diff --git a/en/docs/assets/img/103331155/103331158.png b/en/docs/assets/img/103331155/103331158.png deleted file mode 100755 index 99a16cc904..0000000000 Binary files a/en/docs/assets/img/103331155/103331158.png and /dev/null differ diff --git a/en/docs/assets/img/103331155/103331156.png b/en/docs/assets/img/103331155/publish-xpath-policy-to-pdp.png similarity index 100% rename from en/docs/assets/img/103331155/103331156.png rename to en/docs/assets/img/103331155/publish-xpath-policy-to-pdp.png diff --git a/en/docs/assets/img/103331155/103331157.png b/en/docs/assets/img/103331155/upload-existing-xacml-policy.png similarity index 100% rename from en/docs/assets/img/103331155/103331157.png rename to en/docs/assets/img/103331155/upload-existing-xacml-policy.png diff --git a/en/docs/assets/img/103331635/103331648.png b/en/docs/assets/img/103331635/103331648.png deleted file mode 100755 index 4faa95f268..0000000000 Binary files a/en/docs/assets/img/103331635/103331648.png and /dev/null differ diff --git a/en/docs/assets/img/103331635/103331642.png b/en/docs/assets/img/103331635/add-ldap-user-store.png similarity index 100% rename from en/docs/assets/img/103331635/103331642.png rename to en/docs/assets/img/103331635/add-ldap-user-store.png diff --git a/en/docs/assets/img/103331635/103331645.png b/en/docs/assets/img/103331635/add-new-ldap.png similarity index 100% rename from en/docs/assets/img/103331635/103331645.png rename to en/docs/assets/img/103331635/add-new-ldap.png diff --git a/en/docs/assets/img/103331635/103331641.png b/en/docs/assets/img/103331635/configure-connection-to-ldap.png similarity index 100% rename from en/docs/assets/img/103331635/103331641.png rename to en/docs/assets/img/103331635/configure-connection-to-ldap.png diff --git a/en/docs/assets/img/103331635/103331643.png b/en/docs/assets/img/103331635/configure-ldap-user-store.png similarity index 100% rename from en/docs/assets/img/103331635/103331643.png rename to en/docs/assets/img/103331635/configure-ldap-user-store.png diff --git a/en/docs/assets/img/103331635/103331647.png b/en/docs/assets/img/103331635/create-ldap-connection.png similarity index 100% rename from en/docs/assets/img/103331635/103331647.png rename to en/docs/assets/img/103331635/create-ldap-connection.png diff --git a/en/docs/assets/img/103331635/103331649.png b/en/docs/assets/img/103331635/enable-ldap-server.png similarity index 100% rename from en/docs/assets/img/103331635/103331649.png rename to en/docs/assets/img/103331635/enable-ldap-server.png diff --git a/en/docs/assets/img/103331635/103331639.png b/en/docs/assets/img/103331635/ldap-connection-password-2.png similarity index 100% rename from en/docs/assets/img/103331635/103331639.png rename to en/docs/assets/img/103331635/ldap-connection-password-2.png diff --git a/en/docs/assets/img/103331635/103331640.png b/en/docs/assets/img/103331635/ldap-connection-password.png similarity index 100% rename from en/docs/assets/img/103331635/103331640.png rename to en/docs/assets/img/103331635/ldap-connection-password.png diff --git a/en/docs/assets/img/103331635/103331636.png b/en/docs/assets/img/103331635/ldap-disable-quality-check.png similarity index 100% rename from en/docs/assets/img/103331635/103331636.png rename to en/docs/assets/img/103331635/ldap-disable-quality-check.png diff --git a/en/docs/assets/img/103331635/103331637.png b/en/docs/assets/img/103331635/ldap-dn-group.png similarity index 100% rename from en/docs/assets/img/103331635/103331637.png rename to en/docs/assets/img/103331635/ldap-dn-group.png diff --git a/en/docs/assets/img/103331635/103331638.png b/en/docs/assets/img/103331635/ldap-dn.png similarity index 100% rename from en/docs/assets/img/103331635/103331638.png rename to en/docs/assets/img/103331635/ldap-dn.png diff --git a/en/docs/assets/img/103331635/103331644.png b/en/docs/assets/img/103331635/open-ldap-configuration.png similarity index 100% rename from en/docs/assets/img/103331635/103331644.png rename to en/docs/assets/img/103331635/open-ldap-configuration.png diff --git a/en/docs/assets/img/tutorials/add-ldap-user-store.png b/en/docs/assets/img/tutorials/add-ldap-user-store.png new file mode 100755 index 0000000000..14ba0f05f7 Binary files /dev/null and b/en/docs/assets/img/tutorials/add-ldap-user-store.png differ diff --git a/en/docs/assets/img/103331635/103331646.png b/en/docs/assets/img/tutorials/add-new-ldap-2.png similarity index 100% rename from en/docs/assets/img/103331635/103331646.png rename to en/docs/assets/img/tutorials/add-new-ldap-2.png diff --git a/en/docs/assets/img/tutorials/add-new-ldap.png b/en/docs/assets/img/tutorials/add-new-ldap.png new file mode 100755 index 0000000000..65fb970307 Binary files /dev/null and b/en/docs/assets/img/tutorials/add-new-ldap.png differ diff --git a/en/docs/assets/img/tutorials/configure-connection-to-ldap.png b/en/docs/assets/img/tutorials/configure-connection-to-ldap.png new file mode 100755 index 0000000000..71788f0665 Binary files /dev/null and b/en/docs/assets/img/tutorials/configure-connection-to-ldap.png differ diff --git a/en/docs/assets/img/tutorials/configure-ldap-user-store.png b/en/docs/assets/img/tutorials/configure-ldap-user-store.png new file mode 100755 index 0000000000..233b682659 Binary files /dev/null and b/en/docs/assets/img/tutorials/configure-ldap-user-store.png differ diff --git a/en/docs/assets/img/tutorials/create-ldap-connection.png b/en/docs/assets/img/tutorials/create-ldap-connection.png new file mode 100755 index 0000000000..28d09a82dd Binary files /dev/null and b/en/docs/assets/img/tutorials/create-ldap-connection.png differ diff --git a/en/docs/assets/img/tutorials/ldap-connection-password-2.png b/en/docs/assets/img/tutorials/ldap-connection-password-2.png new file mode 100755 index 0000000000..0655a8a218 Binary files /dev/null and b/en/docs/assets/img/tutorials/ldap-connection-password-2.png differ diff --git a/en/docs/assets/img/tutorials/ldap-connection-password.png b/en/docs/assets/img/tutorials/ldap-connection-password.png new file mode 100755 index 0000000000..e5217e504f Binary files /dev/null and b/en/docs/assets/img/tutorials/ldap-connection-password.png differ diff --git a/en/docs/assets/img/tutorials/ldap-disable-quality-check.png b/en/docs/assets/img/tutorials/ldap-disable-quality-check.png new file mode 100755 index 0000000000..8a492f868c Binary files /dev/null and b/en/docs/assets/img/tutorials/ldap-disable-quality-check.png differ diff --git a/en/docs/assets/img/tutorials/ldap-dn-group.png b/en/docs/assets/img/tutorials/ldap-dn-group.png new file mode 100755 index 0000000000..f650b029a2 Binary files /dev/null and b/en/docs/assets/img/tutorials/ldap-dn-group.png differ diff --git a/en/docs/assets/img/tutorials/ldap-dn.png b/en/docs/assets/img/tutorials/ldap-dn.png new file mode 100755 index 0000000000..8526b47b05 Binary files /dev/null and b/en/docs/assets/img/tutorials/ldap-dn.png differ diff --git a/en/docs/assets/img/tutorials/open-ldap-configuration.png b/en/docs/assets/img/tutorials/open-ldap-configuration.png new file mode 100755 index 0000000000..cd6bffa9f9 Binary files /dev/null and b/en/docs/assets/img/tutorials/open-ldap-configuration.png differ diff --git a/en/docs/assets/img/tutorials/publish-xpath-policy-to-pdp.png b/en/docs/assets/img/tutorials/publish-xpath-policy-to-pdp.png new file mode 100755 index 0000000000..7857d70d95 Binary files /dev/null and b/en/docs/assets/img/tutorials/publish-xpath-policy-to-pdp.png differ diff --git a/en/docs/assets/img/tutorials/upload-existing-xacml-policy.png b/en/docs/assets/img/tutorials/upload-existing-xacml-policy.png new file mode 100755 index 0000000000..90f872ef8d Binary files /dev/null and b/en/docs/assets/img/tutorials/upload-existing-xacml-policy.png differ diff --git a/en/docs/connectors/configuring-Amazon-Authenticator.md b/en/docs/connectors/configuring-Amazon-Authenticator.md index c92117b271..708c3192b7 100644 --- a/en/docs/connectors/configuring-Amazon-Authenticator.md +++ b/en/docs/connectors/configuring-Amazon-Authenticator.md @@ -167,7 +167,7 @@ Identity Server version that you are working on. 8. Configure the Local and Outbound Authentication for Amazon. For more information, see [Configuring Local and Outbound Authentication for a Service - Provider](https://docs.wso2.com/display/IS530/Configuring+Local+and+Outbound+Authentication+for+a+Service+Provider) + Provider](../../using-wso2-identity-server/configuring-local-and-outbound-authentication-for-a-service-provider) in the WSO2 IS 5.3.0 guide. 1. Click on the **Federated Authentication** radio button. 2. Select the identity provider you created from the drop-down list diff --git a/en/docs/connectors/configuring-Foursquare-Authenticator.md b/en/docs/connectors/configuring-Foursquare-Authenticator.md index f70d596c55..67e857bc03 100644 --- a/en/docs/connectors/configuring-Foursquare-Authenticator.md +++ b/en/docs/connectors/configuring-Foursquare-Authenticator.md @@ -195,7 +195,7 @@ Identity Server version that you are working on. 7. Configure the Local and Outbound Authentication for Foursquare. For more information, see [Configuring Local and Outbound Authentication for a Service - Provider](https://docs.wso2.com/display/IS530/Configuring+Local+and+Outbound+Authentication+for+a+Service+Provider) + Provider](../../using-wso2-identity-server/configuring-local-and-outbound-authentication-for-a-service-provider) in the WSO2 IS 5.3.0 guide. 1. Go to the **Local and Outbound Authentication Configuration** diff --git a/en/docs/connectors/configuring-LinkedIn-Authenticator.md b/en/docs/connectors/configuring-LinkedIn-Authenticator.md index 33dabbe21d..5a9e794ca7 100644 --- a/en/docs/connectors/configuring-LinkedIn-Authenticator.md +++ b/en/docs/connectors/configuring-LinkedIn-Authenticator.md @@ -213,7 +213,7 @@ Go to the **Local and Outbound Authentication Configuration** section. Configure the Local and Outbound Authentication for LinkedIn. For more information, see [Configuring Local and Outbound Authentication for a Service -Provider](https://docs.wso2.com/display/IS530/Configuring+Local+and+Outbound+Authentication+for+a+Service+Provider) +Provider](../../using-wso2-identity-server/configuring-local-and-outbound-authentication-for-a-service-provider) in the WSO2 IS 5.3.0 guide. 1. Click on the **Federated Authentication** radio button. diff --git a/en/docs/getting-started/quick-start-guide.md b/en/docs/getting-started/quick-start-guide.md index 2dbaab958e..eb389e32ad 100644 --- a/en/docs/getting-started/quick-start-guide.md +++ b/en/docs/getting-started/quick-start-guide.md @@ -580,10 +580,10 @@ Pickup Manager applications using WSO2 IS. 2. Add and configure the following properties in the `deployment.toml` file found in the `/repository/conf` folder. Update the address, username, and password parameters with the values of a valid email account. ``` java - [mail.publisher] - address = - username = - password = + [output_adapter.email] + from_address = + username = + password = ``` 4. Restart WSO2 IS. diff --git a/en/docs/tutorials/access-control.md b/en/docs/tutorials/access-control.md index 3cbf59f807..8918c8667d 100644 --- a/en/docs/tutorials/access-control.md +++ b/en/docs/tutorials/access-control.md @@ -48,4 +48,4 @@ used in access control. - [Sending Notifications to External PEP Endpoints](../../tutorials/sending-notifications-to-external-pep-endpoints) - [Writing an XACML 3.0 Policy Using - XPath](../../tutorials/writing-an-xacml-3.0-policy-using-xpath) + XPath](../../tutorials/writing-a-xacml-3.0-policy-using-xpath) diff --git a/en/docs/tutorials/sending-Notifications-to-External-PEP-Endpoints.md b/en/docs/tutorials/sending-notifications-to-external-pep-endpoints.md similarity index 55% rename from en/docs/tutorials/sending-Notifications-to-External-PEP-Endpoints.md rename to en/docs/tutorials/sending-notifications-to-external-pep-endpoints.md index 3ec198367d..dcd9707129 100644 --- a/en/docs/tutorials/sending-Notifications-to-External-PEP-Endpoints.md +++ b/en/docs/tutorials/sending-notifications-to-external-pep-endpoints.md @@ -4,7 +4,7 @@ You can register external PEP Endpoints in the WSO2 Identity Server. The Identity Server sends cache invalidation notifications (JSON, XML, EMAIL) to the pre-configured external PEP endpoints. Basic authentication will be used as the [authentication -mechanism](https://docs.wso2.com/display/IS530/Configuring+Local+and+Outbound+Authentication+for+a+Service+Provider) +mechanism](../../using-wso2-identity-server/configuring-local-and-outbound-authentication-for-a-service-provider) . This topic describes how you can enable the XACML engine to send @@ -13,25 +13,16 @@ a policy update or a change in user roles, permissions or attributes. This also clears the internal cache when user roles, permissions or attributes are updated. -1. If you are using EMAIL as the notification method, configure email - transport details using the ` axis2.xml ` file. - Follow the steps below to configure this: - 1. Navigate to the - ` /repository/conf/axis2/axis2.xml ` - file. - 2. Configure the relevant attributes according to your email - account information. The following is a sample configuration. - - ``` xml - - wso2demomail@gmail.com - wso2demomail - mailpassword - smtp.gmail.com - 587 - true - true - +1. If you are using EMAIL as the notification method, add and configure the following properties in the `deployment.toml` file found in the `/repository/conf` folder. Update the address, username, and password parameters with the values of a valid email account. + ``` toml + [output_adapter.email] + from_address = + username = + password = + hostname= + port + enable_start_tls + enable_authentication ``` 2. Create an email template in @@ -41,57 +32,48 @@ permissions or attributes are updated. sample template which contains the below code part. ``` java - Hi {username}, + Hi {username}, - XACML PDP policy store has been changed.. + XACML PDP policy store has been changed.. - Policy Id : {targetId} - Action : {action} - Policy : {target} + Policy Id : {targetId} + Action : {action} + Policy : {target} - Best Regards, - http://xacmlinfo.org + Best Regards, + http://xacmlinfo.org ``` -3. Do the following to send notifications to external endpoints when - there is a policy change. +3. To send notifications to external endpoints when + there is a policy change, add the following configuration to the `deployment.toml` file found in the `/repository/conf` folder. - 1. Navigate to the - ` /repository/conf/identity/entitlement.properties ` - file. - 2. Make the following change. - - ``` java - PAP.Status.Data.Handler.2=org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension + ``` toml + [identity.entitlement.policy_point.pap] + status_data_handlers = ["org.wso2.carbon.identity.entitlement.SimplePAPStatusDataHandler"] ``` - Here the trailing number that is added after " - ` PAP.Status.Data.Handler ` " should be - the minimum positive number you can add for a new " - ` PAP.Status.Data.Handler ` ". - 4. Additionally, add the following to the ` entitlement.properties ` file and change accordingly. If you are sending notifications via email, use this and change the recipient email address. ``` java - #org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.1=notificationType,JSON - #org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.1=notificationType,XML - org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.1=notificationType,EMAIL - - org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.2=ignoreServerVerification,true - - #org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.3=targetUrl,http://targetUrlAddress;username;password - org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.3=emailAddress,wso2demomail@gmail.com - - org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.4=pdpNotificationAction,ENABLE;DISABLE;UPDATE;DELETE - - org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.5=papNotification,true - - org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.6=pdpNotification,true - - org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.9=roleName, admin + #org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.1=notificationType,JSON + #org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.1=notificationType,XML + org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.1=notificationType,EMAIL + + org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.2=ignoreServerVerification,true + + #org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.3=targetUrl,http://targetUrlAddress;username;password + org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.3=emailAddress,wso2demomail@gmail.com + + org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.4=pdpNotificationAction,ENABLE;DISABLE;UPDATE;DELETE + + org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.5=papNotification,true + + org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.6=pdpNotification,true + + org.wso2.carbon.identity.entitlement.EntitlementNotificationExtension.9=roleName, admin ``` The following table lists out and describes the above attributes. @@ -118,41 +100,41 @@ permissions or attributes are updated. notification can be configured. ``` java - module.name.1=email - email.subscription.1=userOperation - email.subscription.userOperation.template=/home/wso2dinali/SUPPORT/TRAVISPERKINSDEV-312/wso2is-5.3.0/repository/conf/email/entitlement-email-config.xml - email.subscription.userOperation.salutation=Admin - email.subscription.userOperation.subject=User operation change information - email.subscription.userOperation.endpoint.1=privateMail - email.subscription.userOperation.endpoint.privateMail.address=wso2demomail@gmail.com - email.subscription.userOperation.endpoint.privateMail.salutation=wso2demomail@gmail.com - email.subscription.userOperation.endpoint.privateMail.subject= The User Operation change has occured. - # - email.subscription.userOperation.endpoint.2=wso2demomail@gmail.com - email.subscription.userOperation.endpoint.officeMail.address=wso2demomail@gmail.com - # - email.subscription.2=policyUpdate - email.subscription.policyUpdate.template=/repository/conf/email/entitlement-email-config.xml - email.subscription.policyUpdate.salutation=Admin - email.subscription.policyUpdate.subject= policy update information mail - email.subscription.policyUpdate.endpoint.1=privateMail - email.subscription.policyUpdate.endpoint.privateMail.address=wso2demomail@gmail.com - email.subscription.policyUpdate.endpoint.privateMail.salutation=Admin - email.subscription.policyUpdate.endpoint.privateMail.subject=policy update information to private wso2demomail@gmail.com - # - #module.name.2=json - #json.subscription.1=userOperation - #json.subscription.userOperation.template=templatePath/jsonTemplate - #json.subscription.userOperation.jsonId=3232 - #json.subscription.userOperation.endpoint.1=pepEndpoint1 - #json.subscription.userOperation.endpoint.pepEndpoint1.address=https://localhost:8080/testEndpoint1 - #json.subscription.userOperation.endpoint.pepEndpoint1.username=testUsername - #json.subscription.userOperation.endpoint.pepEndpoint2.password=testPW - # - #json.subscription.userOperation.endpoint.2=pepEndpoint2 - #json.subscription.userOperation.endpoint.pepEndpoint2.address=https://localhost:8080/testEndpoint2 - - threadPool.size = 10 + module.name.1=email + email.subscription.1=userOperation + email.subscription.userOperation.template=/home/wso2dinali/SUPPORT/TRAVISPERKINSDEV-312/wso2is-5.3.0/repository/conf/email/entitlement-email-config.xml + email.subscription.userOperation.salutation=Admin + email.subscription.userOperation.subject=User operation change information + email.subscription.userOperation.endpoint.1=privateMail + email.subscription.userOperation.endpoint.privateMail.address=wso2demomail@gmail.com + email.subscription.userOperation.endpoint.privateMail.salutation=wso2demomail@gmail.com + email.subscription.userOperation.endpoint.privateMail.subject= The User Operation change has occured. + # + email.subscription.userOperation.endpoint.2=wso2demomail@gmail.com + email.subscription.userOperation.endpoint.officeMail.address=wso2demomail@gmail.com + # + email.subscription.2=policyUpdate + email.subscription.policyUpdate.template=/repository/conf/email/entitlement-email-config.xml + email.subscription.policyUpdate.salutation=Admin + email.subscription.policyUpdate.subject= policy update information mail + email.subscription.policyUpdate.endpoint.1=privateMail + email.subscription.policyUpdate.endpoint.privateMail.address=wso2demomail@gmail.com + email.subscription.policyUpdate.endpoint.privateMail.salutation=Admin + email.subscription.policyUpdate.endpoint.privateMail.subject=policy update information to private wso2demomail@gmail.com + # + #module.name.2=json + #json.subscription.1=userOperation + #json.subscription.userOperation.template=templatePath/jsonTemplate + #json.subscription.userOperation.jsonId=3232 + #json.subscription.userOperation.endpoint.1=pepEndpoint1 + #json.subscription.userOperation.endpoint.pepEndpoint1.address=https://localhost:8080/testEndpoint1 + #json.subscription.userOperation.endpoint.pepEndpoint1.username=testUsername + #json.subscription.userOperation.endpoint.pepEndpoint2.password=testPW + # + #json.subscription.userOperation.endpoint.2=pepEndpoint2 + #json.subscription.userOperation.endpoint.pepEndpoint2.address=https://localhost:8080/testEndpoint2 + + threadPool.size = 10 ``` 6. It is recommended to use https to communicate with external @@ -163,5 +145,5 @@ permissions or attributes are updated. password for client-truststore.jks is "wso2carbon". ``` java - keytool -import -alias wso2 -file /yourCertificate.crt -keystore /repository/resources/security/client-truststore.jks + keytool -import -alias wso2 -file /yourCertificate.crt -keystore /repository/resources/security/client-truststore.jks ``` diff --git a/en/docs/tutorials/setting-Up-An-LDAP-User-Store.md b/en/docs/tutorials/setting-up-an-ldap-user-store.md similarity index 73% rename from en/docs/tutorials/setting-Up-An-LDAP-User-Store.md rename to en/docs/tutorials/setting-up-an-ldap-user-store.md index efa6402834..e87773a9cf 100644 --- a/en/docs/tutorials/setting-Up-An-LDAP-User-Store.md +++ b/en/docs/tutorials/setting-up-an-ldap-user-store.md @@ -4,11 +4,6 @@ This tutorial guides you through creating an LDAP user store using Apache Directory Studio and connecting the user store to WSO2 Identity Server. -- [Creating a new LDAP - server](#SettingUpAnLDAPUserStore-CreatinganewLDAPserver) -- [Configuring the user - store](#SettingUpAnLDAPUserStore-Configuringtheuserstore) - !!! tip Before you begin @@ -24,48 +19,52 @@ Server. 1. Open Apache Directory Studio. 2. In the **LDAP Servers** tab found on the bottom left corner, click **New Server**. - ![](attachments/103331635/103331645.png){width="306" height="168"} + ![add-new-ldap](../../assets/img/tutorials/add-new-ldap.png) 3. Select **LDAP server ApacheDS 2.0.0** and click **Finish**. - ![](attachments/103331635/103331646.png){width="422"} + ![](../../assets/img/tutorials/add-new-ldap-2.png) 4. Right-click on the newly created server and click **Open Configuration**. - ![](attachments/103331635/103331644.png){width="231"} + ![open-ldap-configuration](../../assets/img/tutorials/open-ldap-configuration.png) 5. Port offset the LDAP and LDAP server ports by changing the LDAP port - to 10390 and the LDAP server port to 10637. This ensures that the + to 10390 and the LDAP server port to 10637. + + This ensures that the embedded LDAP server running in the prior installation of WSO2 IS does not conflict with the current installation. - ![](attachments/103331635/103331649.png){width="254" height="250"} + ![enable-ldap-server](../../assets/img/tutorials/enable-ldap-server.png) 6. Right-click on the new server and click **Create a Connection**. - ![](attachments/103331635/103331647.png){width="407" height="250"} + ![create-ldap-connection](../../assets/img/tutorials/create-ldap-connection.png) 7. Right-click on the server and click **Run** to start the server. - ![](attachments/103331635/103331648.png){width="343" height="250"} + ![run-ldap-server](../../assets/img/tutorials/run-ldap-server.png) ### Configuring the user store 1. Log in to the management console. 2. Click **Add** under **User Stores** on the **Main** tab and add a new secondary user store named "EMPLOYEES". - ![](attachments/103331635/103331642.png){width="479"} + ![add-ldap-user-store](../../assets/img/tutorials/add-ldap-user-store.png) 3. Configure the user store properties as follows. - ![](attachments/103331635/103331643.png){width="633"} + ![configure-ldap-user-store](../../assets/img/tutorials/configure-ldap-user-store.png) - 1. **Connection URL** - ** - ** Right-click on the connection in ApacheDS and click **Open + 1. **Connection URL** - + + Right-click on the connection in ApacheDS and click **Open Configuration**. Since the LDAP server will run on your local machine, you can use the connection URL ` localhost:10390 ` according to the configured port. - ![](attachments/103331635/103331649.png){width="254" - height="250"} + ![enable-ldap-server](../../assets/img/tutorials/enable-ldap-server.png) + 2. **Connection Name** - ` uid=admin,ou=system ` - Right-click on the c onnection, click **Properties** and then + + Right-click on the connection, click **Properties** and then click **Authentication.** The connection name is the username given as the **Bind DN or user** value. @@ -77,29 +76,31 @@ Server. operations on the user store. This value is the DN (Distinguish Name) attribute of the user. - ![](attachments/103331635/103331641.png){width="536"} + ![configure-connection-to-ldap](../../assets/img/tutorials/configure-connection-to-ldap.png) 3. **Connection Password** - secret + This is the password for the user entered in the **Connection Name** field. Click on the admin user that is created by default to open up the related details. - ![](attachments/103331635/103331640.png){width="682"} + ![ldap-connection-password](../../assets/img/tutorials/ldap-connection-password.png) Double-click on **user password** and select the **Show Current Password Details** check box. The current password is displayed. - ![](attachments/103331635/103331639.png){width="401"} + ![ldap-connection-password-2](../../assets/img/tutorials/ldap-connection-password-2.png) 4. **User Search Base** - ou=users,ou=system + This is the DN of the context or object under which the user entries are stored in the user store. i.e. the "users" container. Double-click on ` ou=users ` on the LDAP Browser to view the DN value. - ![](attachments/103331635/103331638.png){width="702" - height="250"} + ![ldap-dn](../../assets/img/tutorials/ldap-dn.png) 5. **User Entry Object Class** - intetOrgPerson + To find a suitable User Entry Object Class, see the documentation on the directory service. For ApacheDS, see [Schema @@ -107,6 +108,7 @@ Server. . 6. **Group Search Base** - ou=groups,ou=system + On the **Add New User Store** screen of the management console, expand the **Optional** tab and edit the **Group Search Base** field. This is the DN of the context under which the user @@ -114,7 +116,7 @@ Server. ` ou=users ` on the LDAP Browser of ApacheDS to view the DN value. - ![](attachments/103331635/103331637.png){width="705"} + ![ldap-dn-group](../../assets/img/tutorials/ldap-dn-group.png) 4. In order to reduce the complexity constraints of adding a username and password, disable the password quality check. @@ -128,6 +130,6 @@ Server. 3. Change the **Check Quality** field under the **Quality** section to **Disabled** and save the configuration. - ![](attachments/103331635/103331636.png){width="544"} + ![ldap-disable-quality-check](../../assets/img/tutorials/ldap-disable-quality-check.png) 5. Click **Update** to save the configurations. diff --git a/en/docs/tutorials/working-with-xacml.md b/en/docs/tutorials/working-with-xacml.md index e8ccdf2db8..f7864ea63b 100644 --- a/en/docs/tutorials/working-with-xacml.md +++ b/en/docs/tutorials/working-with-xacml.md @@ -58,4 +58,4 @@ XACML to perform various access control related functions. - [Sending Notifications to External PEP Endpoints](../../tutorials/sending-notifications-to-external-pep-endpoints) - [Writing an XACML 3.0 Policy Using - XPath](../../tutorials/writing-an-xacml-3.0-policy-using-xpath) + XPath](../../tutorials/writing-a-xacml-3.0-policy-using-xpath) diff --git a/en/docs/tutorials/writing-an-XACML-3.0-Policy-Using-XPath.md b/en/docs/tutorials/writing-a-xacml-3.0-policy-using-xpath.md similarity index 97% rename from en/docs/tutorials/writing-an-XACML-3.0-Policy-Using-XPath.md rename to en/docs/tutorials/writing-a-xacml-3.0-policy-using-xpath.md index a94c4cd2a4..be84ecfbe7 100644 --- a/en/docs/tutorials/writing-an-XACML-3.0-Policy-Using-XPath.md +++ b/en/docs/tutorials/writing-a-xacml-3.0-policy-using-xpath.md @@ -90,15 +90,14 @@ Below code will show a sample policy which is written to match the 2. Go to **Policy Administration** under **PAP** in **Main** and Click on **Add New Entitlement Policy.** 3. Next Click on **Import Existing Policy.** - ![](attachments/103331155/103331158.png){height="250"} + ![import-existing- policy-xacml](../../assets/img/tutorials/import-existing- policy-xacml.png) 4. Save the above sample policy to a file and import it as follows by clicking " **upload** ". - ![](attachments/103331155/103331157.png){width="550"} + ![upload-existing-xacml-policy](../../assets/img/tutorials/upload-existing-xacml-policy.png) 5. Once it is uploaded, you can see the added policy in the policy view. Publish it to PDP so that we can evaluate that policy with sample requests. - -![](attachments/103331155/103331156.png) + ![publish-xpath-policy-to-pdp](../../assets/img/tutorials/publish-xpath-policy-to-pdp.png) ##### Evaluate the Policy: diff --git a/en/docs/using-wso2-identity-server/access-control-for-developers.md b/en/docs/using-wso2-identity-server/access-control-for-developers.md new file mode 100644 index 0000000000..92c16a14a8 --- /dev/null +++ b/en/docs/using-wso2-identity-server/access-control-for-developers.md @@ -0,0 +1,7 @@ +# Access Control for Developers + +The following topics list out key access control concepts relevant for +Developers. + +- [Writing a Custom Policy Info + Point](_Writing_a_Custom_Policy_Info_Point_) diff --git a/en/mkdocs.yml b/en/mkdocs.yml index 244d7decc8..6914d9c2c7 100644 --- a/en/mkdocs.yml +++ b/en/mkdocs.yml @@ -231,9 +231,9 @@ nav: - 'Writing XACML 3 Policies in WSO2 Identity Server - 5': tutorials/writing-xacml-3-policies-in-wso2-identity-server-5.md - 'Writing XACML 3 Policies in WSO2 Identity Server - 6': tutorials/writing-xacml-3-policies-in-wso2-identity-server-6.md - 'Writing XACML 3 Policies in WSO2 Identity Server - 7': tutorials/writing-xacml-3-policies-in-wso2-identity-server-7.md - - 'Sending Notifications to External PEP Endpoints': tutorials/sending-Notifications-to-External-PEP-Endpoints.md - - 'Writing an XACML 3.0 Policy Using XPath': tutorials/writing-an-XACML-3.0-Policy-Using-XPath.md - - 'Setting Up An LDAP User Store': tutorials/setting-Up-An-LDAP-User-Store.md + - 'Sending Notifications to External PEP Endpoints': tutorials/sending-notifications-to-external-pep-endpoints.md + - 'Writing an XACML 3.0 Policy Using XPath': tutorials/writing-a-xacml-3.0-policy-using-xpath.md + - 'Setting Up An LDAP User Store': tutorials/setting-up-an-ldap-user-store.md - 'Using WSO2 Identity Server': - 'Using WSO2 Identity Server': using-wso2-identity-server/using-WSO2-Identity-Server.md - 'Product Administration':