如何向我的服务提供商验证角色/权限信息wso2身份服务器?

时间:2018-05-30 05:50:41

标签: spring-security saml-2.0 wso2is

我正在使用Spring安全SAML2.0 SSO和wso2IS 5.4.0。我已将角色声明添加到服务提供商内部的wso2is中。现在我可以在saml断言中获得用户角色。

在这里,我想验证其角色的用户基础。我在securityContext.xml

中映射了应用程序(服务提供者)url 
import hashlib
import os

def file_as_bytes(file):
    with file:
        return file.read()

def hash_file(fpath):
    return hashlib.md5(file_as_bytes(open(fpath, 'rb'))).hexdigest()

for fname in os.listdir('.'):
    name, ext = os.path.splitext(fname)
    hash = hash_file(fname)
    dst = hash + ext
    print(fname + " --> " + dst)
    os.rename(fname, dst)

2 个答案:

答案 0 :(得分:1)

在服务提供商访问期间,如果要根据用户身份向身份服务器验证用户身份,则可以使用XACML策略" authn_role_based_policy"。如果您使用此XACML策略,则只有具有特定角色的用户才会被允许进入身份验证流程,而其他用户将被拒绝。你可以参考writing XACML policy documentation

答案 1 :(得分:1)

As you want to get the user's role in the saml assertion, what you need to do is add role claim (http://wso2.org/claims/role) to the requested claims list in service provider configuration as described here.

If you need to control the access from Identity Server side, follow the instructions provided by @Nilasini above. More information is available in here. Basically what you need to do is enable "Enable Authorization" in the service provider configuration and create a relevant XACML policy.

I'm not a expert of Spring SAML. So I'm not going to comment anything about how to control the access from Spring SAML using the user's roles, if that is what you want.

相关问题
最新问题