[OAM] Duplicate Action and Custom Plug-in

In OAM, you can config how to handle duplicate action for the authorization rule (details can be found in the OAM documentation).

What is duplicate action?

As mentioned in the doc, if the action of one rule is set a HTTP header variable text string and the action of another rule is set the variable to a different value, a conflict occurs when both rules return values. Setting duplicate action helps conflict resolution.

A more detail example:

• You have the first AuthZ Expression - Allow Everyone with Action to return a value HELLOALL in HTTP_TEST.
• You have a second AuthZ Expression - Allow Admin with Action to return a value HELLOADMIN in HTTP_TEST.
• You have a AuthZ Rule in the Policy using (Allow Everyone & Allow Admin)
• WebGate supports only single value in header variable. By default, WebGate only return the last value. However, you can set duplicate action to "Ignore Duplicate" so that only the FIRST value can return (of coz, you can also set duplicate action to "Override" so that only the last instance will be returned. If you are using AccessGate, you can also set it to "Duplicate" to return all values).
  

How about HTTP header with Custom AuthZ Plugin?

However, please be reminded that the duplicate action will NOT handle HTTP header which set with Custom AuthZ Plug-in (a sample of AuthZ plugin which returns HTTP header variable can be found in metalink doc id 781073.1).

Disclaimer

This is a personal Blog maintained by Kenneth Heung (the author).

This Blog does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my opinion.

All data and information provided on this Blog is for informational purposes only. The author makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this Blog and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.

While every caution has been taken to provide my readers with most accurate information and honest analysis, please use your discretion before taking any decisions based on the information in this Blog. The author will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Feel free to challenge the author, disagree with the author, or tell the author "He's completely nuts" in the comments section of each blog entry, but the author reserve the right to delete any comment for any reason whatsoever (abusive, profane, rude, or anonymous comments) – so keep it polite, please.