Authentication- The term is related to prove client identity of any form at Datapower end. Client provides its identity in some form it could be CN name, credential in http header, credential in ws security header etc. At datapower end, this identity is extracted by selecting appropriate option available in AAA policy. It is called Identity extraction. Datapower validates client identity on the basis of validation method it could be based upon trust store or AAA file based authentication.
|Published (Last):||21 January 2008|
|PDF File Size:||5.69 Mb|
|ePub File Size:||2.11 Mb|
|Price:||Free* [*Free Regsitration Required]|
AAA policy in DataPower AAA policies An AAA authentication, authorization, audit policy identifies a set of resources and procedures that determine whether a requesting client is granted access to a specific service, file, or document. AAA policies can be considered a type of filter, for they accept or deny a specific client request.
AAA policies are powerful and flexible. They support a range of authentication and authorization mechanisms. Click Add Wizard. The Wizard launches. Click Next. Choose the Host Alias for the client-facing port on your device. Specify the port number as Click Create.
Note the extensive choices for extracting identity. Here you are telling DataPower to authenticate the username and password extracted from the WS-Security header against an XML file that is resident on the device. Note the extensive choices for authenticating users. On the next page of the wizard, configure the policy to extract the resource from Local Name of Request element.
Since we have now authenticated the user, we need to see what resource they are asking for access to. On the next page, configure the AAA Policy to authorize any authenticated client the default. Now that we know who the client is and what they are after, we need to tell DataPower how to do the authorization step to check to see if this is OK.
Here we are using loose authorization any authenticated client. Note the extensive options here for authz. We will do no post processing for this lab, so leave the page unchanged and click Commit. Click Done to the Firewall Wizard. The Confirmation Page appears. Click Commit. Click Done. The Control Panel appears. Save your configuration. Submit a well-formed request.
IBM Community Home
Choose oauth-scope-metadata for "Processing Metadata Items. This can be done in the MR phase with a custom stylesheet. Use any method to extract the resource. MR Select any addition verification that is needed for the scope. Usually this is None. Optional Verify scope from the access token against output from the ER phase.
AAA policies An AAA authentication, authorization, audit policy identifies a set of resources and procedures that determine whether a requesting client is granted access to a specific service, file, or document. AAA policies are similar to filters that accept or deny a specific client request. AAA policies are powerful and flexible. They support a range of authentication and authorization mechanisms.
Form login policies and the role of AAA