The Entitlement Mediator intercepts requests and evaluates the actions performed by a user against an eXtensible Access Control Markup Language (XACML) policy. WSO2 Identity Server can be used as the XACML Policy Decision Point (PDP) where the policy is set, and WSO2 ESB EI serves as the XACML Policy Enforcement Point (PEP) where the policy is enforced.
...
Table of Contents | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Syntax
...
Parameter Name | Description | ||
---|---|---|---|
Entitlement Server | Server URL of the WSO2 Identity Server that acts as the PDP (e.g., https://localhost:9443/services ). | ||
User Name | This user should have permissions to log in and manage configurations in the WSO2 Identity Server. | ||
Password | The password of the username entered in the User Name parameter. | ||
Entitlement Callback Handler | The handler that should be used to get the subject (user name) for the XACML request.
| ||
Entitlement Service Client | The method of communication to use between the PEP and the PDP. For SOAP, choose whether to use Basic Authentication (available with WSO2 Identify Server 4.0.0 and later) OR the AuthenticationAdmin service, which authenticates with the Entitlement service in Identity Server 3.2.3 and earlier. Thrift uses its own authentication service over TCP. WS-XACML uses Basic Authentication.
| ||
Thrift Host | The host used to establish a Thrift connection with the Entitlement service when the Entitlement Service Client is set to Thrift. | ||
Thrift Port | The port used to establish a Thrift connection with the Entitlement service when the Entitlement Service Client is set to Thrift. The default port is 10500. |
...