Configure WSO2 Identity Server for Self Service Authorization using Admin REST APIs

Nesaratnam Sivanoly

Published in

Identity Beyond Borders

2 min readJun 8, 2022

In this article we are going to take a look at how we can use the Admin REST APIs for Self-service authorization.

Before you begin

Please read the following articles

The Problem

The aim is to allow the users to send access requests and let the authorized person perform the approval process.

Based on the above readings you may find out that it is possible to extend the WSO2 Identity Server to cater to the Access-Request and the Access Approval as not an available alternative.

The Solution

The user journey will be as follows:

Steps to configure the Identity Server

Build the project

Clone the repository [1]
Run mvn clean install in the cloned directory to build the project.

2. Configure Identity Server

Copy the org.wso2.carbon.identity.extension.authz.rest.selfservice.valve.SelfServiceAuthzValve-1.0.jar to the /repository/components/dropins/ directory.
Add the valve configuration to the catalina-server.xml.j2 file which is in the /repository/resources/conf/templates/repository/conf/tomcat/directory as shown below.

<Valve className="org.wso2.carbon.identity.auth.valve.AuthenticationValve"/>
<Valve className="org.wso2.carbon.identity.extension.authz.rest.selfservice.valve.SelfServiceAuthzValve"/>

3. Start the WSO2 Identity Server.

4. Create the roles with the prefix as APP_.

5. Create the XACML policy to restrict access to specific user roles.

6. Add workflows