问题
I am new in security. I have downloaded wso2 sso sample and executed it. Now I want to configure xacml into this project. My requirement is when user logged in with sso I want to restrict them to access some particular jsp pages. Please give me some suggestion how to implement it and how I can send xacml request. thank you
回答1:
[1] is a comprehensive blog written by Asela Pathberiya on XACML and how you can leverage XACML on the wso2 identity server. Please read the blog to clarify different use cases you might have and how you can achieve them using wso2 identity server.
Basically, WSO2 uses Balana - XACML implementation on top of Sun XACML which supports XACML 3.0 specification.
You can use WSO2 Identity Server as a XACML policy decision point (PDP) quite easily. You can leverage the SOAP client or the thrift client to send XACML request to WSO2 Identity Server Entitlement Service and receive the decisions. There are samples that suit you exact use case at [2]
So basically you can do the following to achieve what you want to do,
- Configure XACML policies in WSO2 Identity Service using policy editor
- Call the Entitlement Service via SOAP or thrift from you app to get the entitlement decisions [3].
[1] http://xacmlinfo.org/category/xacml/
[2] https://github.com/wso2/balana/tree/master/modules/balana-samples
[3] https://github.com/wso2/carbon-identity-framework/tree/master/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement
来源:https://stackoverflow.com/questions/37271446/xacml-integration-with-saml-in-wso2