can openAM check multiple resources and permission in one authorization call

This topic has 1 reply, 2 voices, and was last updated 5 years, 10 months ago by Peter Major.

  • Author
    Posts
  • #2799
     handongwang
    Participant

    I have a web application, which displays 40-200 fields/parameters in a single page.
    the application need to check if the login user has the permission to view or update each field.
    Calling openAM authorization REST API for each field permission would be too slow.
    Is there a way for the application to submit all field permission checking to OpenAM and OpenAM returns grant/deny decision for each field in one http response?

    #2806
     Peter Major
    Moderator

    The REST API in 12 offers batch policy evaluation if I’m not mistaken:

    $ curl -v -X POST -H "Content-Type: application/json" -H "iplanetdirectorypro: <adminToken>" -d '{"resources":["http://example.com:80/index.html"],"subject":{"ssoToken":"<userToken>"}}' http://openam.example.com:8080/openam/json/policies/?_action=evaluate

    As you can see “resources” is a JSON array, so you should be able to pass in more than one resource with a single request for policy evaluation.

    • This reply was modified 5 years, 10 months ago by Peter Major.
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?