This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Page Comparison - Evaluating an XACML Policy (v.1 vs v.2) - Identity Server 5.0.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

XACML Try allows users to test their policies easily, without creating and sending authorization requests to Identity Server. It is a UI tool through which authorization requests can be created and evaluated against available policies in the system. Users can create simple authorization requests using the web UI of the Try-It feature. By switching to “Create Request Using Editor” mode, it is possible to compose more complex authorization requests.

Follow the instructions below to evaluate an XACML policy.

1. Sign in. Enter your user name and password to log on to the Management Console.

2. Click the "Main" button to access the "Entitlement" menu.

3. From the "Main" menu, select "TryIt" under "Entitlement."

4. Specify the required options on the "Evaluate Entitlement Policy" page:

  • Resource - Represents the resource that the user has requested to access.
  • Subject Name - Identifies the user who is accessing the resources.
  • Subject Attribute Name - If the user is identified using one of their user attributes/claims, then the attribute name, for example "," represents the user role.
  • Subject Attribute Value - Value of the user attribute.
  • Action Name - Action the user is trying to perform.
  • Environment Name - Provides additional information to evaluate the request, such as the current date and time, etc.

5. Click on the "Evaluate" button.

See also Creating basic XACML requests for Evaluation.


Instructions on how to evaluate an XACML policy.