...
- To enable the intercepting of services:
- Open the
catalina-server.xml
file found in the<IS_HOME>/repository/conf/tomcat
directory. Uncomment the following valves found under the
<Engine name="Catalina">
tag.Code Block language xml <!-- Authentication and Authorization valve for the rest apis and we can configure context for this in identity.xml --> <!--Valve className="org.wso2.carbon.identity.auth.valve.AuthenticationValve"/> <Valve className = "org.wso2.carbon.identity.authz.valve.AuthorizationValve"/-->
- Open the
To specify the resources that you want to secure:
Open the
identity.xml
file found in the<IS_HOME>/repository/conf/identity
directory.Specify the resource that you want to secure under the
<ResourceAccssControl>
as given below.Parameter Description Sample Value Resource context This defines the resource context relative to the root context, which needs to be secured. /api/identity/*
secured This specifies whether to enable or disable security in the given resource context. true
http-method This defines the method as all
,post
,get
, etc.all
Permissions This defines the user role permission that is required to authorize the resource. You can enter multiple permission strings in a comma-separated list. /permission/admin/login
Example:
Code Block language xml <ResourceAccessControl> <Resource context="/api/identity/*" secured="true" http-method="all"> <Permissions>/permission/admin/login</Permissions> </Resource> </ResourceAccessControl>
To configure intermediate certificate validation, configure the following in the
identity.xml
file as given below.
needsParameter Description Sample Value IntermediateCertificateValidation This defines whether intermediate certificate validation is enabled or not. true
IntermediateCerts This specifies the context paths of the intermediate certificates. localhost
ExemptContext This specifies the context paths that
excemptedneed to be exempted from intermediate certificate validation. It is recommended to add this parameter and leave it empty. This is because authentication might fail for the exempted contexts. However, if you still require context paths to be exempted, you can list the context paths as shown in the below example. Example:
Code Block <IntermediateCertValidation enable="true"> <IntermediateCerts> <CertCN>wso2isintcert</CertCN> <CertCN>localhost</CertCN> </IntermediateCerts> <ExemptContext> <Context>scim2</Context> </ExemptContext> </IntermediateCertValidation>
Info When using intermediate certificate validation,
CN
will be taken as theusername
instead of retrieving from the header.
...