1. 首页
  2. 问答
  3. WSO2的Identity Server XACML PAP和义务

WSO2的Identity Server XACML PAP和义务

2015-11-17 31 views
0

当添加了一套义务转化为使用WSO2的XML Web编辑器在OASIS XACML版本3语法的说明所述现有的XACML策略中,WSO2编辑器引发以下错误:WSO2的Identity Server XACML PAP和义务

Entitlement policy is not updated. Error is :Invalid Entitlement Policy. Policy is not valid according to XACML schema

下面的语句在策略定义的结束标记之前正确放置,请参阅行补充说:

其他版本3标准的语法也抛出了同样的错误。是否需要进一步配置,进行一些.xml或模式文件调整,以使编辑器将Obligation语句识别为有效语法?这是WSO2 IS版本5.

更新:

<Obligations> 
    <Obligation ObligationId="send-email" FulfillOn="Deny"> 
    <AttributeAssignment AttributeId="email" DataType="http://www.w3.org/2001/XMLSchema#string">[email protected]</AttributeAssignment> 
    </Obligation> 
</Obligations>

更新: 下面你找到工作XACML V3符合政策修正的义务语句的语法后:

错误声明 
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="RedLDAPPolicySaoPaulo" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides" Version="1.0"> 
    <Target> 
     <AnyOf> 
     <AllOf> 
      <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> 
       <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Singapore</AttributeValue> 
       <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:environment-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator> 
      </Match> 
     </AllOf> 
     </AnyOf> 
    </Target> 
    <Rule Effect="Permit" RuleId="Permit-Rule1"> 
     <Target> 
     <AnyOf> 
      <AllOf> 
       <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> 
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">123</AttributeValue> 
        <AttributeDesignator AttributeId="http://w3.red.com/subject/employeeCountryCode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator> 
       </Match> 
      </AllOf> 
     </AnyOf> 
     <AnyOf> 
      <AllOf> 
       <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> 
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ldap</AttributeValue> 
        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator> 
       </Match> 
      </AllOf> 
     </AnyOf> 
     <AnyOf> 
      <AllOf> 
       <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> 
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue> 
        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator> 
       </Match> 
      </AllOf> 
     </AnyOf> 
     </Target> 
    </Rule> 
    <Rule Effect="Deny" RuleId="Deny-Rule"></Rule> 
    <ObligationExpressions> 
     <ObligationExpression FulfillOn="Permit" ObligationId="citycheck"> 
     <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:3.0:example:attribute:text"> 
      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">The validation passed successfully</AttributeValue> 
     </AttributeAssignmentExpression> 
     </ObligationExpression> 
     <ObligationExpression FulfillOn="Deny" ObligationId="countrycheck"> 
     <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:3.0:example:attribute:text"> 
      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">The IDs country code is not valid</AttributeValue> 
     </AttributeAssignmentExpression> 
     </ObligationExpression> 
    </ObligationExpressions> 
</Policy>

来源

2015-11-17 Claude Falbriard

+0

你能粘贴您的整个政策? –

回答

0

从OASIS XACML版本3检查手册后,我发现错误是由于缺少语法合规性导致的。我已经将语句更新为最新的规范,我的非常简单的示例(如下所示)开始执行,为结果添加一个带有注释字符串的属性。

下面一个代码示例:

<ObligationExpressions> 
     <ObligationExpression FulfillOn="Permit" ObligationId="citycheck"> 
     <AttributeAssignmentExpression AttributeId="urn:oasis:names:tc:xacml:3.0:example:attribute:text"> 
      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">The validation passed sucessfully</AttributeValue> 
     </AttributeAssignmentExpression> 
     </ObligationExpression> 
    </ObligationExpressions>

下面的结果从WSO2复制的 “实战” 控制台:

     <Response xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"> 
<Result> 
<Decision>Permit</Decision> 
<Status> 
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/> 
</Status> 
<Obligations> 
<Obligation ObligationId="citycheck"> 
<AttributeAssignment AttributeId="urn:oasis:names:tc:xacml:3.0:example:attribute:text" DataType="http://www.w3.org/2001/XMLSchema#string"> 
The validation passed successfully</AttributeAssignment> 
</Obligation> 
</Obligations> 
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> 
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="true"> 
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ldap</AttributeValue> 
</Attribute> 
</Attributes> 
</Result> 
</Response>

来源

2015-11-17 21:52:13

相关问题

 相关问题