Authorization - 7.1

Talend ESB Infrastructure Services Configuration Guide

EnrichVersion
7.1
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
EnrichPlatform
Talend ESB
Talend Runtime
task
Design and Development
Installation and Upgrade

The Authorization policy enforces that only an authorized user can invoke the request. It is used in conjunction with the SAML policies as defined in Authentication. It asserts that a SAML Token must be present in the request, where the SAML token contains role attributes. The receiver validates the SAML token, and then uses the roles to create an XACML request to the PDP to authorize the user.

Talend ESB provides two template policies, depending on if you are also using Signature/Encryption. They are available here in the Talend ESB product:

  • /add-ons/registry/policies/wspolicy_authn_authz.policy (Authorization only)

  • /add-ons/registry/policies/wspolicy_authn_authz_crypto.policy (Authorization with Signature/Encryption)

<tpa:Authorization xmlns:tpa="http://types.talend.com/policy/assertion/1.0" type="XACML" />

These custom policies are also applied by default to your Talend ESB Container via the following policy files:

etc/org.talend.esb.job.saml.authz.policy

etc/org.talend.esb.job.saml.authz.crypto.policy

So if you select the Authorization option for your Service in the Studio, when you deploy it on your container, this policy will be pick up automatically.