Authorization is a process of authorizing a user that has been authenticated to access some resources and allowing the user to proceed with the incoming request.
Authorization of a request is supported based on roles. When a request is authenticated, an SAML assertion is generated that may contains the roles as attributes of the SAML assertions. The roles in the SAML assertion may be originated as follows:
From the groups defined in the LDAP which is applicable for basic or Username Token authentication.
From the authenticated SAML assertion which is applicable for SAML.
