UMA to delegate authorization decision taking to Gluu

By: MM MM user 25 Feb 2019 at 11:51 a.m. CST

1 Response
MM MM gravatar
Hey everyone, I am trying to configure a server so that two roles (A and B) have access to different third party services. The default access should be A. To join B we need to validate a string against REGEX. I wondered: 1. whether it was possible to automatically add users to B if they fill a custom attribute validated by REGEX. 2. If we could use UMA to delegate the authorisation. 3. What the best practice was in prompting users to fill in the custom attribute ( can we embed a little form field in the landing page?) Many thanks and apologies if these are silly questions. Best, M
Ubuntu 16.04
closed

Answers

By Michael Schwartz Account Admin 01 Mar 2019 at 8:37 p.m. CST

Copy
Michael Schwartz gravatar
UMA might be overkill for this use case. Can you just make your application smarter? It can check for the claim and present the form (use the SCIM API to update the user entry in the Gluu Server). You could also proxy the application with Apache ir nginx and use the "require claim" syntax of mod_auth_openidc from Zmartzone. If you use UMA for this, you will need to make the application an UMA client (i.e. understand UMA tokens, and how to obtain them). Then you could use the consent gathering flow if the RPT policy fails. So you could definitely use UMA for this, but it's a pretty simple requirement, so I'm not sure it's worth it. BTW, we are working on updating Gluu Gateway to handle exactly this scenario. ETA two months to ship the feature though.

Post an answer