Policy definitions are not replicated, but are referenced by the Access Gateways for which the policy is to be evaluated. The policy reference mechanism is a set of XML elements that refer back to the policy definitions stored in the various policy containers. If you have configured a policy for a protected resource and an Access Gateway does not seem to be executing this policy, use the following procedures to verify that the Access Gateway has been configured to use the policy:
Set the level of Application logging to Section 39.1, Turning on Logging for Policy Evaluation.
. SeeThis enables the tracing of the policy enforcement lists.
Search for name of your policy in a <PolicyEnforcementList> element. The ExternalElementRef attribute contains a reference to the policy name.
On the Linux Access Gateway, you can find these elements in the catalina.out file.
On the NetWare Access Gateway, the trace for these elements goes to the system console.
You can also find an XML file named after each protected resource in the sys:\etc\proxy\pr directory. These files contain the references to the policy names that have been enabled for the protected resources.
If you cannot find the policy name, the Access Gateway has not been configured to use the policy. The configuration either needs to be applied or the policy needs to be enabled. For information on how to assign a policy to a protected resource, see Section 13.4, Configuring Protected Resources.
If you find the policy name associated with the correct protected resource, you need to check why the policy is not evaluating according to your design. Set the level of Application logging to Section 39.2, Understanding Policy Evaluation Traces.
and examine the policy trace from a user accessing the protected resource. See