This repository has been archived by the owner on Dec 5, 2023. It is now read-only.
generated from EOEPCA/um-service-template
-
Notifications
You must be signed in to change notification settings - Fork 2
Access Enforcement
TiagoMF20 edited this page Mar 8, 2021
·
10 revisions
- ⏬ Getting Started
- ⏬ Deploy and Configure the PEP
- ⏬ Platform Resource Management
- ⏬ Integration Guide
▶️ Access Enforcement
When launched, the PEP will answer to all requests that start with the configured path. These answers will come in the form of UMA tickets (if there are no RPT provided, or an invalid one is used).
In case the request is accompained by an "Authorization: Bearer <valid_RPT>", the PEP will make a request to the resource server, for the resource located exactly at the path requested (removing the proxy prefix), and return the resource's server answer.
Examples, given the example values of:
- Proxy port configured: 5566
- PEP is at pep.domain.com
- Resource server is at remote.server.com
Token | Request to PEP | PEP Action | PEP answer |
---|---|---|---|
No RPT | pep.domain.com | None (request does not get to PEP endpoint) | None (the PEP doesn't serve this request) |
No RPT | pep.domain.com:5566/proxy/thing | Generate ticket for "/thing" | 401 + ticket |
Valid RPT for "/thing" | pep.domain.com:5566/proxy/thing | Request to remote.server.com/thing | Contents of remote.server.com/thing |
Valid RPT for "/thing" | pep.domain.com:5566/proxy/different | Generate ticket for "/different" | 401 + ticket |
INVALID RPT for "/thing" | pep.domain.com:5566/proxy/thing | Generate ticket for "/thing" | 401 + ticket |
No RPT | pep.domain.com:5566/proxy/thing/with/large/path | Generate ticket for "/thing/with/large/path" | 401 + ticket |
Valid RPT for "/thing/with/large/path" | pep.domain.com:5566/proxy/thing/with/large/path | Request to remote.server.com/thing/with/large/path | Contents of remote.server.com/thing/with/large/path |