Topic
1 reply Latest Post - ‏2013-04-06T17:58:04Z by shiufun
SystemAdmin
SystemAdmin
6772 Posts
ACCEPTED ANSWER

Pinned topic LDAP + XACML combination in AAA policy

‏2013-04-05T19:43:59Z |
Hi,
We have implemented an AAA policy in our web service proxy with the following details:

Authentication method: LDAP
Authorization method: XACML Authorization Decision

Doing our unit testing, we checked with a valid LDAP user having an incorrect password, and despite of we have the related ldap error, the AAA policy continues with its execution and checks the authorization step, which runs fine because the user is valid for the XACML policy.

Is this a correct behavior for the AAA policy execution?

Thanks in advance
Javier
Updated on 2013-04-06T17:58:04Z at 2013-04-06T17:58:04Z by shiufun
  • shiufun
    shiufun
    55 Posts
    ACCEPTED ANSWER

    Re: LDAP + XACML combination in AAA policy

    ‏2013-04-06T17:58:04Z  in response to SystemAdmin
    If you want to prevent unauthenticated user to go thru your xacml process. At the very beginning of your stylesheet, check for <mapped-credentials> and look for au-success attribute. And reject the request at at time.

    An example of how to deal with this is in store:///*xacml*.xsl

    Regards.