NetIQ Access Manager

In this demo, there are two pages: Employee and Manager. "Manager" can be accessed only by users with role as "Manager". The other page "Employee" can be accessed by all users with role as "Employee". This authorization decision done by the Access Manager is based on URL patterns configured in the Administration Console. If you have logged in as "Alice", you can access the Manager page. If you have logged in as "Bob", you cannot access this page. The Employee page can be accessed by both, because both users have the role "Employee".

In this demo, the user attributes are transferred to this application from the Access Manager. The user attributes are injected into the HTTP headers in the traffic between the Access Manager and application. The application can consume this information and take necessary action such as policy enforcement or display the data to the browser. This simplifies the way the application fetches data from user stores. The information injected here is Role information, configured as an "Identity Injection" policy in the Administration Console and associate this policy to the protected resource configuration.

If the application requires another form of authentication with same or different password, the credentials can be pre filled in the page and submitted automatically to the application without prompting user. This enables seamless single sign-on experience for the user. The application will prompt user with a form to provide credentials. This demo demonstrates how the form fill policy works. In this demo, username and email ID are pre filled automatically into the form from application. In production, the policy can be configured to submit these credentials automatically. This will take the user directly to the application home page. The sample policy can be viewed in the Administration Console.