Integrate PDP with OED as external authorization source #474
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#343 - Added new OedAuthzClient for integration with the oed-authz API - Added new dependency to Altinn.ApiClients.Maskinporten v9.0.0 - Added new OedAuthzMaskinportenClientDefinition and Configuration - Added new OedRoleAssignmentWrapper service - Added new SBL bridge API client and service for getting SSN from UserId and PartyId Other relevant changes: - ContextHandler will now retrieve and evaluate policy for the App or Resource and evaluate the subjects of the rules. If any 'urn:altinn:rolecode' subjects are found Altinn roles will be retrieved. If any 'urn:oed:rolecode' subjects are found OED roles will be retrieved. Additional PR made for studio-ops repo for both new (Maskinporten client config) and changes existing to configuration values (SBL bridge API path)
lovoll
approved these changes
Sep 18, 2023
src/Authorization/Clients/OedAuthzMaskinportenClientDefinition.cs
Outdated
Show resolved
Hide resolved
TheTechArch
reviewed
Sep 19, 2023
TheTechArch
reviewed
Sep 19, 2023
added 2 commits
September 21, 2023 15:29
…e new helper on XacmlPolicy for getting attribute values by category. - Changed some references from OED to Digitalt Dødsbo to match new naming - Renamed "urn:oed:rolecode" attributeId to "urn:digitaltdodsbo:rolecode" - Logic for extracting AttributeIds and Values reimplemented as a generic helper method on the XacmlPolicy object in ABAC project
jonkjetiloye
pushed a commit
that referenced
this pull request
Sep 25, 2023
#474 As part of the integration with OED/DD (Digitalt dødsbo) as a new external role provider, an easy way to analyse and extract all attributeIds and values from a XacmlPolicy is needed. This will be used to evaluate whether or not the policy contains a subject attribute for an OED/DD role code, and since it's populated to the XacmlPolicy object it will be cached along side policy itself. The logic can later be reused by the resource-registry which will need same logic for analysing the policy for building rolecode register and required validation logic when publishing a resource.
5 tasks
jonkjetiloye
added a commit
that referenced
this pull request
Sep 29, 2023
* ABAC XacmlPolicy attribute dictionary helper method #474 As part of the integration with OED/DD (Digitalt dødsbo) as a new external role provider, an easy way to analyse and extract all attributeIds and values from a XacmlPolicy is needed. This will be used to evaluate whether or not the policy contains a subject attribute for an OED/DD role code, and since it's populated to the XacmlPolicy object it will be cached along side policy itself. The logic can later be reused by the resource-registry which will need same logic for analysing the policy for building rolecode register and required validation logic when publishing a resource. * fixed inconsistent Collection -> ICollection datatype usage * simplified complexity of dictionary builder * Increment ABAC package version to 0.0.6 --------- Co-authored-by: Jon Kjetil Øye <[email protected]>
added 4 commits
September 29, 2023 15:16
|
SonarCloud Quality Gate failed.
|
jonkjetiloye
deleted the
feature/343-PDP_OED_NewExternalAuthorizationSource
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Other relevant changes:
Additional PR made for studio-ops repo for both new (Maskinporten client config) and changes existing to configuration values (SBL bridge API path)
Related Issue(s)
Verification
Documentation