AzaaS Quick Start
The fastest “Quick Start” is by describing an example. Consider the case in which the AzaaS API is used to query whether Delgado has READ access to the resource UserProfileData of User Ron.
- Get an access token via the https://idp.ssocircle.com/sso/ttapi/2.0/authz/0/authn API. You can use password or sessiontoken grant_tpye.
Example using curl:- curl –data-urlencode grant_type=password –data-urlencode username=${USERNAME}@ssocircle –data-urlencode password=${PASSWORD} –data-urlencode scope=AzaaS https://idp.ssocircle.com/sso/ttapi/2.0/authz/0/authn
USERNAME=<YOUR SSOCircle USER>
PASSWORD=<YOUR SSOCircle USER PASSWORD>
Details for that part can be found in the SSOCheck API manual
- curl –data-urlencode grant_type=password –data-urlencode username=${USERNAME}@ssocircle –data-urlencode password=${PASSWORD} –data-urlencode scope=AzaaS https://idp.ssocircle.com/sso/ttapi/2.0/authz/0/authn
- Query the Entitlement API using XACML REST and JSON Profile
Example using curl:- curl –header “Authorization: Bearer ${TOKEN}” -H “Content-Type:application/json” -d ${JSON} https://idp.ssocircle.com/azaas/1.0.0/authorization/pdp
TOKEN=<ACCESS TOKEN FROM PREVIOUS STEP>
JSON=<XACML JSON REQUEST>
- curl –header “Authorization: Bearer ${TOKEN}” -H “Content-Type:application/json” -d ${JSON} https://idp.ssocircle.com/azaas/1.0.0/authorization/pdp
Samples of the XACML JSON Request from step 2:
{
"Request": {
"AccessSubject": {
"Attribute": [{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:subject:subject-id",
"Value": "Delgado"
}]
},
"Environment": {
"Attribute": [{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:environment:environment-id",
"Value": "Ron"
}]
},
"Action": {
"Attribute": [{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
"Value": "READ"
}]
},
"Resource": {
"Attribute": [{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
"Value": "UserProfileData"
}]
}
}
}
Response from the XACML JSON entitlement query:
{
"Response": [{
"Decision": "Permit",
"Status": {
"StatusCode": {
"Value": "urn:oasis:names:tc:xacml:1.0:status:ok"
}
}
}]
}
The following image describes the permission path: