Dear architects,
I am trying to implement validation for OAuth tokens described
here :
https://docs.wso2.com/display/IS560/Validating+the+Scope+of+OAuth+Access+Tokens+using+XACML+Policies.
Since this example failed for me I have tried to do similar with role
validation described here:
https://docs.wso2.com/display/IS560/Configuring+Access+Control+Policy+for+a+Service+Provider.
When none of them worked I started to investigate logs of the server and
saw that none of validation seems to happen. Should I write down some
module/class and register it to make it work or configuration through UI
should be enough?
My test scenario with IS 5.5.0 and curl is following:
1. Registered SP Playground2 with OAuth2/OpenID connect configuration.
"Authorization", "SaaS", "Role based scope validator" and "XACML
Scope Validator" options are enabled
2. curl -u <client>:<passwd> -k -d
"grant_type=password&username=user&password=user1" -H
"Content-Type:application/x-www-form-urlencoded"
https://localhost:9443/oauth2/token works and I got access token
3. Created PAP from auth_role_based_policy where user "user" is
"denied" because he is not in a role. Checked it with "Try" -- works
4. Published to PDP
5. tried curl to issue new token -- token issued as before. No
restriction for the user
May be I am using it in a wrong way?
Thanks in advance,
Vadim
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
