Hi,
This is a parallel followup to another thread since the XACML 2.0 policy that
Thanuja provided seems to import into WSO2 5.0 and I can continue in parallel
with 5.0.
So, now that I can get the XACML 2.0 policy into WSO2 5.0, I am trying to send
a XACML 2.0 request into WSO2, and when I try that via Tryit/Create a request,
I get "NotApplicable", even if I cut both the policy and request down to just
Resource.
Here's the XACML 2.0 policy in WSO2 5.0:
<Policy
xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="mypolicy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">
<Description>xxx</Description>
<Target>
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string";>/*</AttributeValue>
<ResourceAttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:xpath"
DataType="http://www.w3.org/2001/XMLSchema#string";>
</ResourceAttributeDesignator>
</ResourceMatch>
</Resource>
</Resources>
</Target>
</Policy>
and, here's the XACML 2.0 request I tried:
<?xml version="1.0" encoding="UTF-8"?>
<Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:context:schema:os
access_control-xacml-2.0-context-schema-os.xsd">
<Resource>
<Attribute
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
DataType="http://www.w3.org/2001/XMLSchema#anyURI";>
<AttributeValue>/foo</AttributeValue>
</Attribute>
</Resource>
<Environment/>
</Request>
and the response from WSO2 5.0:
<Response
xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<Result>
<Decision>NotApplicable</Decision>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</Status>
</Result>
</Response>
I also see this in the WSO2 console log:
[2014-07-21 11:27:00,316] INFO {org.wso2.balana.finder.AttributeFinder} - Fail
ed to resolve any values for urn:oasis:names:tc:xacml:1.0:resource:xpath
[2014-07-21 11:27:46,387] INFO {org.wso2.carbon.identity.entitlement.pip.Carbon
AttributeFinder} - No attribute designators defined for the attribute urn:oasis
:names:tc:xacml:1.0:resource:xpath
[2014-07-21 11:27:46,388] INFO {org.wso2.balana.finder.AttributeFinder} - Fail
ed to resolve any values for urn:oasis:names:tc:xacml:1.0:resource:xpath
but the timing of those log messages doesn't appear to coincide with my
testing, i.e., I don't get the above messages whenever I test (maybe WSO2 is
caching an error)?
Why would I be getting the NotApplicable?
Also, note that the response appears to be XACML 3.0, even though the request
was XACML 2.0. Is that normal?
Thanks,
Jim_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
