Monday, December 15, 2014

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) Steps to create an obligation

Oracle® Fusion Middleware OES-11g Release 2 (11.1.2.2.0) Steps to create an obligation


The Security Module PDP evaluates the request and returns a response (and applicable obligations) to the PEP in the form of an authorization decision to grant or deny access. 

The PEP fulfills any obligations, if applicable. An obligation is information returned with the decision upon which the PEP may or may not act. For example, an obligation may contain additional information concerning a decision to deny. The PEP entity is responsible for obligation fulfillment based on its settings. Oracle Entitlements Server is only responsible for forwarding the obligation based on policy configuration.

This thread discusses steps to create an Obligation for a policy.


  • Create an attribute as shown in the examples getChildPersons. The attribute should of Category: Dynamic; Input Values:  Multiple; Type: String

  • Navigate to the authorization policy and create a new obligation by choosing the getChildPersons from the List of Attributes from the window.

  •        In the PIP AttributeRetriever code populate the attribute to return the obligation "getChildPersons" 
            } else if ("getChildPersons".equals(string)) {            return ( ............);
            }













No comments:

Post a Comment

ForgeRock IAM : OpenDS (Open Directory Server). Importing LDIF files

The most efficient method of importing LDIF data is to take the OpenDJ server offline. Alternatively, you can schedule a task to import the ...