Hi,
I have created following auth rule so that all users other than members of group Testa should be evaluated to TRUE,
===================
<xsl:choose>
<xsl:when test="not (azn_cred_groups = 'Testa')"> !TRUE! </xsl:when>
<xsl:when test="azn_cred_groups = ''"> !TRUE! </xsl:when>
</xsl:choose>
===================
The test of ="not (azn_cred_groups = 'Testa')" succeed when user is member of any group other than Testa.
However, the test of "azn_cred_groups = ''" does not succeed when the user is not a member of any group. And following error is logged by WebSEAL:
"HPDAC0955E Rule object "test" was not evaluated because there was insufficient access decision information provided to the access decision call. Missing ADI items include:
01 azn_cred_groups"
What I understood from this error is, when a user is not a member of any group then WebSEAL will not find "azn_cred_groups" attribute in this user's credentials at run time. So this rule is not evaluated and this user request is forbidden.
So when we write any authz rule like above one, how do we ensure that the attributes we use in authz rule is always available with WebSEAL at run time.
Please suggest how to modify above autzh rule when user is not member of any group.
Thanks in advance!
