You can define the mapping between the obligation that the policy decision point (PDP) returns and the URL that attempts to satisfy the obligation.
When the runtime security services returns an obligation, the key is searched for in the configuration file in the following order:
The entries in the [obligations-urls-mapping] stanza must have unique keys as compared to the keys in the [obligations-levels-mappings] entries.
The following entry specifies that an obligation named auth1. The value of auth1 is a URL that is used to satisfy the obligation.
[obligations-urls-mapping]
auth1 = https://example.com
To redirect all obligations that start with urn:example to http://www.example.com, add the following entry:
urn:example:* = http://example.com
Suppose that you have the following entries in the [obligations-urls-mapping] stanza:
urn:example:sports = http://example.sports
urn:example:* = http://example
If runtime security services returns an obligation of urn:example:sports, the first entry is used to redirect the user to http://example.sports. In this case, both stanza entries apply to the obligation returned, but because there is an exact match, that obligation is used.