WSO2 Identity Server provides a simple web service API for user role management. If your application needs a user role management function, you can directly integrate with Identity Server rather than dealing with the user store. There is a web service API called RemoteUserStoreManagerService that can be used to manage users and roles. […]
In my previous post, we went though defining XACML policies for web application. Now i am going to try out the scenario, that is defined in that blog post, with third approach. i.e. By using “getEntitledAttributes” method in Entitlement Service API of Identity Server. Identity Server is an open source XACML engine that supports XACML […]
In my previous post, we went though defining XACML policies for web application. Now i am going to try out the scenario, that is defined there with second approach. i.e. Multiple decision profile with hierarchical resource profile. Here i am using Identity Server which is an open source XACML engine that supports XACML 3.0, multiple […]
In my previous post, we went though defining XACML policies for web application. Now i am going to try out the scenario that is defined there with first approach. i.e. Multiple decision profile with repeated attribute categories. Here i am using Identity Server which is an open source XACML engine that supports XACML 3.0 and […]
XACML is the standard for access control in the SOA. But it seems to be that it is still not much widely adopted within the enterprises yet. I guess, mostly people may not have an idea about the capability of the XACML… It just not a XML based policy language… It has lot of extensibility […]
If you are working with XACML. You surely have heard about the PIP (Policy information Point). PIPs help to PDP by finding things that are needed for policy evaluation. PIPs are mostly extension points that can be implemented and plugged with PDP according to the your use case. Identity Server supports several PIP extension points. […]
Out of four major grant type in the OAuth 2.0 specification, Client credential is the simplest one. This can be used as an authorization grant when the authorization scope is limited to the protected resources under the control of the client. Basically when client owns the resources. It means that the client would be the […]
I have seen that most the cases, You may need to retrieve the X509 Certificate as <ds:X509Certificate> Data. <ds:X509Certificate> data can be seen in SOAP messages (SAML, WS-Security) that are passed the security information. You can easily retrieve X509Certificate data using java keytool command. If you want to retrieve X509Certificate data from key store file (JKS) keytool -export -keystore pathToKeystore -rfc […]
WSO2 ESB gives an extension points, where users can create their own processing logic in to the message path. One way is implementing a custom mediator where it can be plugged with ESB sequences. We can found lot of docs and blogs on writing a custom mediators. This is a good blog on writing a […]
According to the XACML core specification, It only talks about a PDP that can provide authorization result of boolean values (Basically permit, deny, not applicable, indeterminate results and some additional data using advice and obligations). Basically from the PDP, application (PEP) can ask something like “is user authorized to do this” ? And application (PEP) […]