xacml 与 wso2 中的 saml 集成 [英] Xacml integration with saml in wso2

问题描述

我是安全方面的新手.我已经下载了 wso2 sso 示例并执行了它.现在我想将 xacml 配置到这个项目中.我的要求是当用户使用 sso 登录时，我想限制他们访问某些特定的 jsp 页面.请给我一些如何实现它以及如何发送 xacml 请求的建议.谢谢

I am new in security. I have downloaded wso2 sso sample and executed it. Now I want to configure xacml into this project. My requirement is when user logged in with sso I want to restrict them to access some particular jsp pages. Please give me some suggestion how to implement it and how I can send xacml request. thank you

推荐答案

[1] 是 Asela Pathberiya 撰写的一篇关于 XACML 以及如何在 wso2 身份服务器上利用 XACML 的综合性博客.请阅读博客以阐明您可能拥有的不同用例以及如何使用 wso2 身份服务器实现它们.

[1] is a comprehensive blog written by Asela Pathberiya on XACML and how you can leverage XACML on the wso2 identity server. Please read the blog to clarify different use cases you might have and how you can achieve them using wso2 identity server.

基本上，WSO2 在支持 XACML 3.0 规范的 Sun XACML 之上使用 Balana - XACML 实现.

Basically, WSO2 uses Balana - XACML implementation on top of Sun XACML which supports XACML 3.0 specification.

您可以非常轻松地将 WSO2 身份服务器用作 XACML 策略决策点 (PDP).您可以利用 SOAP 客户端或 thrift 客户端将 XACML 请求发送到 WSO2 身份服务器授权服务并接收决策.在 [2]

You can use WSO2 Identity Server as a XACML policy decision point (PDP) quite easily. You can leverage the SOAP client or the thrift client to send XACML request to WSO2 Identity Server Entitlement Service and receive the decisions. There are samples that suit you exact use case at [2]

所以基本上你可以做以下事情来实现你想做的，

So basically you can do the following to achieve what you want to do,

1. 使用策略编辑器在 WSO2 身份服务中配置 XACML 策略
2. 通过 SOAP 或 thrift 从您的应用中调用授权服务以获取授权决定 [3].

<小时>

[1] http://xacmlinfo.org/category/xacml/

[2] https://github.com/wso2/balana/tree/master/modules/balana-samples

[3] https://github.com/wso2/carbon-identity-framework/tree/master/components/entitlement/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement

这篇关于xacml 与 wso2 中的 saml 集成的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！