This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Sign in. Enter your user name and password to log on to the Management Console.
  2. Click Tools to access the XACML menu.
  3. Click TryIt.
  4. Click on the Create Request Using Editor link.
  5. Use the "Toggle editor" to create a request in XML. The default elements are as follows:
    • <Resource>
    • <Subject>
    • <Action>
    • <Attribute>
    • <Attribute AttributeId>
    • <AttributeValue/>
    • <Environment>

    Info

    Refer to XACML 2.0/3.0 specification for more information on XACML authorization requests.

  6. Click on the Evaluate With PDP button to complete the process. You will receive a response to the authorization request.
  7. Note
    titleA sample XACML XML request

    <Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">  
      <Subject>  
         <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
                   DataType="http://www.w3.org/2001/XMLSchema#string">  
           <AttributeValue>admin</AttributeValue>  
         </Attribute>  
      </Subject>  
      <Resource>  
         <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
                   DataType="http://www.w3.org/2001/XMLSchema#string">  
           <AttributeValue>http://localhost:8280/services/echo/echoString</AttributeValue>  
         </Attribute>  
      </Resource>  
      <Action>  
         <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
                      DataType="http://www.w3.org/2001/XMLSchema#string">  
         <AttributeValue>read</AttributeValue>  
         </Attribute>  
      </Action>  
    </Request>

  8. Click on the Evaluate With PDP button to complete the process. You will receive a response to the authorization request.


Create request using UI

  1. Sign in. Enter your user name and password to log on to the Management Console.
  2. Click Tools to access the XACML menu.
  3. Click TryIt.
  4. Fill in the following fields and click the Create Request button.
    • Multiple Request - This enables you to evaluate multiple requests in order to make multiple decisions on multiple actions.
    • Return Policy List - Returns a list of all fully applicable policies and policy sets that were used in the decision.
    • Resource - Represents the resource that the user has requested to access.
    • Subject Name - Identifies the user who is accessing the resources.
    • Action Name - Action the user is trying to perform.
    • Environment Name - Provides additional information to evaluate the request, such as the current date and time, etc.

    Info

    Refer to XACML 2.0/3.0 specification for more information on XACML authorization requests.

  5. The generated request will appear on the editor. You can further edit the request if required. 
  6. Click on the Evaluate With PDP button to complete the process. You will receive a response to the authorization request.