UserSecurityClaims
Use the UserSecurityClaims policy to set user claims in the header before the request is sent to the target.
Scopes
This policy can be attached to these Request Flow scopes:
- Proxy end point
- Proxy end point resource
- Target end point
- Target end point resource
Examples
In the following example, two headers are set with claim values:
- The roles header contains the security role values.
- The accounting-entity header contains the AccountingEntity claim value.
<user-security-claims continueOnError="false" displayName="Claim-type example Policy"
enabled="true" name="Claim-type example policy" version="1"
xmlns="http://www.infor.com/ion/api"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<claimTypes>
<claimType name="http://schemas.infor.com/claims/SecurityRole" headerName="roles"/>
<claimType name="http://schemas.infor.com/claims/AccountingEntity" headerName="accounting-entity"/>
</claimTypes>
</user-security-claims>In the following example:
- The security roles are filtered by criteria.
- The email-address is added to the claim.
Filter roles and email address claim
<user-security-claims continueOnError="false" displayName="Claim-type example Policy" enabled="true" name="Claim-type example policy" version="1.0" xmlns="http://www.infor.com/ion/api" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.infor.com/ion/api userSecurityClaims.xsd">
<claimTypes>
<claimType name="http://schemas.infor.com/claims/SecurityRole" headerName="securityrole-claim">
<filter action="include">
<!-- action is one of include/exclude -->
<value>Infor-SuiteUser</value>
</filter>
<!-- match exact role -->
</claimType>
<claimType name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" headerName="x-infor-identity2"/>
</claimTypes>
</user-security-claims>Headers created
The value of the header is a comma-delimited string of values. For example, the roles header might contain a string with all the roles:user,administrator,superUser
Configuration
| Element name | Default | Presence | Type | Multiplicity |
|---|---|---|---|---|
| claimTypes | N/A | Required | N/A | 1 |
| claimTypes.claimType | N/A | Required | N/A | 1..* |
<user-security-claims> attributes
<header name="Claim-type example Policy" displayName="Claim-type example Policy" enabled="true" version="1.0">
| Field name | Description | Default | Presence |
|---|---|---|---|
| name | Name of this policy instance. | N/A | Required |
| displayName | Optional | ||
| enabled | Indicates if a policy is enforced or not. If set to false, a policy is turned off, and not enforced. | true | Optional |
| version | policy version | N/A | Required |
<claimTypes> element
This is a required element that indicates the list of claims that must be set to the target.
<claimTypes>
<claimType name="http://schemas.infor.com/claims/SecurityRole" headerName="roles"/>
<claimType name="http://schemas.infor.com/claims/AccountingEntity" headerName="accounting-entity"/>
</claimTypes><claimType> element
This is a required element for each requested claim.
Possible claim values:
- http://schemas.infor.com/claims/SecurityRole
- http://schemas.infor.com/claims/AccountingEntity
- http://schemas.infor.com/claims/ErpPersonId
- http://schemas.infor.com/claims/Location
<claimType name="http://schemas.infor.com/claims/SecurityRole" headerName="roles"/>