OpenAM provides a "Java EE Policy Agent", which is a PEP implementation (a Servlet Filter) to intercept requests and protect an application on the same container. The nice thing is:
admin can control the agent from the central Identity Provider. For example, admin can tell the agent to map SAML assertions to a HTTP header/cookie/HTTP request params before passing the request to the application.
admin can choose if the agent allows request according to the decision in PDP, or authorization should be enforced through the container's Java EE security policies (which may be configured declaratively in the XML deployment descriptor of the protected application).
Do WSO2 Identity Provider have similar PEP agent implementation with the 2 features above?
Many thanks
