This content has been marked as final. Show 1 reply
In order to process the SAML Authorization Token sent by DataPower, you'll need to find some way to map the information it contains into something that WLS understands.
A few thoughts:
1 - Get DataPower to generate group attributes instead of authorization statements. WLS SAML Identity Asserter understands this OOTB
2 - Write a custom RoleMapper that reads the SAML Assertion's Authorization Statements and maps those into roles. You can the use the standard RolesAllowed or JEE Security
3 - Write a custom AuthorizationProvider that reads the SAML Assertion's Authorization Statements and enforces them. This will not be "declaritive", rather this will make WLS enforce exactly the authorization statements contained in the assertion.