1. OTIS Documentation
    1. Overview
    2. Deploying an OTIS Server
    3. Developer Documentation
      1. OTIS Functionality
      2. Samples
      3. OTIS RESTful Protocol Details
      4. Audit Logging
    4. Configuration Documentation
  2. Configuration Settings for Roles
    1. Authentication
    2. Assumable Roles
    3. Activate Role
    4. Release Role
    5. Provision/Deprovision Role
    6. Samples
  3. Configuration Settings for Activate Role
    1. Configuration
      1. Rule Format
      2. JavaScript
      3. Sample
  4. Configuration Settings for Activate Role at Authentication
    1. Invocation
    2. Configuration
      1. Rule Format
      2. JavaScript
      3. Sample
  5. Configuration Settings for Get Assumable Roles
    1. Invocation
    2. Configuration
      1. Rule Format
          1. TokenRule
          2. EntityAttrs
          3. JavaScript RoleInstantiation
          4. ContextFilter
          5. NativeContextFilter
      2. Rule Returns
        1. JavaScript EntityToRole
        2. JavaScript StringToRole
    3. Sample
  6. Configuration Settings for Provision/Deprovision Entity in Role
    1. Overview
    2. Configuration
      1. Rule Format
      2. JavaScript - Applies
      3. JavaScript - Evaluate
      4. Sample
  7. Configuration Settings for Release Role
    1. Configuration
      1. Rule Format
      2. JavaScript
      3. Sample

Configuration Settings for Release Role

The following section provides administrators with information on how to configure the policy that determines what happens when activated roles are released. Documentation on how to configure the policy using XML and JavaScript constructs is provided below. General information on configuring roles may be found at Settings for Roles.

Configuration

For an example of where this configuration should be placed in the Configuration file, as well as syntax and type element see XML File Configuration Format.

Rule Format

Each rule under the Release Role element must meet the following requirements:

  • The actual name as specified by the Name attribute must be unique among its siblings. This is because duplicate names might result in one of the rules overriding the other. This name is displayed in error and debug messages.
  • The rule's Type attribute must be an htf:map.
  • There must be a child element named Evaluate of type htf:jscriptexec.
  • The child element named Enabled is optional. When present it must be of type xsd:boolean. If it is set to "false" then the rule is ignored.
  • The release is allowed unless an exception is thrown.

JavaScript

When the Evaluate element is of type htf:jscriptexec, the resulting JavaScript can interact with roles with any mechanism known to it. The following variables are Java objects and are always present in the JavaScript. You can access them via their Java interfaces.

  • role - An IRole representing the role being activated on the session.
  • authSession - The local authenticated sessionservice, it is a java object class IAuthSession.

Sample

This sample configuration fragment is one small part of the ../../../Sample/ExternalRole. 

<Setting Name="Release Role" Type="htf:map">
        <Setting Name="Role Rule 1" Type="htf:map">
                <Setting Name="Enabled" Type="xsd:boolean">true</Setting>
                <Setting Name="JSSharedScope" Type="htf:ref">/Roles/JSSharedScope</Setting>
                <Setting Name="Evaluate" Type="htf:jscriptexec">
                                externalRoleManager.ReleaseActivation(authSession, role);
                </Setting>
        </Setting>
</Setting> <!-- End Release Role -->
...........