libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Diagram for architecture overview and internal links.

Browse source
This commit is contained in:
Pedro Igor 2016-05-31 19:28:28 -03:00
parent c5af5c870f
commit 2efa63638a
3 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
images/authz-arch-overview.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 91 KiB

10
topics/overview/architecture.adoc
View file

@ -1,23 +1,25 @@
== Architecture
image:../../images/authz-arch-overview.png[alt="Keycloak AuthZ Architecture Overview"]
From a design perspective, the {{book.project.module}} are based on a well defined set of authorization patterns providing a:
* **Policy Administration Point (PAP)**
+
Provides a set of UIs based on the Keycloak Administration Console to manage resource servers, resources, scopes, permissions and policies.
Part of this also accomplished remotely through the use of the _Protection API_.
Part of this also accomplished remotely through the use of the link:../service/protection-api.html[Protection API].
+
* **Policy Decision Point (PDP)**
+
Provides a distributable policy decision point, where authorization requests are sent to and policies are evaluated accordingly with the permissions being requested. Part of this also accomplished remotely through the use of the
_Authorization_ and _Entitlement_ APIs.
link:../service/authorization-api.html[Authorization] and link:../service/entitlement-api.html[Entitlement] APIs.
+
* **Policy Enforcement Point (PEP)**
+
Provides implementations for different environments to actually enforce authorization decisions on the resource server side.
Keycloak provides some built-in _Policy Enforcers_.
Keycloak provides some built-in link:../enforcer/overview.html[Policy Enforcers].
+
* **Policy Information Point (PIP)**
@ -26,4 +28,4 @@ Being based on {{book.project.name}} Authentication Server, you can obtain attri
Instead of doing authorization by your own, {{book.project.name}} provides a centralized but still distributable server
to govern protected resources and their respective policies within an application or organization using some well-known authorization patterns and standards such as
_OAuth2_ and _User-Managed Access (UMA)_.
_OAuth2_ and https://docs.kantarainitiative.org/uma/rec-uma-core.html[User-Managed Access (UMA)].

2
topics/resource-server/configuring-entitlements.adoc
View file

@ -1,6 +1,6 @@
== Configuring Entitlements
Entitlements are very useful when you want to obtain all permissions for a specific user based on the resources managed by a resource server.
More on _Entitlements_ and _Incremental Authorization_ later.
More on link:../service/entitlement-api.html[Entitlements] and link:../service/authorization-api.html[Incremental Authorization] later.
When configuring a resource server you may enable/disable entitlements by clicking the *Entitlements* switch.