How To
Archived

How do I add additional HTTP actions to make them available to policies in OpenAM 12.x?

Last updated Jan 5, 2021

The purpose of this article is to provide information on adding non-standard HTTP actions to make them available to policies so they can return an Allow/Deny. For example, this may be useful if you want to enable support for WebDAV HTTP methods.


1 reader recommends this article

Archived

This article has been archived and is no longer maintained by ForgeRock.

Adding additional HTTP actions

As of OpenAM 13.0, you can add an action directly via the console as described in Administration Guide › Configuring Policies Using the OpenAM Console. For OpenAM 12.x, you must add the actions as detailed below. You can also use a similar approach if you want to make these changes in later versions without using the console. The only difference is you would update the application type template in step 1 as detailed in Developer's Guide › Managing Application Types and then follow the remaining steps.

OpenAM 12.x

Note

If you want to update an application that already contains policies, you must remove those policies from the application first. You can preserve the policies by doing an export before updating your application and then reimporting the policies after as described in How do I export and import policies in AM (All versions)?

You can add additional HTTP actions as follows:

  1. Create a new application (or update an existing one if preferred) to add the required new actions as described in OpenAM Developer's Guide › Defining Applications. For example, for WebDAV, you would need to include the PROPFIND action, so your actions section would look similar to this: "actions": { "PROPFIND": true, "UPDATE": true, "PATCH": true, "QUERY": true, "CREATE": true, "DELETE": true, "READ": true, "ACTION": true }
  2. Back up the amWebAgent.xml file (located in the $HOME/[am_instance]/config/xml directory).
  3. Edit the amWebAgent.xml file and include the following Attribute schema details to add any new HTTP actions. For example, to add the PROPFIND action: <AttributeSchema name="PROPFIND" type="single" syntax="boolean" uitype="radio" i18nKey="PUT"> <IsResourceNameAllowed/> <BooleanValues> <BooleanTrueValue i18nKey="allow">allow</BooleanTrueValue> <BooleanFalseValue i18nKey="deny">deny</BooleanFalseValue> </BooleanValues> </AttributeSchema>
  4. Run the following ssoadm command to import the amended file: $ ./ssoadm update-svc -X amWebAgent.xml -u [adminID] -f [passwordfile] replacing [adminID] and [passwordfile] with appropriate values.
  5. Restart the web application container in which OpenAM runs to apply these configuration changes.

See Also

N/A

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.