This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Some predefined commonly used XACML Policy template samples where you can use by editing according to your use case.


    To get For more details on available XACML templates. Read me

  • A set of UI editors to create an XACML policy using UI configurations.


  • The standard policy editor is little similar to Basic Policy Editor. But it is basically designed for creating XACML 3.0 policy rules. Because there are several improvements with Obligation in XACML 3.0 when compare to 2.0. In XACML 2.0, obligations can only be added to policies and policy sets. But with XACML 3.0, rules can also contain Obligations. Therefore, if you want to get details of the obligations after the policy evaluated, It is good to use the Standard Policy Editor. 

  • As in Basic Policy Editor, there is a place to define the conditions which make the rules evaluated as "The policy is evaluated only when following are matched" and a place to define entitlement rules.

  • Advice is a newly introduced feature with XACML 3.0 which is similar to Obligations. But only different, when compared to Obligations, PEPs do not have to comply with advice statements. PEPs can consider or discard the statement. A common use case is to explain why something was denied. “User Bob Alex is denied because he has not a valid email”

  • Here the attribute "Define Policy Obligation or Advice" is not mandatory.