Authorization

The Authorization policy enforces that only an authorized user can invoke the request. It is used in conjunction with the SAML policies as defined in Authentication via UsernameToken or SAMLToken. It asserts that a SAML Token must be present in the request, where the SAML token contains role attributes. The receiver validates the SAML token, and then uses the roles to create an XACML request to the PDP to authorize the user.

Talend ESB provides two template policies, depending on if you are also using Signature/Encryption. They are available here in the Talend ESB product:

• /add-ons/registry/policies/wspolicy_authn_authz.policy (Authorization only)

• /add-ons/registry/policies/wspolicy_authn_authz_crypto.policy (Authorization with Signature/Encryption)

<tpa:Authorization xmlns:tpa="http://types.talend.com/policy/assertion/1.0" type="XACML" />

These custom policies are also applied by default to your Talend ESB Container via the following policy files:

etc/org.talend.esb.job.saml.authz.policy

etc/org.talend.esb.job.saml.authz.crypto.policy

So if you select the Authorization option for your Service in Talend Studio, when you deploy it on your container, this policy will be pick up automatically.