Mapping ACL and POP objects to dynamic URLs

Edit online

About this task

To specify access control of dynamic URLs, create the dynurl.conf configuration file and edit the file to map resource objects to patterns. Entries in the file are of the format: 
object template

Verify Identity Access uses a subset of UNIX™ shell pattern matching (including wildcards) to define the set of parameters that constitute one object in the object space. Any dynamic URL that matches those parameters is mapped to that object. For a list of supported wildcard pattern matching characters, see Supported wildcard pattern matching characters.

The following example illustrates the form of a dynamic URL (from a GET request) that performs credit balance lookup: 
http://server-name/home-bank/owa/acct.bal?acc=account-number
The object that represents this dynamic URL would appear as follows: 
http://server-name/home-bank/owa/acct.bal?acc=*

Careful examination of the dynamic URL in this example shows that it describes a specific account number. The object for account balances at home-bank shows that the ACL and POP permissions apply to any account, because the last portion of the entry (acc=*) uses the asterisk wildcard which matches all characters.

The following figure illustrates a complete scenario of a specific dynamic URL mapped to a specific protected object:

Figure 1. Authorization on a dynamic URL

Authorization on a dynamic URL