This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Page Comparison - Writing a Custom Policy Info Point (v.3 vs v.4) - Identity Server 5.0.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. In our sample scenario, the "K-Market attribute store" is a MySQL database. See here for a sample script that is used to create the tables.
  2. Write a PIP module by extending “AbstractPIPAttributeFinder”. Download the “KMarketJDBCAttributeFinder” class here. The following are the methods you need to implement in order to write this module.
    1. init (Properties properties): Here you can write the logic to initialize your module. Any properties that are defined in the <IS_HOME>/repository/conf/security/entitlement.properties file , can be access accessed here.  JNDI The JNDI name of the datasource can be define defined as the property value in the entitlement.properties file . And and is read here. Also, supported attributes are initialized inside this method.
    2. getAttributeValues (String subject, String resource, String action, String environment, String attributeId, URI issuer): Here you can write the logic to find your attribute value. 
      • The subject –> attribute value can be identified by the following attribute value in the request:
        urn:oasis:names:tc:xacml:1.0:subject:subject-id
      • The resource –> attribute value can be identified by the following attribute value in the request:
        urn:oasis:names:tc:xacml:1.0:resource:resource-id
      • The action –> attribute value can be identified by the following attribute value in the request:
        urn:oasis:names:tc:xacml:1.0:action:action-id
      • The environment –> attribute value can be identified by the following attribute value in the request:
        urn:oasis:names:tc:xacml:1.0:environment:environment-id
      • The attributeId –> attribute id value is defined in the policy and must be resolved
      • The issuer –> issuer value is related to the attributeId and must be resolved
    3. getSupportedAttributes(): Here you can write the logic to find all the attribute ids IDs supported by your module.
    4. getModuleName(): The name of the module.
  3. Create a .jar file from your class. You To do this, you can build the project using maven 3 and create the .jar file.
  4. Copy the created org.xacmlinfo.xacml.pip.jdbc-1.0.0.jar to the <IS_HOME>/repository/components/lib directory.
  5. Copy any dependency libraries for the PIP module to <IS_HOME>/repository/components/lib directory. This includes the JDBC driver .jar file that helps to create the JDBC connection (e.g., mysql-connector-java-5.1.10-bin.jar).
  6. Additionally, you can configure new datasources using master-datasources.xml file found in the <IS_HOME>/repository/conf/datasources directory.

    Info

    This only applies if you are defining datasource configurations using the master-datasources.xml file.

    The following is a sample datasource configuration for this scenario.

    Code Block
    languagexml
    <datasource>
    	<name>KMARKET_USER_DB</name>
    	<description>The datasource used for K-Market user store</description>
    	<jndiConfig>
    		<name>jdbc/KMARKETUSERDB</name>
    	</jndiConfig>
    	<definition type="RDBMS">
    		<configuration>
    			<url>jdbc:mysql://localhost:3306/kmarketdb</url>
    			<username>root</username>
    			<password>asela</password>
    			<driverClassName>com.mysql.jdbc.Driver</driverClassName>
    			<maxActive>50</maxActive>
    			<maxWait>60000</maxWait>
    			<testOnBorrow>true</testOnBorrow>
    			<validationQuery>SELECT 1</validationQuery>
    			<validationInterval>30000</validationInterval>
    		</configuration>
    	</definition>
    </datasource>
  7. Open the entitlement.properties file found in the <IS_HOME>/repository/conf/security directory and register your PIP module. The following is a sample configuration for this scenario.

    Code Block
    PIP.AttributeDesignators.Designator.2=org.xacmlinfo.xacml.pip.jdbc.KMarketJDBCAttributeFinder
    #Define JNDI datasource name as property value
    org.xacmlinfo.xacml.pip.jdbc.KMarketJDBCAttributeFinder.1=DataSourceName,jdbc/KMARKETUSERDB
  8. Restart the server if it has been started already.