Hi all.
I´m using wso2is-km-5.3.0 to integrate IS as a key manager with WSO2 AM
2.1.0 and also I want to create some XACML policies to ESB proxies in WSO2
Enterprise Integrator.
If I use the Simple Policy Editor for a simple policy I get errors like
this:
[2017-11-06 16:17:42,332] ERROR
{org.wso2.carbon.identity.entitlement.EntitlementUtil} - XACML policy is
not valid according to the schema :cvc-complex-type.2.4.a: Invalid content
was
found starting with element 'Target'. One of
'{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Description,
"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyIssuer, "urn:oasis:
names:tc:xacml:3.0:core:schema:wd-17":PolicyDefaults,
"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Target}' is expected.
[2017-11-06 16:24:09,688] ERROR
{org.wso2.carbon.identity.entitlement.EntitlementUtil} - XACML policy is
not valid according to the schema :cvc-complex-type.2.4.a: Invalid content
was
found starting with element 'Description'. One of
'{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Description,
"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyIssuer, "urn:o
asis:names:tc:xacml:3.0:core:schema:wd-17":PolicyDefaults,
"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Target}' is expected.
[2017-11-06 16:30:50,896] ERROR
{org.wso2.carbon.identity.entitlement.EntitlementUtil} - XACML policy is
not valid according to the schema :cvc-complex-type.2.4.a: Invalid content
was
found starting with element 'Target'. One of
'{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Description,
"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyIssuer, "urn:oasis:
names:tc:xacml:3.0:core:schema:wd-17":PolicyDefaults,
"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Target}' is expected.
[2017-11-06 16:34:55,077] ERROR
{org.wso2.carbon.identity.entitlement.EntitlementUtil} - XACML policy is
not valid according to the schema :cvc-complex-type.2.4.a: Invalid content
was
found starting with element 'Target'. One of
'{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Description,
"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyIssuer, "urn:oasis:
names:tc:xacml:3.0:core:schema:wd-17":PolicyDefaults,
"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Target}' is expected.
[2017-11-06 16:37:04,133] ERROR
{org.wso2.carbon.identity.entitlement.EntitlementUtil} - XACML policy is
not valid according to the schema :cvc-complex-type.2.4.a: Invalid content
was
found starting with element 'Target'. One of
'{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Description,
"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyIssuer, "urn:oasis:
names:tc:xacml:3.0:core:schema:wd-17":PolicyDefaults,
"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Target}' is expected.
If I use the wso2is-5.3.0 for the same policy, all work OK...
Any idea why?
Regards,
Jorge.
Sample policy:
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
PolicyId="AccesoAdmin"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"
Version="1.0">
<Target>
<AnyOf>
<AllOf>
<Match
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="
http://www.w3.org/2001/XMLSchema#string";>
https://WorkSoftDevelop:8245/services/getUserDataPS</AttributeValue>
<AttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule Effect="Permit" RuleId="Rule-1">
<Target>
<AnyOf>
<AllOf>
<Match
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="
http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue>
<AttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="
http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
<Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
<AttributeValue DataType="
http://www.w3.org/2001/XMLSchema#string";>admin</AttributeValue>
<AttributeDesignator AttributeId="http://wso2.org/claims/role";
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/>
</Apply>
</Condition>
</Rule>
<Rule Effect="Permit" RuleId="Rule-2">
<Target>
<AnyOf>
<AllOf>
<Match
MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="
http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue>
<AttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="
http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
<Function
FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
<AttributeValue DataType="
http://www.w3.org/2001/XMLSchema#string";>admin</AttributeValue>
<AttributeDesignator
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/>
</Apply>
</Condition>
</Rule>
<Rule Effect="Deny" RuleId="Deny-Rule"/>
</Policy>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
