Thanks Omindu. It work. But just for case I switch to WSO2 IS 5.3.0 until the bug it's fixed
Regards, Jorge. 2017-11-06 17:33 GMT-05:00 Omindu Rathnaweera <omi...@wso2.com>: > Hi Jorge, > > Can you try setting the following property to false in > repository/conf/identity/entitlement.properties file. > > PDP.SchemaValidation.Enable=false > > The issue is due to IS and IS-KM using different implementations for > schema validation and it is already tracked under [1]. Note that setting > the above config will disable schema validation at policy creation. If you > are concerned about policy validation, you can create the policy in an IS > instance and upload it to IS-KM using the policy uploader. > > [1] - https://wso2.org/jira/browse/IDENTITY-3482 > > Reards, > Omindu > > On Mon, Nov 6, 2017 at 1:52 PM, Jorge <isildur...@gmail.com> wrote: > >> Hi all. >> >> I´m using wso2is-km-5.3.0 to integrate IS as a key manager with WSO2 AM >> 2.1.0 and also I want to create some XACML policies to ESB proxies in WSO2 >> Enterprise Integrator. >> >> If I use the Simple Policy Editor for a simple policy I get errors like >> this: >> >> [2017-11-06 16:17:42,332] ERROR >> {org.wso2.carbon.identity.entitlement.EntitlementUtil} >> - XACML policy is not valid according to the schema >> :cvc-complex-type.2.4.a: Invalid content was >> found starting with element 'Target'. One of >> '{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Description, >> "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyIssuer, >> "urn:oasis: >> names:tc:xacml:3.0:core:schema:wd-17":PolicyDefaults, >> "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Target}' is expected. >> >> [2017-11-06 16:24:09,688] ERROR >> {org.wso2.carbon.identity.entitlement.EntitlementUtil} >> - XACML policy is not valid according to the schema >> :cvc-complex-type.2.4.a: Invalid content was >> found starting with element 'Description'. One of >> '{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Description, >> "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyIssuer, "urn:o >> asis:names:tc:xacml:3.0:core:schema:wd-17":PolicyDefaults, >> "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Target}' is expected. >> >> [2017-11-06 16:30:50,896] ERROR >> {org.wso2.carbon.identity.entitlement.EntitlementUtil} >> - XACML policy is not valid according to the schema >> :cvc-complex-type.2.4.a: Invalid content was >> found starting with element 'Target'. One of >> '{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Description, >> "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyIssuer, >> "urn:oasis: >> names:tc:xacml:3.0:core:schema:wd-17":PolicyDefaults, >> "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Target}' is expected. >> >> [2017-11-06 16:34:55,077] ERROR >> {org.wso2.carbon.identity.entitlement.EntitlementUtil} >> - XACML policy is not valid according to the schema >> :cvc-complex-type.2.4.a: Invalid content was >> found starting with element 'Target'. One of >> '{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Description, >> "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyIssuer, >> "urn:oasis: >> names:tc:xacml:3.0:core:schema:wd-17":PolicyDefaults, >> "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Target}' is expected. >> >> [2017-11-06 16:37:04,133] ERROR >> {org.wso2.carbon.identity.entitlement.EntitlementUtil} >> - XACML policy is not valid according to the schema >> :cvc-complex-type.2.4.a: Invalid content was >> found starting with element 'Target'. One of >> '{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Description, >> "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyIssuer, >> "urn:oasis: >> names:tc:xacml:3.0:core:schema:wd-17":PolicyDefaults, >> "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Target}' is expected. >> >> >> If I use the wso2is-5.3.0 for the same policy, all work OK... >> >> >> Any idea why? >> >> Regards, >> Jorge. >> >> >> Sample policy: >> >> <Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" >> PolicyId="AccesoAdmin" RuleCombiningAlgId="urn:oasis: >> names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" >> Version="1.0"> >> <Target> >> <AnyOf> >> <AllOf> >> <Match MatchId="urn:oasis:names:tc:xa >> cml:1.0:function:string-equal"> >> <AttributeValue DataType="http://www.w3.org/20 >> 01/XMLSchema#string">https://WorkSoftDevelop:8245/services/getUserDataPS >> </AttributeValue> >> <AttributeDesignator AttributeId="urn:oasis:names:t >> c:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:x >> acml:3.0:attribute-category:resource" DataType="http://www.w3.org/20 >> 01/XMLSchema#string" MustBePresent="true"/> >> </Match> >> </AllOf> >> </AnyOf> >> </Target> >> <Rule Effect="Permit" RuleId="Rule-1"> >> <Target> >> <AnyOf> >> <AllOf> >> <Match MatchId="urn:oasis:names:tc:xa >> cml:1.0:function:string-equal"> >> <AttributeValue DataType="http://www.w3.org/20 >> 01/XMLSchema#string">read</AttributeValue> >> <AttributeDesignator >> AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" >> Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" >> DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> >> </Match> >> </AllOf> >> </AnyOf> >> </Target> >> <Condition> >> <Apply FunctionId="urn:oasis:names:tc >> :xacml:1.0:function:any-of"> >> <Function FunctionId="urn:oasis:names:tc >> :xacml:1.0:function:string-equal"/> >> <AttributeValue DataType="http://www.w3.org/20 >> 01/XMLSchema#string">admin</AttributeValue> >> <AttributeDesignator AttributeId="http://wso2.org/claims/role" >> Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" >> DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> >> </Apply> >> </Condition> >> </Rule> >> <Rule Effect="Permit" RuleId="Rule-2"> >> <Target> >> <AnyOf> >> <AllOf> >> <Match MatchId="urn:oasis:names:tc:xa >> cml:1.0:function:string-equal"> >> <AttributeValue DataType="http://www.w3.org/20 >> 01/XMLSchema#string">read</AttributeValue> >> <AttributeDesignator >> AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" >> Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" >> DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> >> </Match> >> </AllOf> >> </AnyOf> >> </Target> >> <Condition> >> <Apply FunctionId="urn:oasis:names:tc >> :xacml:1.0:function:any-of"> >> <Function FunctionId="urn:oasis:names:tc >> :xacml:1.0:function:string-equal"/> >> <AttributeValue DataType="http://www.w3.org/20 >> 01/XMLSchema#string">admin</AttributeValue> >> <AttributeDesignator AttributeId="urn:oasis:names:t >> c:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:x >> acml:1.0:subject-category:access-subject" DataType="http://www.w3.org/20 >> 01/XMLSchema#string" MustBePresent="true"/> >> </Apply> >> </Condition> >> </Rule> >> <Rule Effect="Deny" RuleId="Deny-Rule"/> >> </Policy> >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Omindu Rathnaweera > Senior Software Engineer, WSO2 Inc. > Mobile: +94 771 197 211 >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev