Contents
CA SOA Security Manager can authenticate end-users and authorize them to access protected Web resources. The API Gateway can interact directly with CA SOA Security Manager by asking it to make authorization decisions on behalf of end-users that have successfully authenticated to the API Gateway. CA SOA Security Manager decides whether to authorize the user, and relays the decision back to the API Gateway where the decision is enforced. The API Gateway, therefore, acts as a Policy Enforcement Point (PEP) in this situation, enforcing the authorization decisions made by the CA SOA Security Manager, which acts a Policy Decision Point (PDP).
Important | |
---|---|
A CA SOA Security Manager authentication filter must be invoked before a CA SOA Security Manager authorization filter in a given policy. In other words, the end-user must authenticate to CA SOA Security Manager before they can be authorized for a protected resource. |
Integration with CA SOA Security Manager requires CA TransactionMinder SDK version 6.0 or later. You must add the required third-party binaries to your API Gateway and Policy Studio installations.
API Gateway
To add third-party binaries to the API Gateway, you must perform the following steps:
-
Add the binary files as follows:
-
Add
.jar
files to theinstall-dir/apigateway/ext/lib
directory. -
Add
.dll
files to theinstall-dir\apigateway\Win32\lib
directory. -
Add
.so
files to theinstall-dir/apigateway/platform/lib
directory.
-
-
Restart the API Gateway.
Policy Studio
To add third-party binaries to Policy Studio, you must perform the following steps:
-
Select Windows > Preferences > Runtime Dependencies in the Policy Studio main menu.
-
Click Add to select a JAR file to add to the list of dependencies.
-
Click Apply when finished. A copy of the JAR file is added to the
plugins
directory in your Policy Studio installation. -
Click OK.
-
Restart Policy Studio.
Configure the following fields on the CA SOA Security Manager Authorization filter:
Name:
Enter an appropriate name for the filter.
Attributes:
If the end-user is successfully authorized, the attributes listed here
are looked up in CA SOA Security Manager, and returned to the API Gateway.
These attributes are stored in the attributes.lookup.list
message attribute. They can be retrieved at a later stage to generate a SAML
attribute assertion.
Select the Set attributes for SAML Attribute token checkbox, and click the Add button to specify an attribute to fetch from CA SOA Security Manager.