Risk-Based Access External Authorization Service plug-in
The Risk-Based Access (RBA) External Authorization Service (EAS) component provides a runtime XACML EAS plug-in for WebSEAL to enforce a policy decision. WebSEAL becomes the authorization enforcement point to access resources protected by RBA.
The EAS collects context information about the user and the request, creates an XACML over SOAP decision request, and sends the information to the server.
Manage the EAS with entries in the webseald.conf file.
For information about the risk-based EAS, see the Configuring topics in the IBM Knowledge Center. Search for Runtime security services external authorization service for details.
For assistance in troubleshooting RBA EAS issues, we can enable tracing, then review the logs for information about any issue that might be occurring.
Enable External Authorization Service tracing on WebSEAL
To enable tracing and logging for the XACML EAS plug-in, issue the following pdadmin command:pdadmin > server task WebSEAL_server_name trace set xacml_eas_comp_name 9 filepath=path_to_log_filewhere:
- webseal_server_name
- Is the name of the WebSEAL server.
- xacml_eas_comp_name
- Is the name of the XACML EAS component.
- path_to_log_file
- Is the directory where we want to store the trace log file.
For example:
pdadmin > server task default-webseald-localhost trace set pdweb.xacml 9 file path=/tmp/xacml.logTracing is disabled when you restart WebSEAL.Parent topic: Troubleshoot