cred-attributes-entitlement-services
This stanza entry specifies the service that you can use to add external information to the user credential. The addition is in the form of credential attributes and allows applications to use that information in making access decisions.
Syntax
cred-attributes-entitlement-services =
{short_name_entitlement_service|path_to_dll}Description
Service that you can use to add external information to the user credential in the form of credential attributes. The addition allows applications to use that information in making access decisions. These extended attributes are stored in the user registry.
This service can also work
with attributes with an API call. A list of authorization API entitlement
service IDs are queried by the azn_id_get_creds() interface. The query compiles a list of attributes to be added to
the user credential while the credential is being built.
A
list of service identifiers, which can be found within the [aznapi-entitlement-services] stanza,
is queried to compile a list of attributes. The attributes are added
to the user credential while the credential is being built. Each service
ID is queried in the order it is declared in the list. The attribute
returned is inserted into the credential attribute list of each credential
that is built. The following example shows two entries from the credential
attribute list:
cred-attribute-entitlement-services = myEntSvcID
cred-attribute-entitlement-services = myOtherEntSvcID azn_cred_groups attribute.The Authorization C API Developer Reference lists the read-only
attributes and contains more information about this service. The document explains
why administrators who do not want this capability must ensure that the azn_mod_rad
service is not loaded by the application.
Usage
Optional
Default value
There is no default value.
Example
cred-attribute-entitlement-services = myEntSvcID