This repository has been archived by the owner on Dec 5, 2023. It is now read-only.
generated from EOEPCA/um-service-template
-
Notifications
You must be signed in to change notification settings - Fork 2
Access Enforcement
Alvaro Villanueva edited this page Nov 5, 2021
·
10 revisions
- ⏬ Getting Started
- ⏬ Deploy and Configure the PEP
- ⏬ Chart Configuration
- ⏬ Platform Resource Management
- ⏬ Integration Guide
▶️ Access Enforcement (this page)- ⏬ Swagger API
When launched in "FULL" mode, the PEP will answer to all requests that start with the configured path. These answers will come in the form of UMA tickets (if there are no RPT provided, or an invalid one is used).
In case the request is accompained by an "Authorization: Bearer <valid_RPT>", the PEP will make a request to the resource server, for the resource located exactly at the path requested (removing the proxy prefix), and return the resource's server answer.
Examples, given the example values of:
- Proxy port configured: 5566
- PEP is at pep.domain.com
- Resource server is at remote.server.com
Token | Request to PEP | PEP Action | PEP answer |
---|---|---|---|
No RPT | pep.domain.com | None (request does not get to PEP endpoint) | None (the PEP doesn't serve this request) |
No RPT | pep.domain.com:5566/proxy/thing | Generate ticket for "/thing" | 401 + ticket |
Valid RPT for "/thing" | pep.domain.com:5566/proxy/thing | Request to remote.server.com/thing | Contents of remote.server.com/thing |
Valid RPT for "/thing" | pep.domain.com:5566/proxy/different | Generate ticket for "/different" | 401 + ticket |
INVALID RPT for "/thing" | pep.domain.com:5566/proxy/thing | Generate ticket for "/thing" | 401 + ticket |
No RPT | pep.domain.com:5566/proxy/thing/with/large/path | Generate ticket for "/thing/with/large/path" | 401 + ticket |
Valid RPT for "/thing/with/large/path" | pep.domain.com:5566/proxy/thing/with/large/path | Request to remote.server.com/thing/with/large/path | Contents of remote.server.com/thing/with/large/path |