The rule validation page helps you to validate the Origin identity providers and the allowed service provider rule according to the role associated with the respective trusted partners.
Click Devices > Identity Servers > Brokering.
Click the existing or newly created brokering group hyperlink.
Click the Rule Validation tab.
Origin IDP: The Origin identity providers are the trusted providers. The list displays all trusted providers created for an Access Manager brokering group.
Allowed SP: Allowed SPs are the selected service providers of trusted providers. The list displays all service providers created for a brokering group.
Role: Specify the role you want to validate for the selected Origin identity trusted providers and allowed SP. Click Validate Rule.
Name: Displays the role name of the selected trusted providers.
Identity Providers: Displays the identity provider name.
Service Providers: Displays the service provider name.
Priority: In ascending order, displays the priority number of the rule validation of the selected trusted providers.
Action: Displays the permission action for validation of the selected trusted providers rule validation.
Role Conditions: Displays the role conditions for the selected trusted providers rule validation. Denial takes precedence over Permit.
Evaluate State: Displays the role conditions evaluate state for the selected trusted providers rule validation. You can see different evaluation states in the role conditions.
Pass 1: If the rule matches the Origin identity provider, allowed service provider or any roles mentioned.
Pass2: If the rule matches the Origin identity provider, allowed service provider or any specific role mentioned.
Ignored: If the rule does not match either Pass 1 or Pass 2.
Not Executed: The default state of all the roles.
NOTE:If the rule has the evaluate State as Pass 1 action as Deny, the remaining rules are in the non-executed state.
After a rule has the evaluate state as Pass 2, regardless of the action, the remaining rules are in the non-executed state.
The rules before Pass 1, must have the evaluate state of Ignored. All these ignored rules must have the role condition as Any, without specifying any role condition.
Pass 1 evaluation stops, as soon as a match for the Origin identity provider and allowed service provider is found with specific to some role condition.
Click Cancel to close the Rule Validation page.