keycloak-scim/authorization_services/topics/policy-regex-policy.adoc
Pedro Igor a1b9a6023c
Support JSON objects when evaluating claims in regex policy (#1566)
* Support JSON objects when evaluating claims in regex policy

    Closes #11514

* Update authorization_services/topics/policy-regex-policy.adoc

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>

Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com>
2022-10-25 06:47:54 +02:00

34 lines
1.2 KiB
Text

[[_policy_regex]]
= Regex-Based Policy
You can use this type of policy to define regex conditions for your permissions.
To create a new regex-based policy, select *Regex* from the policy type list.
This policy resolves attributes available from the current identity.
.Add Regex Policy
image:images/policy/create-regex.png[alt="Add Regex Policy"]
== Configuration
* *Name*
+
A human-readable and unique string describing the policy. A best practice is to use names that are closely related to your business and security requirements, so you can identify them more easily.
+
* *Description*
+
A string containing details about this policy.
+
* *Target Claim*
+
Specifies the name of the target claim in the token. For JSON-based claims, you can use dot notation for nesting and square brackets to access array fields by index. For example, contact.address[0].country. If the target claim references a JSON
object, the first path (for example, `contact`) should map to the attribute name holding the JSON object.
+
* *Regex Pattern*
+
Specifies the regex pattern.
+
* *Logic*
+
The <<_policy_logic, Logic>> of this policy to apply after the other conditions have been evaluated.