Scenario 1

Write an External Attribute data extension class and use the required attribute to retrieve the professional code and specialization of the user. For more information about data extension class, see Adding Policy Extensions. For more information about data extension example code, see The Policy Extension API in the NetIQ Access Manager 5.0 SDK Guide.

Create an External Attribute Source policy for the data extension.

For more information about how to import the data extension class and configure the External Attribute Source policy in Identity Server, see External Attribute Source Policies.

Define a shared secret for the professional code and specialization. For more information, see Adding Custom Attributes.

Configure this shared secret for a service provider to be sent with authentication. For more information, see Configuring the Attributes Sent with Authentication.

The retrieved details that are professional code and specialization are sent to e_Health.

A user requests for access to e-Health through browser.

e_Health redirects the user’s browser to Access Manager Identity Server at Med_Association for authentication.

User logs in with providing credentials. User is authenticated with LDAP.

On the successful authentication, Identity Server sends the assertion to e_Health.

e_Health verifies the assertion with Med_Association by using the back channel communication.

After verification, Access Manager Identity Server retrieves the attributes (professional code and specialization) from external sources (for example, database) by using the External Attribute Source policy.

Identity Server returns the response containing professional code and specialization in a shared secret attribute. If the user is not a doctor, external source returns null values in the shared secret attribute in the response.

e_Health grants access to the user if it receives valid values for the attributes in the authentication response else it denies Access.