Identity injection allows you to add information to the URL, Custom Header, or to the HTML page before it is posted to a Web server. The Web server uses this information to determine whether the user can access the resource, so it is the Web server that determines the information that you need to inject to allow access to the resource.
If you would like to know more about NAM Identity Injection policy. Please use this link: https://www.netiq.com/documentation/access-manager-42/admin/data/b5547ku.html
NAM provides multiple options (LDAP attribute, Client IP, OAuth Claims, etc.) to inject into URL, custom header, Cookie header, etc.
NAM provides an extensive list of options for injection and most of the time your requirement will meet with these options. But if you need to execute a business logic to determine the value which needs to be injected, NAM provides an opportunity to use Data Extension and develop your business logic using Java code.
NAM Developer Guide: https://www.netiq.com/documentation/access-manager-42/nacm_enu/data/bookinfo.html
You should have the following items before starting development:
Please see the following NetIQ documentation to understand the process flow of data extension.
At this point you have created a Data Extension JAR file.
At this point you have uploaded the JAR file in Admin Console.
Description: This is my data extension policy
Policy Type: Access Gateway: Identity Injection
Class Name: com.plugin.MyDataFactory
File Name: MyDataExtension
The ID given in the program and configuration parameters should match. For example I am providing employee_type with ID = 100.
Select the extension policy you just created and click on the “Distribute JARs” button
Click ok on the confirmation window. You must restart Access Gateway service after JAR distribution.
Type: Access Gateway: Identity Injection
Assign the MyDataInjectionPolicy to any protected resources and check the injection data.
If any employee logs in, this policy will inject employeeType = Full Time Employee
If any Contractor or Vendor logs in, this policy will inject employeeType = Contractor
If any other use type logs in, this policy will inject empty value into employeeType parameter
Please check the /var/opt/novell/nam/logs/mag/tomcat/catalina.out log and you will find the log which you have printed from the java code.
Please contact me if you find any issues during development.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.