4.4 Installing and Configuring an Extension

After you have created your extension, you need to install it, configure it, and distribute it.

4.4.1 Installing the Extension on the Administration Console

To install an extension, you need to have access to the JAR file and know the following information about the extension or extensions contained within the file.

What you need to create

A display name for the extension.

 

A description for the extension.

What you need to know

The policy type of the extension, which defines the policy type it can be used with. You should know whether it is an extension for an Access Gateway Authorization policy, an Access Gateway Identity Injection policy, or an Identity Server Role policy.

 

The name of the Java class that is used by the extension. Each data type usually uses a different Java factory class.

 

The filename of the extension.

 

The type of data the extension manipulates.

Authorization Policy: Can be used to return:

  • An action of deny, permit, or obligation.

  • A condition that the extension evaluates and returns either true or false.

  • A data element that the extension retrieves and the policy can use for evaluating a condition.

Identity Injection Policy: A data extension that retrieves data for injecting into a header.

Identity Role Policy: Can be used to return:

  • A condition that the extension evaluates and returns either true or false

  • A data element that the extension retrieves, which can be used in evaluating a condition or used to assign roles

External Attribute Source Policy: You can use it to:

  • Get attributes from the external sources.

  • Create shared secrets. This shared secret then can be used in configuring other policies or can be used by the Identity Servers in their attribute sets.

 

The names, IDs, and mapping type of any configuration parameters. Configuration parameters allow the policy engine to pass data to the extension, which the extension can then use to retrieve data or as part of its evaluation.

If the file contains more than one extension, you need to create a configuration for each extension in the file.

  1. Copy the JAR file to a location that you can browse to from the Administration Console.

  2. In the Administration Console, click Policies > Extensions.

  3. To upload the file, click Upload > Browse, select the file, then click Open.

  4. (Conditional) If you want this JAR file to overwrite an existing version of the file, select Overwrite existing *.jar file.

  5. Click OK.

    The file is uploaded to the Administration Console, but nothing is visible on the Extensions page until you create a configuration.

  6. To create an extension configuration, click New, then fill in the following fields:

    Name: Specify a display name for the extension.

    Description: (Optional) Specify the purpose of the extension and how it should be used.

    Policy Type: From the drop-down list, select the type of extension you have uploaded.

    Type: From the drop-down list, select the data type of the extension.

    Class Name: Specify the name of the class that creates the extension, for example com.acme.policy.action.successActionFactory.

    File Name: From the drop-down list, select the JAR file that contains the Java class that implements the extension and its corresponding factory. This should be the file you uploaded in Step 3.

  7. Click OK.

  8. (Conditional) If the extension requires data from Access Manager, click the name of the extension.

  9. In the Configuration Parameters section, click New, specify a name and ID, then click OK.

    The developer of the extension must supply the name and ID that the extension requires.

  10. In the Mapping column, click the down-arrow, then select the required data type.

    The developer of the extension must supply the data type that is required. If the data type is a data string, then the developer needs to explain the type of information you need to supply in the text field.

  11. (Conditional) If the extension requires more than one data item, repeat Step 9 and Step 10.

  12. Click OK.

    The extension is now available for the policy type it was created for.

  13. (Conditional) If the class can be used for multiple policy types, you need to create an extension configuration for each policy type.

    For example, if an extension can be used for both an Identity Injection policy and a Role policy, you need to create an entry for both. The File Name option should contain the same value, but the other options should contain unique values.

  14. Continue with Section 4.4.2, Distributing a Policy Extension to Access Manager Devices.

4.4.2 Distributing a Policy Extension to Access Manager Devices

To distribute the policy extension to the devices that need it:

  1. Create a Role, Identity Injection, or Authorization policy that uses the extension.

  2. Assign the policy to a device:

    • For a Role policy, enable it for an Identity Server.

    • For an Authorization policy, assign it to a protected resource.

    • For an Identity Injection policy, assign it to a protected resource.

    IMPORTANT:Do not update the device at this time. The JAR files must be distributed before you update the device.

  3. Distribute the JAR files:

    1. Click Policies > Extensions.

    2. Select the extension, then click Distribute JARs.

    3. Restart services on the devices listed for reboot.

      • Linux: Enter the following command:

        Identity Server: /etc/init.d/novell-idp restart

        Access Gateway: /etc/init.d/novell-mag restart

      • Windows: Enter the following commands:

        net stop Tomcat7 net start Tomcat7

  4. (Conditional) If the extension is for an Authorization policy or an Identity Injection policy, update the Access Gateway.

  5. (Conditional) If the extension is for a Role policy, update the Identity Server.

4.4.3 Distributing the Extension to Customers

You can distribute the extension as either a JAR file or as a ZIP file. If the extension contains multiple types of extensions or contains multiple configuration parameters, you might want to consider distributing the extension as a ZIP file.

You need to import your JAR file and configure it as described in Section 4.4.1, Installing the Extension on the Administration Console. After it has been configured, you can select to export it as a ZIP file. Your users can then import the ZIP file, and each extension type you have created is imported with its configuration parameters. In the documentation you create for the extension, you need to document any parameter the user needs to modify after the import.

To export an extension:

  1. In the Administration Console, click Policies > Extensions.

  2. Select all the extensions that are part of your JAR file.

    If you have more than one JAR file, you can select the extensions that belong to it and include them in the same export.

  3. Click Export, specify a name for the file, then click OK.

  4. Follow your browser prompts to save the file to disk.