Il 05/11/2015 17:11, Antonio Ciancio ha scritto:
Marco thank you so much!!!
I found your answar very useful for my purpose!
In my test case i have to consider another membership attribute, the
time period in which users can access to a restricted area.
Usually i use an object like this:
BEGIN:VCALENDAR
PRODID:
VERSION:2.0
BEGIN:VEVENT
SUMMARY:Office Hours
DTSTART:19700101T090000
DTEND:19700101T170000
RRULE:FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR
DTSTAMP:20121129T154801
UID:6b350fc3c646e59e
END:VEVENT
END:VCALENDAR
Would be possible, in Syncope, to set up this informations as a
Membership attributes?
Yes, it's. You can modelling your solution as you want.
Regards
Marco
Regars,
Antonio.
2015-11-05 15:41 GMT+01:00 Marco Di Sabatino Di Diodoro
<[email protected] <mailto:[email protected]>>:
Hi Antonio,
Il 04/11/2015 15:10, Antonio Ciancio ha scritto:
Hi all,
I'm Antonio. I'm working on Syncope since two weeks.
The context in which I work is the PACS (Physical Access Control
System):
Users have available one or more badges, each badge has an
identification number; they allow to access in a restricted area
using card readers. My system sends a REST request to Syncope
with the following parameters: *card_ID, card_reader_ID,
operation*; “operation” indicates the kind of action that users
need to do (in, out, …).
How can I map these three parameters in Syncope? In particular,
How can I combine the card_ID parameter with the users? My idea
is to combine the token field of the “SyncopeUser” table with the
card_ID parameter, can I costumise it? If I can’t do it, which
entity of Syncope can I use to map the “Card” parameter?
Token field is a specific field with internal functions and it's
better not override.
Best way to map your requirements with Syncope is to use schemas,
roles and memberships [1]. I suggest you to use "Syncope Roles"
as CARD_READER entity with a role attribute where you can map the
card_reader_ID. In addition, you have to create two membership
attributes for the card_ID and operation fields.
Now, you can assign to an user one or more roles (card reader)
where every relationship user-role contains the card_ID and
operation permissions of an user (membership attributes). If you
want, you can configure your attributes multi-value (for example
operation: "in, out").
As regard the Syncope response given after the REST request on
the basis of Users needs, which entity can we use to determine
this operation ( Role, Policy…)?
For the authentication and authorization, you have to implement a
new REST endpoint where you check if an user has assigned a role
with the passed card_reader_ID and the card_ID and operation
matches the membership values.
Regards
Marco
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/Schema%2C+attributes+and+mapping
--
Dott. Marco Di Sabatino Di Diodoro
Tel.+39 3939065570 <tel:%2B39%203939065570>
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel+39 0859116307 <tel:%2B39%200859116307> / FAX+39 0859111173
<tel:%2B39%200859111173>
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
<http://people.apache.org/%7Emdisabatino/>
--
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570
Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/
