Runtime security services external authorization service
The runtime security services external authorization service (EAS) provides the policy enforcement point function for context-based access.
You can configure the runtime security services EAS to include context-based access decisions as part of the standard authorization on WebSEAL requests. WebSEAL becomes the authorization enforcement point for access to resources that context-based access protects.
The runtime security services EAS constructs a request that it
sends to the policy decision point (PDP). Based on the policy decision
that is received from the PDP, the EAS takes one of the actions listed
in the following table.
| Action | Description |
|---|---|
| Permit | Grants access to the protected resource. |
| Deny | Denies access to the protected resource. |
| Permit with Authentication | Grants access to the protected resource, after a specific authentication action successfully takes place. |
| Permit with Obligation | Grants access to the protected resource, after the user successfully authenticates with a secondary challenge. |
| Deny with Obligation | Denies access to the protected resource, after the user unsuccessfully responds to a secondary challenge. |
The following steps set up the initial integration with Advanced Access Control:
- Configure runtime security services for client certificate authentication.
- Run the isamcfg tool to automatically update the WebSEAL configuration file and to complete other configuration setup.
- (Optional) Update the WebSEAL configuration file to:
For information about WebSEAL, see Web Reverse Proxy configuration.