Hi Roman, As you have mentioned above create a new local claim and then use *"* *authn_user_claim_based_policy_template* <https://localhost:9443/carbon/entitlement/policy-view.jsp?policyid=authn_user_claim_based_policy_template> *"* to define the claim. When you give the claim values you could use regex values in the XACML policy. With *authn_user_claim_based_policy_template <https://localhost:9443/carbon/entitlement/policy-view.jsp?policyid=authn_user_claim_based_policy_template>* users with the given claim values will be allowed and any other users will be denied. Please refer [1] to understand how to write XACML policies using the template. Please let us know if you need any help on this.
[1] https://docs.wso2.com/display/IS530/Writing+a+XACML+Policy+ using+a+Policy+Template Thanks, Nila. On Wed, Aug 1, 2018 at 3:06 PM, Roman CHRENKO <[email protected]> wrote: > Hello. > > I would like to ask you for an advice. Our WSO2 IS IDP trusts to a > federated IDP. There is in SAML Assertion from FedIDP also assertion > attribute QAALevel. When it is equal 4, a user is authenticated by smart > card. When it is =1, this user is authenticated using social networks. We > need to allow login to our IDP only for users with QAALevel=4. How to > achieve this? > > I found some article about programmimg own authentication module ( > http://blog.facilelogin.com/2016/02/enforce-password-reset- > for-expired.html). But is this the only possible solution? Cannot we use > for example claim attribute "Regular Expression"? I tried this by defining > new local Claim "QAALevel" with regex pattern "4" but without success. Can > you suggest me any other possible solutions? Thank you for your answers. > > Roman > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Nilasini Thirunavukkarasu Software Engineer - WSO2 Email : [email protected] Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
