Friday, March 25, 2016

Identity Patterns with the WSO2 Identity Server
Fine-grained access control for service providers

Problem:
  • The business users need to access multiple service providers supporting multiple heterogeneous identity federation protocols. 
  • Each service provider needs to define an authorization policy at the identity provider, to decide whether a given user is eligible to log into the corresponding service provider. 
  • For example, one service provider may have a requirement that only the admin users will be able to login into the system after 6 PM. 
  • Another service provider may have a requirement that only the users from North America should be able to login into the system.
Solution:
  • Deploy WSO2 Identity Server as the Identity Provider and register all the service providers. 
  • Build a connector, which connects to the WSO2 Identity Server’s XACML engine to perform authorization. 
  • For each service provider, that needs to enforce access control during the login flow, engage the XACML connector to the 2nd authentication step, under the Local and Outbound Authentication configuration. 
  • Each service provider, that needs to enforce access control during the login flow, creates its own XACML policies in the WSO2 Identity Server PAP (Policy Administration Point). 
  • To optimize the XACML policy evaluation, follow a convention to define a target element under each XACML policy, that can uniquely identify the corresponding service provider. 
  • Products: WSO2 Identity Server 5.0.0+ 

1 comments:

Jeffer Shen said...


With that said, the utter attention to detail in all of their stuff has earned them constant panerai replica sale work from a number of celebrities and movie studios, as well as other panerai replica sale projects. MadeWorn does everything from making custom costumes for big-budget movies to art installations at New York Fashion Week. Blaine Halvorson is a force to be reckoned with, and this is a brand that should be on the radar of anyone keen on patek philippe replica sale emerging fashion trends. Is that all relevant to the cartier replica uk watches? I would say yes, and the reason is that MadeWorn isn't just adding some decoration to a rolex replica uk watch, but the watches now benefit from the strength of two important (albeit utterly different) brands swiss replica watches that, when combined together, truly do result in something fresh.