This documentation is for WSO2 Identity Server 5.3.0 . View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The XACML TryIt Tool allows users to test their policies easily , without creating and sending authorization requests to Identity Server. It is a UI tool through which authorization requests can be created and evaluated against available policies in the system. Users You can create simple authorization requests using the web UI of the TryIt Tool. By switching to “Create Create Request Using Editor” Editor mode, it is possible to compose more complex authorization requests.you can write complex XACML 3.0 requests in XML format and try them.

Tip
titleBefore you begin

Prior to creating a basic XACML 3.0 request for evaluation you need to create a policy.

Follow the instructions below to create a basic XACML 3.0 request for Evaluation. You can create a request using one of the following methods:

Table of Contents

Create request using editor

  1. Sign in. Enter your user name and your user name and password to log on in to the Management Console.
  2. Click Tools to access  and click TryIt under the XACML menu section.
  3. Click TryIt.
  4. Click on the Create Request Using Editor link or the Create Request button.
    Image RemovedImage Added
  5. Use the "Toggle editor" , which can be selected at the bottom, to create a request in XML. The default elements are as follows:
    • <Resource>
    • <Subject>
    • <Action>
    • <Attribute>
    • <Attribute AttributeId>
    • <AttributeValue/>
    • <Environment>
    Please refer

    Image Added

    Info

    Refer to XACML 2.0/3.0 specification for

    details

    more information on XACML authorization requests.

    Note
    titleSample XACML XML request

    <Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">  
      <Subject>  
         <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
                   DataType="http://www.w3.org/2001/XMLSchema#string">  
           <AttributeValue>admin</AttributeValue>  
         </Attribute>  
      </Subject>  
      <Resource>  
         <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
                   DataType="http://www.w3.org/2001/XMLSchema#string">  
           <AttributeValue>http://localhost:8280/services/echo/echoString</AttributeValue>  
         </Attribute>  
      </Resource>  
      <Action>  
         <Attribute AttributeId="urn:oasis:names:tc:xacml:1.


    Image Removed

    0:action:action-id"
                      DataType="http://www.w3.org/2001/XMLSchema#string">  
         <AttributeValue>read</AttributeValue>  
         </Attribute>  
      </Action>  
    </Request>

  6. Click on the Evaluate With PDP button to complete the process. You will receive a response to the authorization request.

See also Evaluating a XACML Policy.

...

hiddentrue

...

  1.  

Create request using UI

  1. Sign in. Enter your user name and password to log in to the Management Console.
  2. Click Tools and click TryIt under the XACML section.
  3. Fill in the following fields and click the Create Request button.
    • Multiple Request - This enables you to evaluate multiple requests in order to make multiple decisions on multiple actions.
    • Return Policy List - Returns a list of all fully applicable policies and policy sets that were used in the decision.
    • Resource - Represents the resource that the user has requested to access.
    • Subject Name - Identifies the user who is accessing the resources.
    • Action Name - Action the user is trying to perform.
    • Environment Name - Provides additional information to evaluate the request, such as the current date and time, etc.

    Image Added

    Info

    Refer to XACML 2.0/3.0 specification for more information on XACML authorization requests.

  4. The generated request appears on the editor. You can further edit the request if required. 
  5. Click on the Evaluate With PDP button to complete the process. You receive a response to the authorization request.