Four Stars

How?? TAC - Authorization for Rest Web Service (Individual Ressource)

Hi,
I would like to know "how i can used Authorization module in TAC on my Rest WebService?".
I created a WebService Rest and I deployed. It's run fine.
However, I would like to used Authorization module on this Rest WebService in order to define user/password for my WebService.
I tried with two ways:
1 - I declared my WebService Rest as Individual Ressource with Matching EQUAL. For my Ressource, I put complete url of my Web Service. I affected this ressource for a user defined in Syncope.
However, I can always call my WebService without authentification.
2 - I declared my WebService Rest as Individual Ressource with matching REGEX.
However, the result is the same that the operation 1. I called my WebService without authentification.
When I implement individual ressource in Authorzation module in TAC, is it necessary to re-deploy my WebService? or not?
When I used Authorization module in TAC, What is the type of authentification used? Basic, Digest, OAuth1.0, OAuth2.0?
Thank you
5 REPLIES
Employee

Re: How?? TAC - Authorization for Rest Web Service (Individual Ressource)

Hi,
Talend ESB WebService authorization is based on XACML policy which can be generated from TAC UI like what you already did, and SAML token authentication should be used together with authorization. so you have to start STS service, PDP service in the Runtime container before you deploy your WS. (tesb:start-sts,  tesb:start-authz-pdp), be default STS service is also using the user/passwd which defined in the Syncope to do the validation.
Regards.
Four Stars

Re: How?? TAC - Authorization for Rest Web Service (Individual Ressource)

Hi,
Thank you for your answer.
I already activated PDP and STS service in Kraf Runtime (Before to deployed my Job).
However, I don't activated "Authentification" on my tRestRequest in my Job.

So, if I had understand, I have to:
1] - Activated my PDP & STS service in Karaf Runtime.
2] - In my Job, I activate "Authentification" SAML or Basic Http ?
3] - I deploy my Job in Karaf Runtime
4] - After, I can defined a policy in TAC UI in Authorization Module.
Could you confirm me these steps?
Thank you
Anthony
Employee

Re: How?? TAC - Authorization for Rest Web Service (Individual Ressource)

Hi,
The step 4 should be done at the beginning, at least before step 3.
In step 2, you should select SAML authentication, and authorization.
Regards.
Four Stars

Re: How?? TAC - Authorization for Rest Web Service (Individual Ressource)

Hi,
If I use SAML TOKEN, I have to "install" token authentification or not?
Because I deployed a new Job and I activated SAML TOKEN with authorization.
When I called my Job with my User/Password, I got an error message 401 Unauthorized.
So I check my User and Password are valid.
Do you have necessary to call my WebService with specific parameter or header parameter in order to defined SAML authentification? User and Password only are not enough.
Do you know the specific parameter with SAML TOKEN?
Thank you
Employee

Re: How?? TAC - Authorization for Rest Web Service (Individual Ressource)

Hi,
So now your Rest WS with SAML + authorization is activated. For invoke it from client side, there are several ways:
1) using tRESTClient component + SAML authen, input user/passwd.
2) configure STSClient using java code or spring/bluepring, please reference examples/talend/authorization/syncope-esb-xacml-rest
3) invoke Rest WS from SoapUI, with provided SAML token as header
Regards.