RequestInjection

Request injection allows to define which authenticated subjects' data will be passed to external consumers (like backend Web applications or audit sinks), and how the data will be formatted. Request injection templates and request injection value templates are broadly equivalent to SAML attribute templates and SAML attribute value templates; however, they apply to all formats, not just to SAML assertions, and are anchored in PEP configurations rather than in SAML attribute statement constructions.

  • If a PEP is to provide information about an authenticated subject in a request going to a downstream application, the following templates must be defined:

    • One or more request injection value templates, which specify the information that is to be used (for example, the value of the LDAP attribute 'carLicense')

    • One or more request injection templates, where each template refers to a specific request injection value template and specifies additional context, such as whether imprinting is optional or mandatory, where to imprint and which keywords to use (for example, a 'MyCarLicenseKeyword' keyword to supply a keyword/value pair such as MyCarLicenseKeyword/M-XY 1234 to the downstream application).

  • Request injection and request injection value templates can also be used in conjunction with audit sinks to extend the DirX Access audit service so that it can transfer custom information as part of 'AuditEvent' objects. To implement this functionality:

    • Create a request injection value template that provides the instructions on how to add custom contents to audit events.

    • Create a request injection template of type 'AuditEventProperty' that references the request injection value template.

    • Assign the 'AuditEventProperty' request injection template to the DirX Audit service (see Servers | Cluster | Audit service page for details).

    • Create audit sinks that implement a consumer that uses the 'AuditEvent' Java class getter Map<String, String[]> getCustomProperties() (see the DirX Access Integration Guide for details).