Skip to content
This repository has been archived by the owner on Dec 5, 2023. It is now read-only.

Access Enforcement

Alvaro Villanueva edited this page Nov 5, 2021 · 10 revisions

When launched in "FULL" mode, the PEP will answer to all requests that start with the configured path. These answers will come in the form of UMA tickets (if there are no RPT provided, or an invalid one is used).

In case the request is accompained by an "Authorization: Bearer <valid_RPT>", the PEP will make a request to the resource server, for the resource located exactly at the path requested (removing the proxy prefix), and return the resource's server answer.

Examples, given the example values of:

  • Proxy port configured: 5566
  • PEP is at pep.domain.com
  • Resource server is at remote.server.com
Token Request to PEP PEP Action PEP answer
No RPT pep.domain.com None (request does not get to PEP endpoint) None (the PEP doesn't serve this request)
No RPT pep.domain.com:5566/proxy/thing Generate ticket for "/thing" 401 + ticket
Valid RPT for "/thing" pep.domain.com:5566/proxy/thing Request to remote.server.com/thing Contents of remote.server.com/thing
Valid RPT for "/thing" pep.domain.com:5566/proxy/different Generate ticket for "/different" 401 + ticket
INVALID RPT for "/thing" pep.domain.com:5566/proxy/thing Generate ticket for "/thing" 401 + ticket
No RPT pep.domain.com:5566/proxy/thing/with/large/path Generate ticket for "/thing/with/large/path" 401 + ticket
Valid RPT for "/thing/with/large/path" pep.domain.com:5566/proxy/thing/with/large/path Request to remote.server.com/thing/with/large/path Contents of remote.server.com/thing/with/large/path
Clone this wiki locally