New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UMA RPT Policy evaluator : if no policies it grants access. We have to make it configurable (e.g. deny instead of grant) #748

Closed
yuriyz opened this Issue Feb 14, 2018 · 5 comments

Comments

Projects
None yet
2 participants
@yuriyz
Contributor

yuriyz commented Feb 14, 2018

Right now evaluator scans for policies associated with scopes. If there is no any policy (list is blank) then we do not invoke evaluator at all and grant access directly.

From one side it is ok because protection is made by policy. No policy - no protection -> Granted.
But from other side I guess we have to forbid access because we will grant access even if admin for forget to specify policy.

@yuriyz yuriyz added the question label Feb 14, 2018

@yuriyz yuriyz added this to the 3.1.3 milestone Feb 14, 2018

@yuriyz yuriyz self-assigned this Feb 14, 2018

@yuriyz

This comment has been minimized.

Contributor

yuriyz commented Feb 14, 2018

@nynymike what do you think ?

@nynymike

This comment has been minimized.

Contributor

nynymike commented Feb 15, 2018

Perhaps this should be configurable in the JSON properties?

@yuriyz yuriyz added enhancement and removed question labels Feb 15, 2018

@yuriyz yuriyz modified the milestones: 3.1.3, 3.2.0 Feb 15, 2018

@yuriyz

This comment has been minimized.

Contributor

yuriyz commented Feb 15, 2018

Agreed, lets make it configurable.

@yuriyz yuriyz changed the title from UMA RPT Policy evaluator : if no policies it grants access, should we deny by default? to UMA RPT Policy evaluator : if no policies it grants access. We have to make it configurable (e.g. deny instead of grant) Feb 23, 2018

yuriyz added a commit that referenced this issue Mar 20, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Mar 20, 2018

UMA : added umaGrantAccessIfNoPolicies configuration property to cont…
…rol whether to grant access to resources if policies are not set for scopes or deny it.

GluuFederation/oxAuth#748

yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue Mar 20, 2018

@yuriyz

This comment has been minimized.

Contributor

yuriyz commented Mar 20, 2018

done

@yuriyz yuriyz closed this Mar 20, 2018

yurem added a commit that referenced this issue Mar 21, 2018

yurem added a commit to GluuFederation/community-edition-setup that referenced this issue Mar 21, 2018

yurem added a commit to GluuFederation/oxTrust that referenced this issue Mar 26, 2018

UMA : added umaGrantAccessIfNoPolicies configuration property to cont…
…rol whether to grant access to resources if policies are not set for scopes or deny it.

GluuFederation/oxAuth#748

madumlao added a commit to madumlao/oxAuth that referenced this issue Apr 5, 2018

madumlao added a commit to madumlao/oxTrust that referenced this issue Apr 5, 2018

UMA : added umaGrantAccessIfNoPolicies configuration property to cont…
…rol whether to grant access to resources if policies are not set for scopes or deny it.

GluuFederation/oxAuth#748

yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue May 29, 2018

yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue May 29, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment