Configuration

XACML (Extensible Access Control Markup Language) is an open standard XML-based language designed to configure security policies and access rights to information for Web services.

XACML supports fine-grained, attributes based access control definitions and supports composing of policies by re-using those low-level definitions.

PDP Configuration is disabled in the following stacks, by default.

Azure

For Azure deployment, set the following PDP configuration properties in install.sh/install-postgresql.sh and install.bat/install-postgresql.bat.

install.sh / install.bat

REM PDP Configuration
SET AUTHZ_ENABLED="true"
SET PDP_CONFIG="classpath:xacml/pdp-config.xml"
SET PDP_RESOURCE_TYPE="API"
SET PDP_RESOURCE_MANAGER="DUEDILIGENCE"
SET temn_entitlement_service_enabled="false"

AWS

For AWS deployment, set the following PDP configuration properties in install-aws.sh and install-aws-postgresql.sh.

install-aws.sh

#--- PDP Configuration ---
export LAMDA_CONFIG="DATABASE_KEY=\"dynamodb\",temn_msf_security_authz_enabled=\"true\",temn_entitlement_service_enabled=\"false\""
export PDP_CONFIG="classpath:xacml/pdp-config.xml"
export PDP_RESOURCE_TYPE="API"
export PDP_RESOURCE_MANAGER="DUEDILIGENCE"
export LAMDA_CONFIG=${LAMDA_CONFIG},PDP_CONFIG=${PDP_CONFIG},temn_msf_pdp_resource_type=${PDP_RESOURCE_TYPE},temn_msf_pdp_resource_manager=${PDP_RESOURCE_MANAGER}

K8

For K8,navigate to the path(\duediligence\ms-duediligence-package\ms-duediligence-package-docker\src\docker\k8\on-premise\svc\templates\svc\) and set the below mentioned JWT configuration properties as Environment Variables in API container of duediligence-configmap.yaml which in turn will refer the start scripts(start-duediligence-mongo.bat/start-duediligence-mongo.sh/start-duediligence-postgresql.bat/start-duediligence-postgresql.sh) file for the value of the respective PDP configuration properties.

If value for a property has not been set in start scripts, then the respective JWT configuration properties's values will be taken from values.yaml.