To distributed the policy extension to the devices that need it:
Create a policy that uses the extension:
Role Policy: To create a Role policy that uses the extension, see Creating Roles.
Identity Injection Policy: To create an Identity Injection policy that uses the extension, see Configuring an Identity Injection Policy.
Authorization Policy: To create an Authorization policy that uses the extension, see Creating Access Gateway Authorization Policies.
External Attribute Source Policy: To create an External Attribute Source policy that uses the extension, see External Attribute Source Policies.
Assign the policy to a device:
For a Role policy, enable it for an Identity Server.
For more information, see Enabling and Disabling Role Policies.
For an Authorization policy, assign it to a protected resource.
For more information, see Assigning an Authorization Policy to a Protected Resource.
For an Identity Injection policy, assign it to a protected resource.
For more information, see Assigning an Identity Injection Policy to a Protected Resource.
For an External Attribute Source policy, enable it for an Identity Server.
For more information, see Enabling External Attributes Policy.
IMPORTANT:Do not update the device at this time. The JAR files must be distributed before you update the device.
Distribute the JAR files:
Click Policies > Extensions.
Select the extension, then click Distribute JARs.
Restart Tomcat on the devices listed for reboot.
Access Gateways: /etc/init.d/novell-mag restart.
For the Docker deployment, perform the following steps:
Run the kubectl get pods command to view the Access Manager pods.
Go to the Access Gateway pod by running the kubectl exec --namespace <name-of-the-namespace> -it pod/<name-of-the-access-gateway-pod> -- sh command.
Run the /etc/init.d/novell-mag restart or systemctl restart novell-mag.service command.
Identity Servers: /etc/init.d/novell-idp restart.
For the Docker deployment, perform the following steps:
Run the kubectl get pods command to view the Access Manager pods.
Go to the Identity Server pod by running the kubectl exec --namespace <name-of-the-namespace> -it pod/<name-of-the-identity-server-pod> -- sh command.
Run the /etc/init.d/novell-idp restart or systemctl restart novell-idp.service command.
(Conditional) If the extension is for an Authorization policy or an Identity Injection policy, update Access Gateway.