Require Remote Domain Identity Assertion
The Require Remote Domain Identity assertion enables the Windows Domain Injection feature in the CA API Gateway - XML VPN Client.
Require Remote Domain Identityassertion enables the Windows Domain Injection feature in the CA API Gateway - XML VPN Client.
- When the CA API Gateway - XML VPN Client executes this assertion, it will deduce the user name, domain name, and client program name from the operating system and then insert them into the message header. On the CA API Gateway - XML VPN Client, this assertion always succeeds.
- When the Gateway executes this assertion, it will examine the headers provided by the CA API Gateway - XML VPN Client and then create the corresponding context variables. On the Gateway, this assertion succeeds only if the context variables are set successfully.
For more information, see
Configuring Windows Domain Injectionin the CA API Gateway - XML VPN Client documentation.
If identity injection has been disabled on the CA API Gateway - XML VPN Client, adding this assertion to a policy will have no effect. Conversely, if identity injection has been enabled full time, it will occur even if this assertion is not used.
Context Variables Created by This Assertion
The Require Remote Domain Identity assertion sets the following context variables. The default
<prefix>is "injected" and can be changed in the assertion properties.
Contains the user name from the message header.
Contains the domain name from message header.
Contains the client program name from the message header.
Using the Assertion
- Do one of the following:
- To add the assertion to the Policy Development window, see Adding an Assertion.
- To change the configuration of an existing assertion, proceed to step 2 below.
- Right-clickRequire Remote Domain Identityin the policy window and selectRemote Domain Identity Propertiesor double-click the assertion in the policy window. The assertion properties are displayed.
- Enter a prefix that will be added to the context variables created by this assertion. This prefix will ensure uniqueness and will prevent the variables from overwriting each other when multiple instances of this assertion appear in a policy.
- Click [OK] when done.