In the AM Authorization guide the steps are to to
- create privileged user - restPolicyUser
- add address to normal user - demo
- Create Policy
- Evaluate Policy...
In the last section where you evaluate policy it says
“Send an evaluation request to the policies endpoint, using the SSO token of the demo user in the iPlanetDirectoryPro header.
In the JSON data, set the subject property to also be the SSO token of the demo user.“
This is not correct, the value sent in the iPlanetDirectoryPro header should be that of a session of the privileged user i.e. restPolicyUser.
To fix this, there needs to be an extra step to get a AM SSO Session for restPolicyUser which needs to be the value for iPlanetDirectoryPro header.
Note: this error came about in the Docs with version 5.5 where Step 1 above switched from giving privileges to the demo user to creating a new user with privileges. Therefore this example is wrong in all the Docs from 5.5, that is, 5.5, 6.0, 6.5, 7.0