doubt about pep proxy #103
Comments
|
A combination of ging/fiware-idm#226 and #132 would form the basis of what you need. Currently the PRs are using an XACML JSON endpoint on the Keyrock PDP to do this, but you could alter the Authzforce code to add in the same new attributes to the Authzforce request. Currently this is added to the JSON payload under the resource category: if (data.payloadAttrs) {
resourceInfo.push(attribute('urn:ngsi-ld:resource:attrs', data.payloadAttrs));
}
if (data.payloadEntityIds) {
resourceInfo.push(attribute('urn:ngsi-ld:resource:ids', data.payloadEntityIds));
}
if (data.payloadIdPatterns) {
resourceInfo.push(attribute('urn:ngsi-ld:resource:id-patterns', data.payloadIdPatterns));
}I assume the equivalent adding in ID checking in the Authzforce PDP request would look something like this (repeat for attrs and patterns) {
AttributeId: 'urn:ngsi-ld:resource:ids',
IncludeInResult: 'false',
AttributeValue: {
DataType: 'http://www.w3.org/2001/XMLSchema#string',
$t: escapeXML(data.payloadEntityIds),
},
},Obviously the XACML Policy would need to be changed as well to support ID checking. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hello, I would like to obtain in wilma the attributes of an entity already defined in orion based on its id. In order to evaluate those attributes in authzforce. Could it be done?
The text was updated successfully, but these errors were encountered: