Each attribute can have one or more resolver types.
The resolvers apply in the order listed. You can reorder the resolver types by dragging and dropping them to the appropriate position.
The following table describes the various resolver types.
This resolver setting looks inside the authorization request itself to determine whether the attribute has been provided by the caller. Specify the full name of the attribute, including any parents, in the request.
This resolver setting takes a constant value defined on the resolver itself. The type and value of the constant are required.
As with all other resolved values, constants undergo any value processing defined on the attribute. To define a constant that does not undergo value processing, consider using a Default value.
This resolver setting uses aendpoint to invoke the service at runtime to resolve the attribute. The service might rely on other attributes being supplied to invoke the service.
The PDP handles this process automatically.
PingAuthorize Server can also resolve attributes from other attributes. This ability is useful when you have attributes that contain multiple pieces of information and you want to create nested or child attributes as subset extracts from them.
For example, the Customer.Name attribute might return the following JSON representation.
In this example, you could create the Customer.Name.Surname attribute to resolve against the Customer.Name attribute and could use a JSON parser to extract only the Surname property of the JSON.
When an attribute has a parent, but doesn't already have a parent resolver, you can click the + Add Parent Resolver button to resolve the child attribute against its parent.
The PingAuthorize Policy Editor provides many out-of-the-box System attributes that you can use without additional configuration. For example, the CurrentDateTime attribute returns the current system datetime according to the Type defined for the attribute.
The policy engine can resolve attribute values using policy configuration keys.
When using external PDP mode, you can declare local, file-based trust stores and key stores by providing an options file during setup. See Specifying custom configuration with an options file.
When using embedded PDP mode, you do this by creating Policy Configuration Keys in the Policy Decision Service. See Use policies in a production environment.