Authorization - 8.0

Talend ESB Infrastructure Services Configuration Guide

Version
8.0
Language
English
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade
Last publication date
2024-03-13

The Authorization policy enforces that only an authorized user can invoke the request. It is used in conjunction with the SAML policies as defined in Authentication via UsernameToken or SAMLToken. It asserts that a SAML Token must be present in the request, where the SAML token contains role attributes. The receiver validates the SAML token, and then uses the roles to create an XACML request to the PDP to authorize the user.

Talend ESB provides two template policies, depending on if you are also using Signature/Encryption. They are available here in the Talend ESB product:

  • /add-ons/registry/policies/wspolicy_authn_authz.policy (Authorization only)

  • /add-ons/registry/policies/wspolicy_authn_authz_crypto.policy (Authorization with Signature/Encryption)

<tpa:Authorization xmlns:tpa="http://types.talend.com/policy/assertion/1.0" type="XACML" />

These custom policies are also applied by default to your Talend ESB Container via the following policy files:

etc/org.talend.esb.job.saml.authz.policy

etc/org.talend.esb.job.saml.authz.crypto.policy

So if you select the Authorization option for your Service in Talend Studio, when you deploy it on your container, this policy will be pick up automatically.