Fine-grained authorization with PIP points - WSO2 IS

Use Case Scenario :-

•User ‘john’ trying to get READ access by using his user id.

•Authorization should be given by validating the user id against user name, requesting use name information via PIP point.

•PIP requesting information from a web service.

Now lets see how to implement this use case scenario.

1 ) First of all you need to have the jax-rs service implemented.

Refer the blog post : http://umeshagunasinghe.blogspot.com/2013/09/how-to-create-jax-rs-service-using-wso2.html

2) Then you need to deploy it in the application server.

Refer the blog post: http://umeshagunasinghe.blogspot.com/2013/09/how-to-deploy-jax-rs-service-in-wso2.html

3) Then you have to write the PIP :http://umeshagunasinghe.blogspot.com/2013/10/how-to-write-pip-point-for-wso2-is.html

4) Now, register it in the Identity Server : http://umeshagunasinghe.blogspot.com/2013/10/how-to-register-pip-in-wso2-is.html

5) Write the XACML policy : http://umeshagunasinghe.blogspot.com/2013/10/how-to-write-simple-xacml-policy-in.html

6) You can use the TryIt tool in Identity Server as the PEP to test the XACML policy

:http://umeshagunasinghe.blogspot.com/2013/10/how-to-use-try-it-tool-in-wso2-is.html

7) You need to expose the entitlement service of the IS and then send request via SoapUI (you can also configure WSO2 ESB to further enhance the use case ) 

http://umeshagunasinghe.blogspot.com/2013/10/how-to-expose-entitlement-service-in.html

Fine grained xacml authorization with pip points from Umesha Gunasinghe

Thank You!