According to the XACML reference architecture, PIP (Policy Info Point) is the system entity that acts as a source of attribute values. Basically if there are missing attributes in the XACML request sent by PEP (Policy Enforcement Point), PIP would find them for the PDP (Policy Decision Point) to evaluate the policy.
This topic provides instructions on how to write a simple PIP attribute finder module to plug in to the WSO2 Identity Server. There are two ways that you can write a PIP attribute finder module.
- Restart the WSO2 Identity Server and log in to the management console.
- Go to the Main menu of the management console and click Extension under PDP.
- You can see that PIP attribute finder has been registered successfully and is visible under the Attribute Finder Extensions list. You can re-initialize this at run time.
Please upload the policy into the WSO2 Identity Server, then publish it to PDP and enable it.
You can then try out the policy with TryIt PEP.
Info title About debugging the sample code
This sample code can be debugged by starting the WSO2 Identity Server in the debug mode as follows.
wso2server.sh –debug 5005
wso2server.bat –debug 5005
Then you can clearly see how methods in the “KMarketJDBCAttributeFinder” are called by the PDP.