When a policy is applied to a request or response, the policy result might include one or more advices. An advice is a directive that instructs the policy enforcement point to perform additional processing in conjunction with an authorization decision.
In this example, PingAuthorize Server functions as the policy enforcement type.
Advices allow PingAuthorize Server to do more than allow or deny access to an API resource. For example, an advice might cause the removal of a specific set of fields from a response.
You can add an advice directly to a single policy or rule, or add an advice in Components for use with multiple policies or rules. Advices possess the following significant properties.
||Friendly name for the advice.|
||Identifies the advice type. This value corresponds to an advice ID that the PingAuthorize configuration defines.|
||Specifies the policy decisions, such as
||Set of parameters governing the actions that the advice performs when it is applied. The appropriate payload value depends on the advice type.|
PingAuthorize supports the following advice types:
- Add Filter
- Combine SCIM Search Authorizations
- Denied Reason
- Exclude Attributes
- Filter Response
- Include Attributes
- Modify Attributes
- Modify Headers
- Modify Query
- Modify SCIM Patch
- Regex Replace Attributes
The following sections describe these advice types in more detail. To develop custom advice types, use the Server SDK.
Many advice types let you use the JSONPath expression language to specify JSON field paths. To experiment with JSONPath, use the Jayway JSONPath Evaluator tool.