How to specify the realm when authorization with J APi?

This topic has 2 replies, 2 voices, and was last updated 5 years, 11 months ago by Rogerio Rondini.

  • Author
    Posts
  • #12231
     full2
    Participant

    Hello:
    I am using the Java Client API from a desktop aplication writing in java.
    After authentication in a specific realm; I want to use the Authorization, PolicyEvaluator. I would like to use a policy made in a PolicySet under some specific realm I have defined.

    But when using the Policy Evalutor, like in https://forgerock.org/openam/doc/bootstrap/dev-guide/index.html#sec-policy-decisions; I would like to specify a “PolicySet” (in the source code it is called ServiceName, I believe it corresponds with the old “aplication name” in OAm 12; in OAm 13 it is called PolicySet).

    But I got “Unable to retrieve application under realm /.”
    It seems it does not find the PolicySet if it not located under the “/” realm.
    If I enter as a serviceName a PolicySet under the “/” realm, it works ok.

    I authenticate sucessfull against the realm I want, but I cant access the Policy under the PolicySet under the realm I want.

    In summary: How do I Authorize using the PolicySet “PolicySet1” made under the realm “realm1”?
    It seems to me that the only thing I can specify is the name of the PolicySet, and it seems to me it must be defined under the “/” realm.

    Example Pseudo code:
    PolicyEvaluator pe = PolicyEvaluatorFactory.getInstance().getPolicyEvaluator(policySet);
    PolicyDecision pd = pe.getPolicyDecision(token, fullResouceName, actionSet, env);
    System.out.println(“policyDecision:” + pd.toXML());

    Thanks.

    #12323
     full2
    Participant

    Nobody?

    :-(

    Oh, and I am sorry by my spelling mistakes:
    “I am using the Java Client API from a desktop aplication **wrote** in java.”
    “It seems it does not find the PolicySet if it **is** not located under the “/” realm.”

    #12328
     Rogerio Rondini
    Participant

    So.. I went to JavaDoc and I can`t found the answer. Actually, I never had used Client SDK to evaluate policy and I know you can do it using REST API.

    My suggestion is to create ServiceName in the top Realm and use Referrals to delegate evaluation to subrealm.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?