From e5855bb3248a3e8eca49649934585b3103163ea8 Mon Sep 17 00:00:00 2001 From: adibmbrk Date: Sun, 19 Jan 2025 01:02:41 +0530 Subject: [PATCH 1/2] Remove XACML related docs --- .../docs/apis/entitlement-with-rest-apis.md | 1247 ----------------- .../attribute-based-access-control.md | 1 - .../rule-based-provisioning.md | 1 - 3 files changed, 1249 deletions(-) delete mode 100644 en/identity-server/next/docs/apis/entitlement-with-rest-apis.md delete mode 100644 en/identity-server/next/docs/guides/authorization/api-authorization/attribute-based-access-control.md delete mode 100644 en/identity-server/next/docs/guides/authorization/fine-grained-authorization/rule-based-provisioning.md diff --git a/en/identity-server/next/docs/apis/entitlement-with-rest-apis.md b/en/identity-server/next/docs/apis/entitlement-with-rest-apis.md deleted file mode 100644 index 6b84464da7..0000000000 --- a/en/identity-server/next/docs/apis/entitlement-with-rest-apis.md +++ /dev/null @@ -1,1247 +0,0 @@ -# Entitlement with REST APIs - -Entitlement management is the process that grants, resolves, enforces, -revokes and administers fine-grained access privileges. - -The WSO2 Identity Server supports REST APIs for entitlement management via the -`https://{IS_IP}:{IS_PORT}/api/identity/entitlement/decision/` endpoint. - -If your WSO2 Identity Server is running on localhost (127.0.0.1) and on the default port, the entitlement endpoint is: - ``` java - https://localhost:9443/api/identity/entitlement/decision/ - ``` - -!!! note - The REST APIs are secured with basic authentication. Follow - the steps below to add a basic auth header when calling these methods. - - 1. Build a string of the form **username:password** and encode it using **Base64**. - 2. Define an authorization header with the term `Basic`, followed by the encoded - string. - For example, the basic authorization header for `admin` user with password `admin` is: - - ``` java - Authorization: Basic YWRtaW46YWRtaW4= - ``` - ---- - -#### Get API resource list - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DescriptionGet the API resource list according to XACML 3.0 specification.
Resource Path/home
HTTP MethodGET
Request/Response Formatapplication/json -

application/xml

AuthenticationBasic
Usernameadmin
Passwordadmin
Parameters
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameLocated InDescriptionRequiredSchema
AcceptheaderRequest Media TypeYesstring
Auth_TypeheaderAuthentication TypeYesstring
AuthorizationheaderAdd HTTP Basic AuthorizationYesstring
Content-typeheaderResponse Media TypeYesstring
-
Response
- ----- - - - - - - - - - - - - - - - - - - - - - - - - -
CodeDescriptionSchema
200XACML JSON/XML Response
-
40010Error in response
ExceptionBean {
-    code:integer
-    message:string
-}
40020Request parse exception
ExceptionBean {
-    code:integer
-    message:string
-}
-
-


-

-


-

- -A sample request and response is as follows: - - ---- - - - - - - - - - - -
Sample request
-
-
-GET Request: cURL -
-
- -
-
-
Sample Response
-
-
-Sample response: JSON -
-
- -
-
-
- ---- - -#### Evaluate XACML request - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DescriptionGet a response by evaluating the JSON/XML XACML request.
Resource Path/pdp
HTTP MethodPOST
Request/Response Format

application/json

-

application/xml

AuthenticationBasic
Usernameadmin
Passwordadmin
Parameters
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameLocated InDescriptionRequiredSchema
AcceptheaderRequest Media TypeYesstring
Auth_TypeheaderAuthentication TypeYesstring
AuthorizationheaderAdd HTTP Basic AuthorizationYesstring
Content-typeheaderResponse Media TypeYesstring
bodybodyXACML JSON/XML RequestYesstring
-
Response
- ----- - - - - - - - - - - - - - - - - - - - - - - - - -
CodeDescriptionSchema
200XACML JSON/XML Response
-
40010Error in response
ExceptionBean {
-    code:integer
-    message:string
-}
40020Request parse exception
ExceptionBean {
-    code:integer
-    message:string
-}
-
-


-

-


-

- -A sample request and response is as follows: - - ---- - - - - - - - - - - - - - - -
XACML Policy Evaluated
-
-
-XACML Policy -
-
- -
-
-
Sample Request
-
-
-Request: JSON -
-
- -
-
-
Sample Response
-
-
-Response: JSON -
-
- -
-
-
- ---- - -#### Evaluate XACML request by attributes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DescriptionGet a response by evaluating attributes.
Resource Path/by-attrib
HTTP MethodPOST
Request/Response Formatapplication/json -

application/xml

AuthenticationBasic
Usernameadmin
Passwordadmin
Parameters
- ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameLocated InDescriptionRequiredSchema
AcceptheaderRequest Media TypeYesstring
Auth_TypeheaderAuthentication TypeYesstring
AuthorizationheaderAdd HTTP Basic AuthorizationYesstring
Content-typeheaderResponse Media TypeYesstring
bodybodyDecision Request ModelYes
DecisionRequestModel {
- 
-    subject:string
-    action:string
-    resource:string
-    environment:[
-            string
-    ]
-}
-
Response
- ----- - - - - - - - - - - - - - - - - - - - - - - - - -
CodeDescriptionSchema
200Method call success HomeResponseModel { }
40010Error in response
ExceptionBean {
-    code:integer
-    message:string
-}
40020Request parse exception
ExceptionBean {
-    code:integer
-    message:string
-}
-
- -A sample request and response are as follows, - - ---- - - - - - - - - - - -
A sample request
-
-
-Request: cURL -
-
- -
-
-
A sample response
-
-
-Response: JSON -
-
- -
-
-
- ---- - -#### Evaluate XACML request by attributes and receive boolean response - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DescriptionGet a boolean response by evaluating attributes.
Resource Path/by-attrib-boolean
HTTP MethodPOST
Request/Response Format

application/json

-

application/xml

AuthenticationBasic
Usernameadmin
Passwordadmin
Parameters
- ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameLocated InDescriptionRequiredSchema
AcceptheaderRequest Media TypeYesstring
Auth_TypeheaderAuthentication TypeYesstring
AuthorizationheaderAdd HTTP Basic AuthorizationYesstring
Content-typeheaderResponse Media TypeYesstring
bodybodyDecision Request ModelYes
DecisionRequestModel {
- 
-    subject:string
-    action:string
-    resource:string
-    environment:[
-            string
-    ]
-}
-
Response
- ----- - - - - - - - - - - - - - - - - - - - - - - - - -
CodeDescriptionSchema
200XACML JSON/XML Response
-
40010Error in response
ExceptionBean {
-    code:integer
-    message:string
-}
40020Request parse exception
ExceptionBean {
-    code:integer
-    message:string
-}
-
- -A sample request and response are as follows, - - ---- - - - - - - - - - - -
A sample request
-
-
-Request: cURL -
-
- -
-
-
A sample response
-
-
-Response: Boolean -
-
- -
-
-
- ---- - -#### Get entitled attributes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DescriptionGet entitled attributes for a given set of parameters.
Resource Path/entitled-attribs
HTTP MethodPOST
Request/Response Format

application/json

-

application/xml

AuthenticationBasic
Usernameadmin
Passwordadmin
Parameters
- ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameLocated InDescriptionRequiredSchema
AcceptheaderRequest Media TypeYesstring
Auth_TypeheaderAuthentication TypeYesstring
AuthorizationheaderAdd HTTP Basic AuthorizationYesstring
Content-typeheaderResponse Media TypeYesstring
bodybodyDecision Request ModelYes
EntitledAttributesRequestModel {
-    subjectName:string
-    resourceName:string
-    subjectId:string
-    action:string
-    enableChildSearch:boolean
-}
-
Response
- ----- - - - - - - - - - - - - - - - - - - - - - - - - -
CodeDescriptionSchema
200Entitled attributes response
EntitledAttributesResponseModel {
-    entitledResultSetDTO:EntitledResultSetDTO {
-        entitledAttributesDTOs:[
-            EntitledAttributesDTO {
-                resourceName:string
-                action:string
-                environment:string
-                allActions:boolean
-                allResources:boolean
-                attributeDTOs:[
-                    AttributeDTO {
-                        attributeValue:string
-                        attributeDataType:string
-                        attributeId:string
-                        category:string
-                    }
-                ]
-            }
-        ]
-        advanceResult:boolean
-        message:string
-        messageType:string
-    }
-}
40010Error in response
ExceptionBean {
-    code:integer
-    message:string
-}
40020Request parse exception
ExceptionBean {
-    code:integer
-    message:string
-}
-
- -A sample request and response are as follows, - - ---- - - - - - - - - - - -
A sample request
-
-
-Request: cURL -
-
- -
-
-
A sample response
-
-
-Response: JSON -
-
- -
-
-
- ---- - -#### Get all entitlements - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DescriptionGet all entitlements for a given set of parameters
Resource Path/entitlements-all
HTTP MethodPOST
Request/Response Format

application/json

-

application/xml

AuthenticationBasic
Usernameadmin
Passwordadmin
Parameters
- ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameLocated InDescriptionRequiredSchema
AcceptheaderRequest Media TypeYesstring
Auth_TypeheaderAuthentication TypeYesstring
AuthorizationheaderAdd HTTP Basic AuthorizationYesstring
Content-typeheaderResponse Media TypeYesstring
bodybodyAll Entitlements ModelYes
AllEntitlementsRequestModel {
-    identifier:string
-    givenAttributes:[
-        AttributeDTO {
-            attributeValue:string
-            attributeDataType:string
-            attributeId:string
-            category:string
-        }
-    ]
-}
-
Response
- ----- - - - - - - - - - - - - - - - - - - - - - - - - -
CodeDescriptionSchema
200All entitlements response
AllEntitlementsResponseModel {
-    entitledResultSetDTO:EntitledResultSetDTO {
-        entitledAttributesDTOs:[
-            EntitledAttributesDTO {
-                resourceName:string
-                action:string
-                environment:string
-                allActions:boolean
-                allResources:boolean
-                attributeDTOs:[
-                    AttributeDTO {
-                        attributeValue:string
-                        attributeDataType:string
-                        attributeId:string
-                        category:string
-                    }
-                ]
-            }
-        ]
-        advanceResult:boolean
-        message:string
-        messageType:string
-    }
-}
40010Error in response
ExceptionBean {
-    code:integer
-    message:string
-}
40020Request parse exception
ExceptionBean {
-    code:integer
-    message:string
-}
-
diff --git a/en/identity-server/next/docs/guides/authorization/api-authorization/attribute-based-access-control.md b/en/identity-server/next/docs/guides/authorization/api-authorization/attribute-based-access-control.md deleted file mode 100644 index c1a7f5150b..0000000000 --- a/en/identity-server/next/docs/guides/authorization/api-authorization/attribute-based-access-control.md +++ /dev/null @@ -1 +0,0 @@ -{% include "../../../../../../includes/guides/authorization/attribute-based-access-control.md" %} \ No newline at end of file diff --git a/en/identity-server/next/docs/guides/authorization/fine-grained-authorization/rule-based-provisioning.md b/en/identity-server/next/docs/guides/authorization/fine-grained-authorization/rule-based-provisioning.md deleted file mode 100644 index 7fcb3ce079..0000000000 --- a/en/identity-server/next/docs/guides/authorization/fine-grained-authorization/rule-based-provisioning.md +++ /dev/null @@ -1 +0,0 @@ -{% include "../../../../../../includes/guides/authorization/fine-grained-authorization/rule-based-provisioning.md" %} \ No newline at end of file From 26f12a48767421f631d69171f088b762cc7048f8 Mon Sep 17 00:00:00 2001 From: adibmbrk Date: Mon, 20 Jan 2025 11:06:14 +0530 Subject: [PATCH 2/2] Remove routing decleration --- en/identity-server/next/mkdocs.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/en/identity-server/next/mkdocs.yml b/en/identity-server/next/mkdocs.yml index 642f3fe54f..eace89cae4 100644 --- a/en/identity-server/next/mkdocs.yml +++ b/en/identity-server/next/mkdocs.yml @@ -484,9 +484,6 @@ nav: - Authorization: guides/authorization/index.md - API authorization: - Role-based access control: guides/authorization/api-authorization/api-authorization.md - - Attribute-based access control: guides/authorization/api-authorization/attribute-based-access-control.md - - Fine-grained authorization: - - XACML in provisioning flows: guides/authorization/fine-grained-authorization/rule-based-provisioning.md - User Impersonation: guides/authorization/user-impersonation.md - Identity Verification: - Identity Verification: guides/identity-verification/index.md @@ -782,7 +779,6 @@ nav: - Authenticators API: apis/authenticators-rest-api.md - Branding Preferences API: apis/branding-preference-rest-api.md - Claim management API: apis/claim-management-rest-api.md - - Entitlement management API: apis/entitlement-with-rest-apis.md - Extension management API: apis/extension-mgt-rest-api.md - Identity provider API: apis/idp.md - Identity verification provider API: apis/identity-verification-providers.md