How to using client_ip and request_uri in XACML policy in WSO2 IS

泪湿孤枕 提交于 2019-12-11 15:48:56

问题


We are using WSO2 IS as the Identity Bus for our solutions. We make REST API in WSO2 ESB to implement our Integration and use OAuth mediator in that to securing our API. in WSO2 IS we create a service provider as sp1 and apply XACML policy to that. I want to create XACML policy to permit incoming requests just when client_ip is xxx.xxx.xxx.xxx and request URI is http://wso2ESB.uri/sampleApi/app and method is GET.

please help me to make this XACML policy in WSO2 IS.


回答1:


Currently WSO2 Identity Server support only scope based XACML policy evaluation for oauth2/oidc service providers, where there is no out of the box capability to evaluate policy against client_ip, request URI, HTTP method. One way to handle this situation is irrespective of oauth mediator you can write custom class mediator to intercept the request (PEP) and invoke EntitlementService to evaluate request against XACML PDP in Identity Server. Inside custom class mediator you can write necessary logic to extract necessary information for XACML request client_ip, request URI, HTTP method ...etc

[1] https://docs.wso2.com/display/IS570/Validating+the+Scope+of+OAuth+Access+Tokens+using+XACML+Policies



来源:https://stackoverflow.com/questions/54955792/how-to-using-client-ip-and-request-uri-in-xacml-policy-in-wso2-is

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!