1 Reply Latest reply on May 20, 2009 6:05 PM by 702610

    web service authorization

    mat
      Version is Weblogic 10gR3
      In our proposed architecture we have a component( Datapower XI50) which intercepts the SOAP request and injects SAML authorization tokens into the request. At the service provider how do I authorize this request in a declarative manner? In other words if I want to restrict the access to a specific web service? Any ideas?

      Thanks
        • 1. Re: web service authorization
          702610
          In order to process the SAML Authorization Token sent by DataPower, you'll need to find some way to map the information it contains into something that WLS understands.

          A few thoughts:

          1 - Get DataPower to generate group attributes instead of authorization statements. WLS SAML Identity Asserter understands this OOTB
          2 - Write a custom RoleMapper that reads the SAML Assertion's Authorization Statements and maps those into roles. You can the use the standard RolesAllowed or JEE Security
          3 - Write a custom AuthorizationProvider that reads the SAML Assertion's Authorization Statements and enforces them. This will not be "declaritive", rather this will make WLS enforce exactly the authorization statements contained in the assertion.