This documentation is for WSO2 Identity Server 5.3.0 . View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The XACML TryIt Tool allows users to test their policies easily , without creating and sending authorization requests to Identity Server. It is a UI tool through which authorization requests can be created and evaluated against available policies in the system. Users You can create simple authorization requests using the web UI of the TryIt Tool. By switching to “Create Create Request Using Editor” Editor mode, you can write complex XACML 3.0 requests in XML format and try them.

...

Follow the instructions below to create a basic XACML 3.0 request for Evaluation. You can create a request using one of the following methods:

Table of Contents

Create request using editor

  1. Sign in. Enter your user name and password to log on in to the Management Console.
  2. Click Tools to access  and click TryIt under the XACML menu section.
  3. Click TryIt.
  4. Click on the Create Request Using Editor link.
  5. Use the "Toggle editor" , which can be selected at the bottom, to create a request in XML. The default elements are as follows:
    • <Resource>
    • <Subject>
    • <Action>
    • <Attribute AttributeId>
    • <AttributeValue/>
    • <Environment>

    Info

    Refer to XACML 2.0/3.0 specification for more information on XACML authorization requests.

  6. Click on the Evaluate With PDP button to complete the process. You will receive a response to the authorization request. 

Create request using UI

  1. Sign in. Enter your user name and password to log on in to the Management Console.
  2. Click Tools to access  and click TryIt under the XACML menu.Click TryIt section.
  3. Fill in the following fields and click the Create Request button.
    • Multiple Request - This enables you to evaluate multiple requests in order to make multiple decisions on multiple actions.
    • Return Policy List - Returns a list of all fully applicable policies and policy sets that were used in the decision.
    • Resource - Represents the resource that the user has requested to access.
    • Subject Name - Identifies the user who is accessing the resources.
    • Action Name - Action the user is trying to perform.
    • Environment Name - Provides additional information to evaluate the request, such as the current date and time, etc.

    Info

    Refer to XACML 2.0/3.0 specification for more information on XACML authorization requests.

  4. The generated request will appear appears on the editor. You can further edit the request if required. 
  5. Click on the Evaluate With PDP button to complete the process. You will receive a response to the authorization request.