Configuration

XACML (Extensible Access Control Markup Language) is an open standard XML-based language designed to configure security policies and access rights to information for Web services.

XACML supports fine-grained, attributes based access control definitions and supports composing of policies by re-using those low-level definitions.

PDP Configuration is disabled in the following stacks, by default.

Azure

For Azure deployment, set the following PDP configuration properties in install.sh/install-postgresql.sh and install.bat/install-postgresql.bat.

install.sh/ install.bat

REM PDP Configuration
SET AUTHZ_ENABLED="false"
SET PDP_CONFIG="classpath:xacml/pdp-config.xml"
SET PDP_RESOURCE_TYPE="API"
SET PDP_RESOURCE_MANAGER="MARKETINGCATALOG"
SET temn_entitlement_service_enabled="false"

AWS

For AWS deployment, set the following PDP configuration properties in install-aws.sh and install-aws-postgresql.sh.

#--- PDP Configuration ---
export LAMDA_CONFIG="DATABASE_KEY=\"dynamodb\",temn_msf_security_authz_enabled=\"false\",temn_entitlement_service_enabled=\"false\""
export PDP_CONFIG="classpath:xacml/pdp-config.xml"
export PDP_RESOURCE_TYPE="API"
export PDP_RESOURCE_MANAGER="MARKETINGCATALOG"
export LAMDA_CONFIG=${LAMDA_CONFIG},PDP_CONFIG=${PDP_CONFIG},temn_msf_pdp_resource_type=${PDP_RESOURCE_TYPE},temn_msf_pdp_resource_manager=${PDP_RESOURCE_MANAGER}

K8

For K8, go to \marketing-catalog\ms-marketingcatalog-package\ms-marketingcatalog-package-docker\src\docker\k8\on-premise\svc\templates\svc\ and configure the following PDP configurations in marketingcatalog-configmap.yaml

#--- PDP Configuration ---
temn.msf.security.authz.enabled: "false"
PDP_CONFIG: classpath:xacml/pdp-config.xml
temn.msf.pdp.resource.type: API
temn.msf.pdp.resource.manager: MARKETINGCATALOG
temn.entitlement.service.enabled: "false"