Error during the creation of a role-based access control using XACML

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Error during the creation of a role-based access control using XACML

Thomas LEGRAND
Hello,

I have a use case where I want to prevent the access to an API Manager endpoint if the identified user does not have the role "secretAgent". To do so, I would like to use the XACML like described in the document in [1].

But, I have an error message which appears when I "Finish" the following XACML configuration from the Identity Server interface. Here is the configuration I made (if the user is a member of secretAgent, allow. Else, deny):

Images intégrées 1

Here is the configuration of the rule "AdminGrant" from the previous screenshot:

Images intégrées 2

And here is the error message which appears:

Images intégrées 3


Because I don't have any clue on what is wrongly generated, I don't know which one of the field is missing. So, is there a way to know the XML the identity server is generating or should I generate directly the XML file?

I am using the wso2is-km-5.3.0.

Regards,

Thomas



_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Error during the creation of a role-based access control using XACML

Omindu Rathnaweera
Hi Thomas,

Can you try the instructions given in [1] and see whether the issue gets resolved.


Regards,
Omindu

On Thu, Dec 21, 2017 at 7:27 PM, Thomas LEGRAND <[hidden email]> wrote:
Hello,

I have a use case where I want to prevent the access to an API Manager endpoint if the identified user does not have the role "secretAgent". To do so, I would like to use the XACML like described in the document in [1].

But, I have an error message which appears when I "Finish" the following XACML configuration from the Identity Server interface. Here is the configuration I made (if the user is a member of secretAgent, allow. Else, deny):

Images intégrées 1

Here is the configuration of the rule "AdminGrant" from the previous screenshot:

Images intégrées 2

And here is the error message which appears:

Images intégrées 3


Because I don't have any clue on what is wrongly generated, I don't know which one of the field is missing. So, is there a way to know the XML the identity server is generating or should I generate directly the XML file?

I am using the wso2is-km-5.3.0.

Regards,

Thomas



_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev




--
Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev