Authorization decision data

To correctly construct the RST, the EAS requires various information from the request itself. WebSEAL must be configured to provide this information to the EAS.

The majority of the required data is provided on every authorization request by specifying these HTTP request elements in the [azn-decision-info] stanza. See Authorization decision information from HTTP requests. In certain situations, the POST data is also required. For efficiency, the EAS plug-in does not provide the POST data on every authorization decision request. Instead, the plug-in uses the existing dynamic access decision information within WebSEAL to optionally request the POST data when required. WebSEAL recognizes the request for POST data based on the resource-manager-provided-adi configuration entry in the [aznapi-configuration] stanza.

It is vital that this configuration stanza is correct so the data is passed to the EAS. The following configuration entries are required in order for the EAS to function correctly:

[azn-decision-info]

#
# The following information will be provided to the authorization
# framework for every authorization request.  This information
# is required by the OAuth EAS when validating an OAuth token.
#

HTTP_REQUEST_METHOD        = method
HTTP_REQUEST_SCHEME        = scheme
HTTP_REQUEST_URI           = uri
HTTP_HOST_HDR              = header:host
HTTP_CONTENT_TYPE_HDR      = header:content-type
HTTP_TRANSFER_ENCODING_HDR = header:transfer-encoding
HTTP_AZN_HDR               = header:authorization

[aznapi-configuration]

resource-manager-provided-adi = AMWS_pb_

Parent topic: Configure WebSEAL to include OAuth decisions