XACML Try allows users to test their policies easily, without creating and sending authorization requests to Identity Server. It is a UI tool through which authorization requests can be created and evaluated against available policies in the system. Users can create simple authorization requests using the web UI of the Try-It feature. By switching to “Create Request Using Editor” mode, it is possible to compose more complex authorization requests.
Follow the instructions below to evaluate an XACML policy.
1. Sign in. Enter your user name and password to log on to the Management Console.
2. Click the "Main" button to access the "Entitlement" menu.
3. From the "Main" menu, select "TryIt" under "Entitlement."
4. Specify the required options on the "Evaluate Entitlement Policy" page:
- Resource - Represents the resource that the user has requested to access.
- Subject Name - Identifies the user who is accessing the resources.
- Subject Attribute Name - If the user is identified using one of their user attributes/claims, then the attribute name, for example " ," represents the user role.
- Subject Attribute Value - Value of the user attribute.
- Action Name - Action the user is trying to perform.
- Environment Name - Provides additional information to evaluate the request, such as the current date and time, etc.
5. Click on the "Evaluate" button.
Instructions on how to evaluate an XACML policy.