Step 3 – Create a policy that delegates authentication to PassPort

To delegate authentication to Axway PassPort, create a new policy in Policy Studio:

  1. In the Policy Studio tree, right-click Policies and select Add Policy.
  2. Enter the name GothamCityAuthorization and click OK.
  3. Configure the policy as follows:

Add a HTTP basic authentication filter

To configure a HTTP Basic filter, perform the following steps:

  1. Drag a HTTP Basic filter from the Authentication category in the palette and drop it onto the policy canvas.
  2. Configure it as follows:
    • Name:
    • Enter HTTP Basic Authentication Using PassPort.
    • Credential Format:
    • Select User Name from the list.
    • Allow Client Challenge:
    • Select the Allow client challenge check box.
    • Repository Name:
    • Select Gotham PassPort from the list.
  3. HTTP basic filter configuration
  4. Click OK.
  5. To set this authentication filter to be the starting filter of the policy, right-click the filter on the canvas and select Set as Start.

Add a PassPort authorization filter

To configure the Axway PassPort Authorization filter, perform the following steps:

  1. From the Authorization category on the right of Policy Studio, drag the Axway PassPort Authorization filter onto the policy canvas.
  2. Select Gotham PassPort from the PassPort Repository list.
  3. PassPort authorization filter configuration
  4. For this scenario use the default settings for the other fields.
    • The default User ID is ${authentication.subject.id}. This attribute gets set by the authentication filter.
    • The default Resource is ${http.request.uri}. This is the URL of the request. In this scenario the URL is /batcave as defined in the CSD.
    • The default Action is ${http.request.verb}. This is the HTTP action that the request is performing (for example, GET, POST, PUT, and so on).
  5. Set the success path from the HTTP Basic filter to the Axway PassPort Authorization filter.

Add a success message filter

To display a success message after successfully authorizing the user you can add a Set Message filter as follows:

  1. Drag a Set Message filter from the Conversion category in the palette and drop it onto the policy canvas.
  2. Configure the following fields on this filter:
    • Name:
    • Enter Set Success Message.
    • Content-Type:
    • Enter text/plain as the content-type of the message to return to the client.
    • Message Body:
    • Enter the following message to return to the client: User '${authentication.subject.id}' was authorized successfully!
  3. Set success message filter configuration
  4. Click OK.
  5. Set the success path from the Axway PassPort Authorization filter to the Set Success Message filter.

Add a failure message filter

If Axway PassPort returns false for the authorization request an appropriate error message should be returned to the client.

To display a failure message after an unsuccessful authorization event you can add another Set Message filter as follows:

  1. Drag a Set Message filter from the Conversion category in the palette and drop it onto the canvas.
  2. Configure the following fields on this filter:
    • Name:
    • Enter Set Failure Message.
    • Content-Type:
    • Enter text/plain as the content-type of the message to return to the client.
    • Message Body:
    • Enter the following message to return to the client: User '${authentication.subject.id}' was NOT authorized to access the resource!
  3. Set failure message filter configuration
  4. Click OK.
  5. Set the failure path of the Axway PassPort Authorization filter to the Set Failure Message filter.

Related Links