This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


titleBefore you begin

Before publishing a XACML policy to the Policy Decision Point (PDP), you need to create the policy first. For more information on how to create a XACML policy, see Creating a XACML Policy.

In order to use this a XACML policy in for authorization in WSO2 Identity Access Management(IAM), we Server, you need to publish it to the Policy Decision Point (PDP). During policy publishing where the authorization decision is made. The policy will not be enforced unless it is published.

At the point of publishing the policy, the policy in the Policy Administration Point(PAP) policy store will sync up with PDP policy store. The PDP is the place where authorization decision is taken. The PDP will access one or more policies in the Policy Administration Point(PAP), and other additional information such as subject, resource, action and environmental resources in the Policy Information Point(PIP) to get make the decision. Furthermore, this policy will not enforce unless it is published. (Read more about XACML Architecture)For more information about this process, see XACML system architecture

You can publish a XACML policy to PDP for runtime evaluation using the instructions in this topic.