User Role management with WSO2 Identity Server APIs

WSO2 Identity Server provides  a simple web service API for user role management. If your application needs a user role management function, you can directly integrate with Identity Server rather than dealing with the user store. There is a web service API called  RemoteUserStoreManagerService   that can be used to manage users and roles.   […]

Multiple decision profile – Hierarchical resources

In my previous post, we went though defining XACML policies for web application. Now i am going to try out the scenario, that is defined there with second approach. i.e. Multiple decision profile  with hierarchical resource profile.  Here i am using Identity Server which is an open source XACML engine that supports XACML 3.0, multiple […]

XACML based Access Control for Web Applications

XACML is the standard for access control in the SOA. But it seems to be that it is still not much widely adopted within the enterprises yet. I guess, mostly people may not have an idea about the capability of the XACML… It just not a XML based policy language… It has lot of extensibility […]

XACML PIP for finding hierarchical resources

If you are working with XACML.  You surely have heard about the PIP (Policy information Point). PIPs help to PDP by finding things that are needed for policy evaluation. PIPs are mostly extension points that can be implemented and plugged with PDP according to the your use case. Identity Server supports several PIP extension points. […]

Client Credential Grant Type with OAuth 2.0

Out of four major grant type in the OAuth 2.0 specification, Client credential is the simplest one. This can be used as an authorization grant when the authorization scope is limited to the protected resources under the control of the client. Basically when client owns the resources. It means that the client would be the […]

How to retrieve X509 Certificate as “ds:X509Certificate” Data

I have seen that most the cases, You may need to retrieve the X509 Certificate as  <ds:X509Certificate> Data.  <ds:X509Certificate>  data can be seen in SOAP messages (SAML, WS-Security) that are passed  the security information.  You can easily retrieve X509Certificate data  using java  keytool command. If you want to retrieve X509Certificate data from key store file (JKS) keytool -export -keystore pathToKeystore -rfc […]

How to Write custom mediator for WSO2ESB

WSO2 ESB gives an extension points, where users can create their own processing logic in to the message path. One way is implementing a custom mediator where it can be plugged with ESB sequences. We can found lot of docs and blogs on writing a custom mediators. This is a good blog on writing a […]