The Site Central Authorization Service (SCAS) is a Web Service that allows client programs to query for an authorization decision based upon user credentials to access a particular resource. The result of the query will either be an allow or deny. When the service decided to send an allow message to its requesting client it may include obligations. These obligations are undeniable and MUST be processed. The returned obligations can tell the client on which terms the credentials were allowed. In our case with the SCAS (and also with GUMS/PRIMA/gPlazma use cases) this will be Unix account mapping obligations (and other use case specific attributes).
When a SCAS is queried for a authorization decision it receives user credentials among other pieces of information that tells the SCAS more about the query's origin. The SCAS is mostly interested in the user credentials. The user credentials are extracted from the query and processed in Local Centre Authorization Service (LCAS) and Local Credential Mapping Service (LCMAPS).
On the return of the allow message from the SCAS back to the client, the LCMAPS mapping result will be transported back to the client in the form of an obligation that holds sufficient information to perform an LCMAPS mapping on the client side. The type of obligations may be extended to support other type of clients. But for now all LCMAPS based clients are supported (like the GT4 gatekeepers with LCMAPS and gLExec). This will be extended to GUMS/PRIMA/gPlazma in time because they will require the support for other XACML obligations.
LCAS_LOG_FILE: Name and location of the logfile
LCAS_LOG_TYPE: Type of logging (logfile, syslog, both or none)
LCAS_LOG_STRING: Log string to be prepended to the logging lines
LCAS_LOG_LEVEL: Log level (0-5)
LCAS_DB_FILE: Name of the lcas policy file
else if ((strcasecmp (cnv[i].name, "lcas_log_level") == 0) && (cnv[i].value)) LCAS_DEBUG_LEVEL: Debug level (0-5) LCAS_MOD_DIR: Location of the LCAS library LCAS_DIR: Location of the LCAS config files LCAS_ETC_DIR: Location of the LCAS config files (=LCAS_DIR)
else if ((strcasecmp (cnv[i].name, "lcmaps_mapdir") == 0) && (cnv[i].value)) LCMAPS_LOG_FILE: Name and location of the logfile LCMAPS_LOG_TYPE: Type of logging (logfile, syslog, both or none) LCMAPS_LOG_STRING: Log string to be prepended to the logging lines LCMAPS_DB_FILE: Name of the lcmaps policy file LCMAPS_LOG_LEVEL: Log level (0-5) LCMAPS_DEBUG_LEVEL: Debug level (0-5) LCMAPS_MOD_DIR: Location of the LCMAPS library LCMAPS_DIR: Location of the LCMAPS config files LCMAPS_ETC_DIR: Location of the LCMAPS config files (=LCMAPS_DIR) LCMAPS_POLICY_STRING The list of policies (default = NULL) LCMAPS_POLICY_ACQ_STRING The list of acquisition policies (default = acquisition_policy) LCMAPS_POLICY_ENF_STRING The list of enforcement policies (default = enforcement_policy)