Google Site Search


Tuesday, June 23, 2009

SAML2/XACMLv2 Out of the Box

Suppose you have the following needs:
a) Need to have XACMLv2 evaluation of access control requests.
b) Do not want to implement either the XACML PDP (Policy Decision Points) or PEP (Policy Enforcement Points).
c) Use SAMLv2 payload to transport the XACMLv2 request and response.
d) Use SOAP 1.1 messages to carry the SAMLv2 payload (which internally carries the XACMLv2 request/response messages).

As described in SAMLv2/XACMLv2 integration, there is a servlet provided as part of the JBossIdentity stack.

All you need to do is create the XACML policies and package it as part of a web application and configure the SOAPSAMLXACMLServlet in the web.xml as defined in the wiki article.

You get out of the box functionality without a need to write PDP or PEP. The servlet acts as the PEP/PDP combo.

No comments: