*********************************************************START*******************************************************

You are here: 1: Getting Started > About This Help System

About This Help System

The online help system of the Policy Manager

provides comprehensive user information in an easy-to-navigate format.

You can read it like a book by browsing the Contents, or you can quickly

jump to a specific topic by using the Index or Search features.

Note: This online help system contains the same content as both the Policy Manager User Manual and the Policy Authoring User Manual.

Quick Links

Accessing the Help

Topic Coverage

Assumptions

Accessing the Help

The online help is available using any of the following methods:

The Policy Manager Help System is accessed by one of three methods:

Select [Help]

> Help Topics from the Main

Press the [F1]

keyboard key, or

Click the [Help]

button when available.

Additionally, if you have access to the directory where

the help files are stored, you can start the online help outside of the

Policy Manager by launching the file "_start.htm".

Top

Topic Coverage

This Help System describes the full capabilities of the Policy Manager,

available to users who have the "Administrator" role. Users

who have a more limited role will find some features unavailable. For

more information about roles, see Managing Roles.

Top

Assumptions

The Help System assumes a general knowledge of client operating systems,

Internet terminology, HTTP security technologies, XML, and web services.

It does not include installation instructions, custom assertion installation

instructions, product specifications, or external product information.

For Policy Manager installation instructions, see the Layer 7 Installation and Maintenance Manual. For custom

assertion

installation instructions, see the Layer 7 Custom Assertion Installation Manual.

Top

*********************************************************END*******************************************************

*********************************************************START*******************************************************

You are here: Appendixes > Appx H: Actional Integration

Actional Integration

The Gateway can be configured to be managed as a node by an ActionalÂ® Looking Glassâ?¢ server. When this configuration is in effect, the Gateway will capture message information at the following points during message processing:

message receipt (after service resolution, but prior to policy enforcement)

pre-HTTP routing (immediately before routing to the downstream/protected service)

post-HTTP routing (immediately after receiving the associated response from the downstream/protected service)

message processing complete (after any post-routing policy has been executed, but prior to forwarding the response back to the client)

The captured information is sent to the Actional Agent (configured externally), which then relays it to the Looking Glass server. For instructions on configuring the Agent, refer to the document Installing the Actional Agent. Please contact CA Technical Support to obtain this document.

Note: If the Actional Agent is not running, the Actional Integration will buffer messages until the buffer is filled. At this point, the oldest data will be discarded and a warning message will be logged.

The Actional Integration feature is licensed separately and requires that the ProgressÂ® ActionalÂ® for SOA Operations is correctly installed and configured.

Configuring the Actional Integration

To enable the Actional Integration, set the cluster property interceptor.enable to "true" (see Table 439 below). Note that it may take up to two minutes for the integration to be fully enabled after changing the cluster property.

Once the integration is enabled, you can configure it using the following cluster properties:

Table 439: Actional Integration cluster properties

Property

interceptor.enable

Enables/disables the Actional Integration. This value is checked every 2 minutes. Value is a Boolean.

Default: false

interceptor.configDir

The configuration directory that is common to both the Actional Integration and the Actional Agent. This setting must be configured to the same location as the Agent. Value is a String.

Default: /opt/SecureSpan/Actional/LG.Interceptor

IMPORTANT: Do not change this path for appliance Gateways. Requires a Gateway restart for changes to take

effect.

interceptor.enableOutboundHttpHeader

Determines whether the Gateway interceptor adds a manifest HTTP

Default: true

interceptor.enforceInboundTrustZone

Determines whether the Gateway interceptor enforces Trust Zones on inbound messages.

Value is a Boolean.

Default: false

interceptor.inboundHttpHeaderName

inbound request message.

Default: LG_Header

interceptor.outboundHttpHeaderName

request messages.

Default: LG_Header

interceptor.transmitConsumerPayload

Determines whether XML payloads are captured and forwarded by the Actional Integration along with statistical information when processing outgoing request messages.

Value is a Boolean.

Default:false

Note: Transmitting the payload can be resource intensive. Changes to this property may take up to 120 seconds to take effect.

interceptor.transmitProviderPayload

Determines whether XML payloads are captured and forwarded by the Actional Integration along with statistical information when processing incoming request messages. Value is a Boolean.

Default:false

Note: Transmitting the payload can be resource intensive. Changes to this property may take up to 120 seconds to take effect.

For more information on using cluster properties, see Managing Cluster-Wide Properties.

Configuring the Routing Assertion

Access the Route via HTTP(S) Assertion.

Choose the [Headers] tab within the properties.

Click [Add]. The Custom Header Setting dialog appears.

For the Header Name, enter LG_Header.

Ensure [Pass original value] is selected, then click [OK].

For example:

interceptor.inboundHttpHeaderName

interceptor.outboundHttpHeaderName

See Table 439 above for details.

Enabling Debugging

You can enable interceptor debugging by the Gateway by setting the following system property:

com.actional.lg.interceptor.debug=true

Note: Debugging mode is used only for troubleshooting purposes. You should enable debugging only when directed by CA Technical Support.

*********************************************************END*******************************************************

*********************************************************START*******************************************************

You are here: 6: Working with Policies > Managing Policy Assertions > Adding an Assertion

Adding an Assertion

You can add an assertion to a service as follows:

Ensure the policy

window

for the service is visible. You can open this window by doing one

of the following:

Right-click the service

and then select Active Policy Assertions,

Double-click the service name in the Services and Policies list

Locate the assertion to add using either of these methods:

Browse for the assertion by expanding each category under the [Assertions] tab.

Type a few characters of the assertion's name in the Search box and then select a match to jump directly to the assertion.

Add the assertion to the policy by doing one of the following:

Drag and drop the assertion

from the [Assertions] tab into the policy development window.

Select the assertion

in the [Assertions] tab and click the

(Add Assertion) button

Note:

Depending on which Gateway product you have

installed, not all the assertions listed in Table 102 may be available. See Features by Product for

a list of which features are available for each product.

After adding, some assertions may require additional configuration.

Please refer to the documentation for the specific assertion for more

details.

Table 102 lists all the predefined assertions their categories under the

[Assertions] tab.

Tips: (1) The encapsulated assertions feature also allows you to populate any category with custom created assertions based on policy fragments. For more information, see Working with Encapsulated Assertions. (2) When adding an encapsulated assertion to a policy, it is recommended that you manually open the assertion properties to review the required inputs, if the properties dialog does not display automatically.

Table 102: Policy Manager assertions

Assertion

Adding an HTTP Option

In the Manage HTTP Options task, you can add as many HTTP options as required. These options let you configure all aspects of an HTTP connection, including credentials, SSL/TLS settings, connection timeouts, and proxy settings.

To add a new HTTP option:

In the Policy Manager,

choose [Tasks] > Manage

The Manage Global Resources

dialog appears.

Click [Add]. The Edit HTTP Options dialog appears.

Configure each tab as necessary.

Click [OK]

when done.

[General] tab

[Proxy] tab

Configuring the [General] tab

Figure 63: Edit HTTP Options - [General] tab

The [General] tab is used to configure general information for the options.

Table 49: HTTP Options - [General] tab

Section

General

Each HTTP option must have a unique combination of HTTP host, port, protocol, and path.

Host: Enter a valid hostname or IP address of the HTTP host. This is required.

Port: Enter the port number to match. This is optional.

Protocol: Choose the protocol(s) to match from the drop-down list: <Any>, HTTP, HTTPS.

Path: Enter a well-formed URI. <![CDATA[ ]]>

Credentials

This section records HTTP authentication information. Enter the appropriate HTTP credentials: User Name, Password, NTLM Domain, and NTLM Host (assuming NTLM has been enabled).

Note that the Password requires that you choose it from the drop-down list. If the password you need is not shown, click [Manage Stored Passwords] to define it first. For more information, see Managing Stored Passwords.

SSL/TLS

This section is enabled when the protocol selected is either <Any> or HTTPS.

Version: Choose the version of SSL/TLS to use or choose <Any> to allow all supported versions.

Private key: Indicate the private key requirements: choose either default, none, or a custom key from the keystore that you specify. You can click [Manage Private Keys] to examine your private keys more closely. For more information, see Managing Private Keys.

Cipher suite: Indicate the cipher requirements: choose either a default or custom suite to use. The default suite consists of those ciphers that will offer the greatest compatibility when the Gateway connects to a server via HTTPS. Alternatively, you can click [Cipher Suites] to choose which ciphers to use and in which order. For more information, see Selecting Cipher Suites.

Connection Settings

Connection Timeout: This defines the maximum time to wait for a connection to be

established. If exceeded, the connection will fail.

To override the system default, clear the Use

System Default

check box and then enter a different value. The

system default for this timeout is defined by the io.outConnectTimeout cluster property.

The default value is 30 seconds.

Read Timeout: This defines the maximum time allowed for response data to be read.

If exceeded, the request will fail.

To override the system

default, clear the Use System Default

check box and enter a value. The system default for this timeout is defined

by the io.outTimeout cluster property. The default value is 60 seconds.

Follow Redirects: Select this check box to follow HTTP redirect responses.

Security Zone

Optionally choose a security zone. To remove this entity from a security zone (security role permitting), choose "No security zone".

For more information about security zones, see Understanding Security Zones.

Note: This control is hidden if either: (a) no security zones have been defined, or (b) you do not have Read access to any security zone (regardless of whether you have Read access to entities inside the zones).

Configuring the [Proxy] tab

Figure 64: Edit HTTP Options - [Proxy] tab

The [Proxy] tab lets you specify proxy options. By default, the shared proxy settings will be used. You can specify to not use an HTTP proxy or to use a specific HTTP proxy with the settings indicated here.

Proxy Host: Enter a valid hostname or IP address for the host.

Proxy Port: Enter a value port number.

Proxy Username: Enter the user name to log onto the proxy host.

Proxy Password: Choose the proxy password from the drop-down list. If the password you need is not shown, click [Manage Stored Passwords] to define it first. For more information, see Managing Stored Passwords.

*********************************************************END*******************************************************

*********************************************************START*******************************************************

You are here: 6: Working with Policies > Working with Comments > Adding a Comment

Adding a Comment

There are two different ways to add a comment to your policy:

Use the Add Comment to Policy assertion. This assertion can be placed anywhere in the policy and is intended for comments not specific to any assertion (for example, to document the policy logic). You can add as many of these assertions as necessary.

Append a comment directly to an item in the policy development window, such as an assertion, folder, or policy fragment. This method ensures that the comment remains with the item even after repositioning, copying/pasting, or exporting/importing the item.

To add a comment to an assertion or folder:

In the policy window, right-click the assertion or folder and then select Add Comment. The Enter Comment dialog is displayed:

Figure 166: Enter Comment dialog

Type your comments in the "Left" and "Right" boxes:

Left Comment will appear before the item, left-aligned in the policy window. The maximum for this comment is 100 characters.

Right Comment will appear after the item, right-aligned in the policy window. The maximum for this comment is 4000 characters.

Here are some tips when entering comments:

By default, only the first 30 characters of the left comment and first 100 characters of the right comment are displayed in the policy development window. These can be changed in the Preferences.

Comments will be displayed in a tooltip when you hover the mouse pointer over the assertion in the policy window. This is useful to read long comments that have been truncated.
Exception: Comments are not visible if the tooltip is displaying a warning that should be resolved. For example, you might see this warning message in a tooltip: "The policy may be invalid due to warnings. The assertion might now work as configured." <![CDATA[ ]]>

You can prefix the comment with any separator character but you are not required to do so. The comments will be displayed in a different font color in the policy window to make them stand out.

*********************************************************END*******************************************************

Search This Blog

live feed

Featured Post

Affiliate Marketing

Chapter-1

About This Help System

Quick Links

Accessing the Help

Topic Coverage

Assumptions

Actional Integration

Configuring the Actional Integration

Configuring the Routing Assertion

Enabling Debugging

Adding an Assertion

Adding an HTTP Option

Configuring the [General] tab

Configuring the [Proxy] tab

Adding a Comment

Comments

Popular posts from this blog

California traffic signals

[Inside AdSense] Understanding your eCPM (effective cost per thousand impress...