nishita jain wrote:

> Hi,
> I'm trying to create an "Identity Server: Roles" policy and a
> corresponding "Access Gateway: Authorization" policy to apply on a
> protected resource.
> I'm using two user stores: 1 - Novell eDirectory and 2- Sun One LDAP.
> Now I need to define a role policy for users existing in Sun One LDAP
> based on attribute value.
> If I apply the policy on an attribute that exists in attribute list by
> default like sn, the policy works fine.
> But If I add an attribute that is part of my user schema in Sun One
> LDAP (nsrole, nsroledn) in identity server and then apply policy on
> this attribute, it doesn't work.
> Is there any limitation on using attributes of Sun One LDAP? Or any
> idea how can this be achieved.

There's shouldn't be though I haven't done anything with Sun One. Can
you enable debug logging and provide the catalina.out from your IDP?