ADC Advanced Policy Expressions

AAA_USER_T

Represents the AAA User Information.

This topic lists the expressions that are provided by this class.

ATTRIBUTE(uint index)

Returns USER's attribute stored at a given index.

For example:

HTTP.REQ.USER.ATTRIBUTE(1) gives the value of a previously

extracted attribute that is stored as 'attribute1'.

Index range is between 1 and 16, both included.

Parameters:

index -

                        offset

Returns: text_t

ATTRIBUTE(text_tname)

Returns USER's attribute stored with a given name.

For example:

HTTP.REQ.USER.ATTRIBUTE("name") gives the value of a previously

extracted attribute that is stored as 'attribute["name"]'.

Parameters:

name -

                        name used for extracting corresponding attribute value

Returns: text_t

AUTH_STRENGTH

Returns an integer that represents the strength of

authentication of the current user session.

Returns: num_at

DOMAIN

Returns the Domain of the user.

Returns: text_t

EXTERNAL_GROUPS

Operate as a List on the External Groups which is seperated by ','.

For example:

HTTP.REQ.USER.EXTERNAL_GROUPS gives list of all groups which are

',' seperated.

Returns: list_t

EXTERNAL_GROUPS(char sep)

Operate as a List on the Group which is seperated by given

delimiter.

For example:

HTTP.REQ.USER.EXTERNAL_GROUPS(':') gives list of all external

groups which are ':' seperated.

Parameters(expressions not allowed):

sep -

                        delimiter

Returns: list_t

GROUPS

Operate as a List on the Group which is seperated by ','.

For example:

HTTP.REQ.USER.GROUPS gives list of all groups which are

',' seperated. In this list first internal groups are listed

which are followed by external groups.

Returns: list_t

GROUPS_AS_XML(text_ttag)

Gives the list of groups in a SAML assertion multi-attribute format,

each enclosed by an element that has the specified tagname.

For example:

HTTP.REQ.USER.GROUPS_AS_XML("mytagname"): the expression will return

a list of groups in the following format -

financeenggIn this example, finance, engg are the group names.

Parameters:

tag -

                        tagname

Returns: text_t

GROUPS(char sep)

Operate as a List on the Group which is seperated by given

delimiter.

For example:

HTTP.REQ.USER.GROUPS(':') gives list of all groups which are

':' seperated. In this list first internal groups are listed

which are followed by external groups.

Parameters(expressions not allowed):

sep -

                        delimiter

Returns: list_t

INTERNAL_GROUPS

Operate as a List on the Group which is seperated by ','.

For example:

HTTP.REQ.USER.INTERNAL_GROUPS gives list of all groups which are

',' seperated.

Returns: list_t

INTERNAL_GROUPS(char sep)

Operate as a List on the Group which is seperated by given

delimiter.

For example:

HTTP.REQ.USER.INTERNAL_GROUPS(':') gives list of all internal groups

which are ':' seperated.

Parameters(expressions not allowed):

sep -

                        delimiter

Returns: list_t

IS_MEMBER_OF_ALL(text_tpatset_name)

Returns TRUE if all patterns(group string) of the patset

matches user's groups in session

Parameters(expressions not allowed):

patset_name -

                        patset Name

Returns: bool_at

IS_MEMBER_OF_ANY(text_tpatset_name)

Returns TRUE if there is at least one pattern(group string) of the patset

matches user's groups in session

Parameters(expressions not allowed):

patset_name -

                        patset Name

Returns: bool_at

IS_MEMBER_OF(text_tgroup_name)

Returns TRUE if the user is a member of the group group_name

Parameters(expressions not allowed):

group_name -

                        Group Name

Returns: bool_at

LOGIN_ATTEMPTS

Return the number of failed login attempts for the current user.

User name is extracted from current authentication process.

Returns: num_at

LOGIN_ATTEMPTS(text_tusername)

Return the number of failed login attempts for the given user.

Parameters(expressions not allowed):

username -

                        the name of the user to get the information for.

Returns: num_at

LOGIN_NAME

Returns the NAME that is provided by user at the time of login.

Returns: text_t

NAME

Returns the NAME of the user. This is the name used by user

for login unless it is overriden by name from external

authentication server.

Returns: text_t

PASSWD

Returns the PASSWORD of the user.

Returns: text_t

SESSIONID

Returns the Session ID of the user.

Returns: text_t

AAA_USER_T