This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Page Comparison - Writing a Custom Policy Info Point (v.5 vs v.8) - Identity Server 5.0.0 - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning

This page is currently under construction.

 According to the XACML reference architecture, PIP (Policy Info Point) is the system entity that acts as a source of attribute values. Basically if there are missing attributes in the XACML request sent by PEP (Policy Enforcement Point), PIP would find them for the PDP (Policy Decision Point) to evaluate the policy.

This topic provides instructions on how to write a simple PIP attribute finder module to plug in to the WSO2 Identity Server. There are two ways that you can write a PIP attribute finder module.

...

  1. Restart the WSO2 Identity Server and log in to the management console
  2. Go to the Main menu of the management console and click Extension under PDP.
  3. You can see that PIP attribute finder has been registered successfully and is visible under the Attribute Finder Extensions list. You can re-initialize this at run time.
  4. To test this attribute finder, you can use this policy and this request. 

  5. Please upload the policy into the WSO2 Identity Server, then publish it to PDP and enable it. 

  6. You can then try out the policy with TryIt PEP.

    Info
    titleAbout debugging the sample code

    This sample code can be debugged by starting the WSO2 Identity Server in the debug mode as follows. 

    UNIX: wso2server.sh –debug 5005

    Windows: wso2server.bat –debug 5005 

    Then you can clearly see how methods in the “KMarketJDBCAttributeFinder” are called by the PDP.