Sunday, January 15, 2017

WSO2 IS : How to do Conditional Authentication using Entitlement Policies?

WSO2 Identity Server 3.0 has a brand new feature that allows users to be authenticated based on a set of XACML policies.

Use case - Allow only users with customer-care role to login to Cloud Based Microsoft Dynamic server.

1 - Configure logging into Microsoft Dynamic server using SSO by following this link.

2 -  Make sure you have set the "Enable Authorization" tick in Service Provider > Local & Outbound Authentication Configuration.

3- Then Go to Entilement > Policy Administration in the left hand menu



4 - Select the authn_role_based_policy_template. Edit it to have the Service Provider name as "CRM" (or the name you have given to the Microsoft Dynamic Server.  Change the the role name as "customer-care" and publish it to My PDP.

That is it!