Is it possible to enforce extra authentication (via an external service) or an extra layer of decision making after a successful active directory authentication?
Thanks
Asked
Active
Viewed 74 times
1 Answers
1
Short answer: yes.
You probably mean extra authorization given the tags you used (XACML). You would typically use AD / LDAP for authentication with an app. Once you retrieve the user's roles and groups, you can then call a Policy Decision Point (PDP) either from an interceptor or the application requesting authentication. The PDP would then authorize the request using XACML policies.
David Brossard
- 13,584
- 6
- 55
- 88
-
Yet this is exactly what I mean, giving an authentication verdict after a successful authentication. I will be very happy if you could supply a reference I can learn how to do it from. – Lewis Bushman Jan 05 '18 at 11:35
-
Have a look at what Axiomatics does (disclaimer: this is where I work) – David Brossard Jan 05 '18 at 17:25