AzaaS Quick Start

The fastest “Quick Start” is by describing an example. Consider the case in which the AzaaS API is used to query whether Delgado has READ access to the resource UserProfileData of User Ron.

  1. Get an access token via the https://idp.ssocircle.com/sso/ttapi/2.0/authz/0/authn API. You can use password or sessiontoken grant_tpye.
    Example using curl:

    • curl –data-urlencode grant_type=password –data-urlencode username=${USERNAME}@ssocircle –data-urlencode password=${PASSWORD} –data-urlencode scope=AzaaS https://idp.ssocircle.com/sso/ttapi/2.0/authz/0/authn
       
      USERNAME=<YOUR SSOCircle USER>
      PASSWORD=<YOUR SSOCircle USER PASSWORD>

       
      Details for that part can be found in the SSOCheck API manual
  2. Query the Entitlement API using XACML REST and JSON Profile
    Example using curl:

    • curl –header “Authorization: Bearer ${TOKEN}” -H “Content-Type:application/json” -d ${JSON} https://idp.ssocircle.com/azaas/1.0.0/authorization/pdp
       
      TOKEN=<ACCESS TOKEN FROM PREVIOUS STEP>
      PASSWORD=<XACML JSON REQUEST>

Samples of the XACML JSON Request from step 2:

{
 "Request": {
  "AccessSubject": {
   "Attribute": [{
    "AttributeId": "urn:oasis:names:tc:xacml:1.0:subject:subject-id",
    "Value": "Delgado"
   }]
  },
  "Environment": {
   "Attribute": [{
    "AttributeId": "urn:oasis:names:tc:xacml:1.0:environment:environment-id",
    "Value": "Ron"
   }]
  },
  "Action": {
   "Attribute": [{
    "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
    "Value": "READ"
   }]
  },
  "Resource": {
   "Attribute": [{
    "AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
    "Value": "UserProfileData"
   }]
  }
 }
}

Response from the XACML JSON entitlement query:


{
 "Response": [{
  "Decision": "Permit",
  "Status": {
   "StatusCode": {
    "Value": "urn:oasis:names:tc:xacml:1.0:status:ok"
   }
  }
 }]
}

The following image describes the permission path:

MyDelegate