On Friday, May 4, 2018, Vadim Kimlaychuk <[email protected]> wrote:
> Dear architects, > > I am trying to implement validation for OAuth tokens described here > : https://docs.wso2.com/display/IS560/Validating+the+Scope+of+ > OAuth+Access+Tokens+using+XACML+Policies. Since this example failed for > me I have tried to do similar with role validation described here: > https://docs.wso2.com/display/IS560/Configuring+Access+ > Control+Policy+for+a+Service+Provider. When none of them worked I started > to investigate logs of the server and saw that none of validation seems to > happen. Should I write down some module/class and register it to make it > work or configuration through UI should be enough? > > My test scenario with IS 5.5.0 and curl is following: > > 1. Registered SP Playground2 with OAuth2/OpenID connect configuration. > "Authorization", "SaaS", "Role based scope validator" and "XACML Scope > Validator" options are enabled > 2. curl -u <client>:<passwd> -k -d > "grant_type=password&username=user&password=user1" > -H "Content-Type:application/x-www-form-urlencoded" > https://localhost:9443/oauth2/token > <https://localhost:9443/oauth2/token> works and I got access token > 3. Created PAP from auth_role_based_policy where user "user" is > "denied" because he is not in a role. Checked it with "Try" -- works > 4. Published to PDP > 5. tried curl to issue new token -- token issued as before. No > restriction for the user > > May be I am using it in a wrong way? > > Thanks in advance, > > Vadim > -- Farasath Ahamed Senior Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
