We have a project specific requirement like a user must belong to a particular location to execute some action. We want to extend WSO2 PDP functionality where we may provide connection details to local db and provide conditions when a user can execute an action.
Planning to implement PEP-PDP using ESB and IS. Is there a way in PDP that can do this ?
Yes, it is possible. Basically, you need to write a custom policy information point module. Please have a look at [1] on implementing a custom PIP (Policy Information Point) module
[1] http://xacmlinfo.org/2011/12/18/writing-jdbc-pip-module/
Related
How can I set a default value to a claim when configuring a Service Provider on WSO2-IS carbon?
I'd like to set a default value to userDirectory according to environment that I've created to pass to Service Provider.
WSO2-IS 5.11.0
AFAIK there is not OOTB config you can achieve this. I can suggest two ways for you to try this.
You can do customization and get this capability. You can write a lister and subscribe to PostAddUser event or PostGetUser event. To do so you need to introduce a new claim as well.
IF you want to include this claim in the ID token, then you can implement a custom claim provider. Follow the blog for more details.
Edit:
AFAIU there is a 3rd option you can do that is explained in issue, where you can define a custom claim handler. With this approach, the claims will be added to all the assertions.
How can we add custom claims to the ID token of WSo2.(claims which are stored in the different tables of WSO2 database)?
explanation:
The requirement is to add some additional claim values which are specific to the organizational information of the user(which will be stored in other tables and not in the user attribute table).
how do we write a custom claim handler to do the same?
You can write a custom claim handler and inject the values from the claim handler. Please follow this documentation to know how to deploy a custom claim handler.
You can find a sample source code here.
I'm using WSO2 Identity Server 5.3.0 and several LDAP user stores.
I need to integrate AWS as a service provider and WSO2 IS as identity provider.
The situation is: I have lots of users stored in the user stores and some of them have specific roles that should be allowed to login to AWS service. So far I don't have the possibility to alter / update the current user stores.
That's why I'm trying to figure out a way to populate / generate / translate / calculate the value of a claim based on an already stored attribute in the user store.
I have a sort of table with the groups coming from LDAP's memberOf attribute a user could belong to and their equivalences to AWS attributes that should be stored in specific claims in order for AWS to allow that user to enter certain services.
The end user is willing to solve this situation within the WSO2 IS component without altering the stores content.
I'm wondering if the only way to do this is writing a custom User Store Manager or a Custom Claim Handler [1] to deal with this particular situation or there is a more standard way to accomplish this.
I will appreciate any input, thanks in advance
[1] http://pushpalankajaya.blogspot.ca/2014/07/adding-custom-claims-to-saml-response.html
I think Claim Handler is the right place to implement your logic. You can find a sample in https://github.com/mefarazath/CustomClaimHandler
I am using wso2 Identity Server and creating custom claims in it. In a specific use case i need two claims to replicate the same value.
So while creating user if i have give "1234" to claim http://wso2.org/claims/store1/id1 than claim http://wso2.org/claims/store2/id2 should also have "1234".
Is there any way possible to achieve this.
One way to achieve this, is to overwrite method in user store manager. There you can put your custom logic to save and get claims.
Where does WSO2 Greg store custom RXTs that are created? They can be edited/added through admin console. I can see the default RXTs under wso2 greg home/repository/resources/rxts but do not see here the custom RXTs
Also let me know
How does WSo2 Greg generate reg_UUID for the resources added? I want to implement the UUID generation script outside so that i can add the resource entries in the respective tables directly from DB?
If you create it using mgt console it will be only stored in DB. However, users can add soft copies of rxt to <GREG_HOME>/repository/resources/rxts/ location. This is a one-time addition and will not reflect any changes that we do to the rxt softcopy afterward. Please find last words of this article.
UUID is created in registry PUT operation and please find the sample code here which we used to generate UUIDs for Swaggers. As per your fix you need to create a registry handler for your assets and remove any existing handler then link your UUID creation logic. Please find this article on how to create a custom handler.