33.6.8 Policy Distribution

Policy definitions are not replicated, but are referenced by Access Gateways for which the policy is to be evaluated. The policy reference mechanism is a set of XML elements that refer back to the policy definitions stored in the various policy containers. If you have configured a policy for a protected resource and an Access Gateway does not seem to be executing this policy, use the following procedures to verify that Access Gateway has been configured to use the policy:

  1. Set the level of Application logging to verbose. See Turning on Logging for Policy Evaluation.

    This enables the tracing of the policy enforcement lists.

  2. Search for name of your policy in a <PolicyEnforcementList> element. The ExternalElementRef attribute contains a reference to the policy name.

    You can find these elements in the catalina.out file.

  3. If you cannot find the policy name, Access Gateway has not been configured to use the policy. The configuration either needs to be applied or the policy needs to be enabled. For information about how to assign a policy to a protected resource, see Configuring Protected Resources.

  4. If you find the policy name associated with the correct protected resource, you need to check why the policy is not evaluating according to your design. Set the level of Application logging to info and examine the policy trace from a user accessing the protected resource. See Understanding Policy Evaluation Traces.