Hi Godwin,
When we are sending the Subject in a JSON payload, I figured out it should
be "*AccessSubject*" not Subject.
This is the sample request payload I changed for JSON,
{
"Request": {
"AccessSubject": {
"Attribute": [
{
"AttributeId":
"urn:oasis:names:tc:xacml:1.0:subject:subject-id",
"Value": "Andreas"
}
]
},
"Action": {
"Attribute": [
{
"AttributeId":
"urn:oasis:names:tc:xacml:1.0:action:action-id",
"Value": "read"
}
]
},
"Resource": {
"Attribute": [
{
"AttributeId":
"urn:oasis:names:tc:xacml:1.0:resource:resource-id",
"Value": "http://127.0.0.1/service/very_secure/";
}
]
}
}
}
I will update the doc with these details.
Thanks!
Dinali
On Thu, Nov 2, 2017 at 10:13 AM, Godwin Shrimal <[email protected]> wrote:
> Hi Dinali,
>
> XML request format is clear and I guess we have enough information
> regarding that. I am referring to JSON format on how to send subject.
>
>
> Thanks
> Godwin
>
> On Tue, Oct 31, 2017 at 10:24 PM, Dinali Dabarera <[email protected]> wrote:
>
>> Hi Godwin,
>>
>> As you mentioned in your offline chats, there is no mention about "how to
>> send the subject in the XACML Request" in our Docs.
>>
>> I did a small research on XACML spec and figured out we could send the
>> subject in the XACML request as follows,
>>
>> I changed the sample request on my blog [1] with the Subject attribute as
>> follows
>>
>> Request:
>>
>> <Request CombinedDecision="false" ReturnPolicyIdList="false"
>> xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
>> <Attributes
>> Category="urn:oasis:names:tc:xacml:3.0:subject-category:access-subject">
>> <Attribute IncludeInResult="false"
>> AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id">
>> <AttributeValue
>> DataType="urn:oasis:names:tc:xacml:1.0:data-type:rfc822Name">[email protected]</AttributeValue>
>> </Attribute>
>> </Attributes>
>> <Attributes
>> Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
>> <Attribute
>> AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
>> IncludeInResult="false">
>> <AttributeValue
>> DataType="http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue>
>> </Attribute>
>> </Attributes>
>> <Attributes
>> Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
>> <Attribute
>> AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
>> IncludeInResult="false">
>> <AttributeValue
>> DataType="http://www.w3.org/2001/XMLSchema#string";>http://127.0.0.1/service/very_secure/
>> </AttributeValue>
>> </Attribute>
>> </Attributes>
>> </Request>
>>
>> I will update XACML docs with this information.
>> Please let me know if you have any concerns on this! I hope this is what
>> you expected.
>>
>> [1] https://medium.com/@gdrdabarera/how-entitlement-management-
>> works-with-rest-api-via-xacml-in-wso2-identity-server-5-3-0-7a60940d040c
>>
>> Thank you!
>> Dinali
>>
>> -
>> *Dinali Rosemin Dabarera*
>> Software Engineer
>> WSO2 Lanka (pvt) Ltd.
>> Web: http://wso2.com/
>> Email : [email protected]
>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
>> Mobile: +94770198933 <+94%2077%20019%208933>
>>
>>
>>
>>
>> <https://lk.linkedin.com/in/dinalidabarera>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> *Godwin Amila Shrimal*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
> twitter: https://twitter.com/godwinamila
> <http://wso2.com/signature>
>
--
*Dinali Rosemin Dabarera*
Software Engineer
WSO2 Lanka (pvt) Ltd.
Web: http://wso2.com/
Email : [email protected]
LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
Mobile: +94770198933
<https://lk.linkedin.com/in/dinalidabarera>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
