The Virtual Attribute condition allows you to control access based on a value in an Virtual attribute. You can have the user’s attribute value retrieved from an external source and compared to a value of the following type:
Roles from an identity provider
Authenticating IDP or user store
Authentication contract, method, or type
Credential profile
LDAP attribute, OU, or group
Liberty User Profile attribute
Static value in a data entry field
Virtual Attribute
To set up the matching for this condition, specify the following details:
Virtual Attribute: Select the virtual attribute you want to use in the comparison.
Comparison: Specify how you want the values compared. All data types are available. Select one that matches the value type of your virtual attribute.
Mode: Select the mode, if available, that matches the comparison type. For example, if you select to compare the values as strings, you can select either a Case Sensitive mode or a Case Insensitive mode.
Value: Specify the second value for the comparison. All data types are available. For example, you can select to compare the value of one virtual attribute to the value of another virtual attribute. Only you can determine if such a comparison is meaningful.
Result on Condition Error: Specify what the condition returns when the comparison of the two values returns an error rather than the results of the comparison. Select either False or True. If you do not want the action applied when an error occurs, select False. If you want the action applied when an error occurs, select True.