In my previous blog post [1] [2], I have explained, how we can load balance PDP cluster (WSO2 Identity Server cluster) using WSO2LB and WSO2ESB. In this blog post i am going to use Apache HTTP server to load balance the WSO2 Identity Server cluster nodes. pre-request : 1. You need to install Apache HTTP server. […]
XACML
[This blog post describes the policy editor of WSO2 Identity Server 3.2.X Which is now older version. Please find new details about policy editors from here] WSO2 Identity server provides a XACML policy editor UI for creating XACML policies. Actually Identity server 3.2.X is shipped with two policy editors. One is basic policy editor and […]
In my previous blog post, I have implemented small XACML sample with WSO2 Identity Server. Now lets try to extend it by adding more authorization rules. The XACML policy that is used in previous blog post, achieves following authorization logics; I am just going to recall them as followings. 1. Patients can read their own […]
In this blog post I am going to create XACML sample (sample XACML policies , PIP and PEP) with some real world use case. Lets assume following use case in a Health care organization There is a health care organization called “Medi” “Medi” keeps medical records of all the patients in a database repository. This repository has […]
In my previous blog post, I explained how we can configure PDP cluster load balancing with WSO2LB. Lets see how we can configure WSO2ESB as load balancer for clustered PDPs. For that, we are using dynamic load balancing in ESB with session affinity. you can find the dynamic load balancing sample from here in WSO2 […]
In my previous blog post, I explained deploying of PDP cluster using WSO2 Identity Server. Each PDP in the cluster exposes their own authorization service (Entitlement service). Therefore we need to setup a load balancer to forward the incoming authorization queries among each PDPs. Then load balancer would expose only a one interface for PEP […]
One of the important thing that must be supported by the production XACML PDP is that horizontal scaling with high availability and reliability. WSO2 Identity server’s PDP achieves the horizontal scaling using clustering mechanism. In this post i am going to explain deploying of PDP cluster using WSO2 Identity Server. Here following three main points are very important […]
These day, I am going to do a performance test on XACML PDP. Actually with WSO2 Identity Server PDP implementation. But main problem me is to define a proper test suit for these testing. However as a start, I just tried identify the factors that effect for the XACML decision query time. 1. Complexity of Polices, defined in […]
One way of improving the performance of a XACML engine is by using caching techniques. But caching implementation must be designed carefully. Actually when remind the XACMLnetiq identity manager reference architecture, we could identify that, caching can be done in four places 1. XACML Policies can be cached. As policies usually be stored in […]
One of my previous post, I have discussed about the PIP implementation of the WSO2 Identity Server. Now lets try to write a simple PIP attribute finder module to plug in to the WSO2 Identity Server. There are two ways that you can write a PIP attribute finder module By implementing the “PIPAttributeFinder” Interface. You […]