WSO2 Identity Server supports the JSON format in addition to the default XML format when you work with XACML 3.0 requests and responses. Therefore, you can send XACML Multiple Decision Profile (MDP) requests in JSON format, and can also recieve MDP responses in the JSON format in an authorization flow in WSO2 Identity Server. For a list of key points you need to keep in mind when you work with XACML 3.0 JSON requests and responses, see JSON Support with XACML 3.0.
Let’s take a look at a sample scenario to understand how you can work with MDP requests and responses in JSON format using WSO2 Identity Server.
Consider a sample scenario where a user requests authorization to a resource registered in WSO2 Identity Server. When WSO2 Identity Server receives the request, the Policy Decision Point (PDP) performs policy evaluation and provides the authorization decision response. Here, we will look at a single request that contains multiple requests to be evaluated by the PDP.
The following topics walk you through the steps you need to follow to try out the sample scenario:
- Download and run WSO2 Identity Server. For detailed instrction on how to install WSO2 IS, see Installing the Product.
- Go to the Chrome Web Store and add the Postman app.
Follow the steps below to publish a sample policy to the PDP in WSO2 Identity Server:
- Access the WSO2 IS Management Console via https://localhost:9443/carbon/, and sign in using
- Click the Main tab on the Management Console, go to Entitlement -> PAP and then click Policy Administration. The Policy Administration screen appears.
- Click Add New Entitlement Policy. This displays the available policy creation methods.
- Click Write Policy in XML. This allows you to write a XACML policy based on your requirement using the XML editor.
Add the following sample policy and click Save Policy:
This adds the sample policy to the Available Entitlement Policies list.
- Click Publish to My PDP applicable to the sample policy that you added. This takes you to the Publish Policy screen.
- Click Publish. This displays a confirmation message asking whether you want to continue publishing to PDP.
- Click Yes. This publishes the policy to the PDP.
Now that you have published the policy, you can send a sample request and see how the policy evaluates the request.
Testing the authorization flow
You can use any REST client to send a sample request. In this tutorial we are going to use Google Chrome Postman app as the REST client.
Send the following as the sample JSON request:
Ensure that you specify the following when you send the sample request using the REST client:
Request type should be
Authorization method should be basic Base64Encoded username and password.
Content-Type should be
Endpoint URL should be
This request contains the
publicUser as attributes. And also contains the
Action category with
modify-welcome as attributes. Here, the two users,
publicUser are trying to access the
index.jsp resource. Therefore, the PEP should create eight different requests to grant both
publicUser permission to access the
index.jsp resource to perform the following four actions:
Analyzing the response
You will see a JSON response similar to the following:
You will see that the response has 8 decisions for the 8 requests.
Now that you understand how to work with MDP requests and responses in JSON format using WSO2 Identity Server, you can send XACML MDP requests in JSON format, and recieve MDP responses in the JSON format depending on your requirement in an authorization flow.