cpp:423][CSmDsAliases::GetAttributeMapping][][Enter function CSmDsAliases::GetAttributeMapping][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.174][SmDsAliases.cpp:430][CSmDsAliases::GetAttributeMapping][][Leave function CSmDsAliases::GetAttributeMapping][][][][][][][][][][][][][][false][][][][][][][]

    [16:50:52.174][SmDsAliases.cpp:539][CSmDsAliases::GetAttributeNameFromAlias][][Leave function CSmDsAliases::GetAttributeNameFromAlias][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.174][SmDsUser.cpp:410][CSmDsUser::GetProp][][Start of call GetUserProp.][][][][][][][][][][][][][][][][][][PropName 'employeeType' for user 'cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com' in dir 'ud_sjds7'][][][]

    [16:50:52.175][SmDsUser.cpp:412][CSmDsUser::GetProp][][Return from call GetUserProp.][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.176][SmDsUser.cpp:166][CSmDsUser::~CSmDsUser][][Start of call Release.][][][][][][][][][][][][][][][][][][Release DS Provider handle.][][][]

    [16:50:52.176][SmDsUser.cpp:168][CSmDsUser::~CSmDsUser][][Return from call Release.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.176][SmAuthUser.cpp:3414][CSmAuthUser::GetDnProp][][Leave function CSmAuthUser::GetDnProp][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.176][SmAuthUser.cpp:784][GetDsDnProp][][Leave function GetDsDnProp][][][][][][][][][][][][][][8][][][][][][][]

    [16:50:52.177][SmJavaAPI.cpp:1182][JavaActiveExpression][][Active Expression evaluated for SmJavaAPI: JavaActiveExpression successfully invoked.  Parameter and result follow:][][][][][][][][][][][com.netegrity.scriptevaluation.scriptactiveexpression.ActiveScript (cq_1==cq_2)][][][true][][][][][][][]

    [16:50:52.177][SmAuthUser.cpp:1660][CSmAuthUser::SavePasswordState][][Enter function CSmAuthUser::SavePasswordState][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.177][SmAuthUser.cpp:1662][CSmAuthUser::SavePasswordState][][Leave function CSmAuthUser::SavePasswordState][][][][][][][][][][][][][][false][][][][][][][]

    [16:50:52.177][SmDsDir.cpp:198][CSmDsDir::FreeConnectionObject][][Start of call FreeDirConnectionObject.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.177][SmDsDir.cpp:199][CSmDsDir::FreeConnectionObject][][Return from call FreeDirConnectionObject.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.178][SmActiveExpr.cpp:520][CSmActiveExprLibrary::GetActiveValue][][Leave function CSmActiveExprLibrary::GetActiveValue][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.178][SmAuthorization.cpp:2230][CSmAz::ProcessActiveExpression][][Leave function CSmAz::ProcessActiveExpression][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.178][SmAuthorization.cpp:1211][CSmAz::TestPolicy][][Leave function CSmAz::TestPolicy][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.178][SmAuthorization.cpp:1729][CSmAz::IsOk][][Policy is applicable. Rule is applicable. Get Responses.][][][][][][cq_rule_prot_BasicAuth][][cq][][cq_test][][][][][][][][][][][]

    [16:50:52.178][SmAuthorization.cpp:1894][CSmAz::IsOk][][IsOk? Yes, Return 0 responses with 0 attributes added.][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.178][SmAuthorization.cpp:1896][CSmAz::IsOk][][Leave function CSmAz::IsOk][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.179][IsAuthorized.cpp:1045][CSm_Az_Message::InitAuthUser][][Enter function CSm_Az_Message::InitAuthUser][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.179][IsAuthorized.cpp:1066][CSm_Az_Message::InitAuthUser][][Leave function CSm_Az_Message::InitAuthUser][][][][][][][][][][][][][][true][][][][][][][]

    [16:50:52.179][IsAuthorized.cpp:814][CSm_Az_Message::IsAuthorized][OnAccessAccept][Evaluating OnAccessAccept policy in the realm ][][wa_smtest][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

    [16:50:52.179][SmAuthorization.cpp:1405][CSmAz::IsOk][][Enter function CSmAz::IsOk][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.179][SmAuthorization.cpp:1443][CSmAz::IsOk][][Start of user policy analysis for realm.][][][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

    [16:50:52.179][SmAuthorization.cpp:1836][CSmAz::IsOk][][IsOk? No.][][][][][][][][][][][][][][][No applicable Policy found. ][][][][][][]

    [16:50:52.179][SmAuthorization.cpp:1838][CSmAz::IsOk][][Leave function CSmAz::IsOk][][][][][][][][][][][][][][false][][][][][][][]

    [16:50:52.179][SmAuthorization.cpp:2285][CSmAz::IsOkGlobal][][Enter function CSmAz::IsOkGlobal][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.179][SmAuthorization.cpp:2319][CSmAz::IsOkGlobal][][Global policies are disabled for the domain.'][][][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

    [16:50:52.179][SmAuthorization.cpp:2321][CSmAz::IsOkGlobal][][Leave function CSmAz::IsOkGlobal][][][][][][][][][][][][][][false][][][][][][][]

    [16:50:52.180][Sm_Az_Message.cpp:406][CSm_Az_Message::SendReply][][Enter function CSm_Az_Message::SendReply][][][][][][][][][][][][][][][][][][][][][]

    [16:50:52.180][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][AuthorizeEx][Send response attribute 153, data size is 4][T.\.][wa_smtest][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

    [16:50:52.180][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][AuthorizeEx][Send response attribute 154, data size is 4][T.\.][wa_smtest][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

    [16:50:52.180][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][AuthorizeEx][Send response attribute 155, data size is 4][T.\.][wa_smtest][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

    [16:50:52.180][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][AuthorizeEx][Send response attribute 225, data size is 4][....][wa_smtest][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

    [16:50:52.180][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][AuthorizeEx][Send response attribute 226, data size is 4][... ][wa_smtest][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

    [16:50:52.180][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][AuthorizeEx][Send response attribute 205, data size is 28][HTlZx4bGik4uA21ayXX9FsZ1koo=][wa_smtest][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

    [16:50:52.180][Sm_Az_Message.cpp:825][CSm_Az_Message::FormatAttribute][AuthorizeEx][Send response attribute 132, data size is 4][....][wa_smtest][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

    [16:50:52.180][Sm_Az_Message.cpp:595][CSm_Az_Message::ProcessMessage][][** Status: Authorized. ][][wa_smtest][][AAAAAA][cn=AAAAAA,ou=OrgUnit0,dc=ca,dc=com][][cq_realm_prot_BasicAuth][cq][][][][][][][][][][][][][]

     

     

     

     

    Regards

     

    Hubert



  • 10.  Re: Policy Expression is not picking the variable value from user directory.

    Posted Sep 14, 2014 02:29 PM

    Hi HubertDennis,

     

    Thanks a lot for your help.       I have an use case which requires "Directory Entry Property", because I have to authorize other users against a particular user property value.