Versions Compared

Old Version 10

changes.mady.by.user Former user

Saved on

compared with

New Version 11

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
maxLevel6
minLevel6


addPolicy()


DescriptionAdds a new policy.
Input Parameters
ParameterDescription
policy
The policy that should be registered. The XACML policy should be embedded to the SOAP service as a CDATA.
version
Version of the policy.
policyId
The policy name that should be registered.
Request
Expand
titleClick here to see the request
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.entitlement.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:addPolicy>
         <!--Optional:-->
         <xsd:policyDTO>
            <!--Optional:-->
            <xsd1:policy><![CDATA[
				   <Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"  PolicyId="sample_policy_template" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0">
				   <Description>This policy template provides ability to authorize users to a given service provider(defined by SP_NAME) in the authentication flow based on the roles of the user (defined by ROLE_1 and ROLE_2). Users who have at least one of the given roles, will be allowed and any others will be denied.</Description>
				   <Target>
				      <AnyOf>
				         <AllOf>
				            <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
				               <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SP_NAME</AttributeValue>
				               <AttributeDesignator AttributeId="http://wso2.org/identity/sp/sp-name" Category="http://wso2.org/identity/sp" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"></AttributeDesignator>
				            </Match>
				         </AllOf>
				      </AnyOf>
				   </Target>
				   <Rule Effect="Permit" RuleId="permit_by_roles">
				      <Condition>
				         <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
				            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
				               <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ROLE_1_1_1</AttributeValue>
				               <AttributeDesignator AttributeId="http://wso2.org/claims/role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
				            </Apply>
				         </Apply>
				      </Condition>
				   </Rule>
				   <Rule Effect="Deny" RuleId="deny_others"></Rule>
				</Policy>        
				]]>
			</xsd1:policy>
            <!--Optional:-->
            <xsd1:version>1.0</xsd1:version>
            <xsd1:policyId>sample_policy_template</xsd1:policyId>
         </xsd:policyDTO>
      </xsd:addPolicy>
   </soapenv:Body>
</soapenv:Envelope>
Response
Expand
titleClick here to see the sample response
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:addPolicyResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:addPolicyResponse>
   </soapenv:Body>
</soapenv:Envelope>
getAllPolicyIds()


DescriptionRetrieve all policy names or policy Ids.
Input Parameters

None


Request
Expand
titleClick here to see the request
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:getAllPolicyIds>    
      </xsd:getAllPolicyIds>
   </soapenv:Body>
</soapenv:Envelope>
Response
Expand
titleClick here to see the response
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:getAllPolicyIdsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2340="http://dto.entitlement.identity.carbon.wso2.org/xsd" xmlns:ax2338="http://entitlement.identity.carbon.wso2.org/xsd">
         <ns:return>authn_role_based_policy_template</ns:return>
         <ns:return>authn_scope_based_policy_template</ns:return>
         <ns:return>authn_time_and_role_based_policy_template</ns:return>
         <ns:return>authn_time_and_scope_based_policy_template</ns:return>
         <ns:return>authn_time_and_user_claim_based_policy_template</ns:return>
         <ns:return>authn_time_and_user_store_based_policy_template</ns:return>
         <ns:return>authn_time_based_policy_template</ns:return>
         <ns:return>authn_user_claim_based_policy_template</ns:return>
         <ns:return>authn_user_store_based_policy_template</ns:return>
         <ns:return>provisioning_role_based_policy</ns:return>
         <ns:return>provisioning_role_based_policy_template</ns:return>
         <ns:return>provisioning_time_and_role_based_policy_template</ns:return>
         <ns:return>provisioning_time_and_user_claim_based_policy_template</ns:return>
         <ns:return>provisioning_time_based_policy_template</ns:return>
         <ns:return>provisioning_user_claim_based_policy_template</ns:return>
         <ns:return>samplePolicy</ns:return>
         <ns:return>samplePolicy1</ns:return>
         <ns:return>samplepolicy_template</ns:return>
      </ns:getAllPolicyIdsResponse>
   </soapenv:Body>
</soapenv:Envelope>


getPolicy()


DescriptionRetrieve a pre-defined policy.
Input Parameters
ParameterDescription
policyId
The policy name that should be registered.
isPDPPolicy
A boolean which tells whether the policy is published to PDP or not.
Request
Expand
titleClick here to see the request
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:getPolicy>
         <!--Optional:-->
         <xsd:policyId>authn_time_and_user_claim_based_policy_template</xsd:policyId>
         <!--Optional:-->
         <xsd:isPDPPolicy>false</xsd:isPDPPolicy>
      </xsd:getPolicy>
   </soapenv:Body>
</soapenv:Envelope>
Response
Expand
titleClick here to see the response
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:getPolicyResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:type="ax2340:PolicyDTO" xmlns:ax2340="http://dto.entitlement.identity.carbon.wso2.org/xsd" xmlns:ax2338="http://entitlement.identity.carbon.wso2.org/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2340:active>true</ax2340:active>
            <ax2340:attributeDTOs xsi:type="ax2340:AttributeDTO">
               <ax2340:attributeDataType>http://www.w3.org/2001/XMLSchema#string</ax2340:attributeDataType>
               <ax2340:attributeId>http://wso2.org/identity/sp/sp-name</ax2340:attributeId>
               <ax2340:attributeValue>SP_NAME</ax2340:attributeValue>
               <ax2340:category>http://wso2.org/identity/sp</ax2340:category>
            </ax2340:attributeDTOs>
            <ax2340:attributeDTOs xsi:type="ax2340:AttributeDTO">
               <ax2340:attributeDataType>http://www.w3.org/2001/XMLSchema#string</ax2340:attributeDataType>
               <ax2340:attributeId>http://wso2.org/identity/identity-action/action-name</ax2340:attributeId>
               <ax2340:attributeValue>authenticate</ax2340:attributeValue>
               <ax2340:category>http://wso2.org/identity/identity-action</ax2340:category>
            </ax2340:attributeDTOs>
            <ax2340:attributeDTOs xsi:type="ax2340:AttributeDTO">
               <ax2340:attributeDataType>http://www.w3.org/2001/XMLSchema#time</ax2340:attributeDataType>
               <ax2340:attributeId>urn:oasis:names:tc:xacml:1.0:environment:current-time</ax2340:attributeId>
               <ax2340:attributeValue>09:00:00</ax2340:attributeValue>
               <ax2340:category>urn:oasis:names:tc:xacml:3.0:attribute-category:environment</ax2340:category>
            </ax2340:attributeDTOs>
            <ax2340:attributeDTOs xsi:type="ax2340:AttributeDTO">
               <ax2340:attributeDataType>http://www.w3.org/2001/XMLSchema#time</ax2340:attributeDataType>
               <ax2340:attributeId>urn:oasis:names:tc:xacml:1.0:environment:current-time</ax2340:attributeId>
               <ax2340:attributeValue>17:00:00</ax2340:attributeValue>
               <ax2340:category>urn:oasis:names:tc:xacml:3.0:attribute-category:environment</ax2340:category>
            </ax2340:attributeDTOs>
            <ax2340:attributeDTOs xsi:type="ax2340:AttributeDTO">
               <ax2340:attributeDataType>http://www.w3.org/2001/XMLSchema#string</ax2340:attributeDataType>
               <ax2340:attributeId>CLAIM_URI_1</ax2340:attributeId>
               <ax2340:attributeValue>CLAIM_VALUE_1</ax2340:attributeValue>
               <ax2340:category>urn:oasis:names:tc:xacml:3.0:attribute-category:resource</ax2340:category>
            </ax2340:attributeDTOs>
            <ax2340:attributeDTOs xsi:type="ax2340:AttributeDTO">
               <ax2340:attributeDataType>http://www.w3.org/2001/XMLSchema#string</ax2340:attributeDataType>
               <ax2340:attributeId>CLAIM_URI_2</ax2340:attributeId>
               <ax2340:attributeValue>CLAIM_VALUE_2</ax2340:attributeValue>
               <ax2340:category>urn:oasis:names:tc:xacml:3.0:attribute-category:resource</ax2340:category>
            </ax2340:attributeDTOs>
            <ax2340:lastModifiedTime>1508817592043</ax2340:lastModifiedTime>
            <ax2340:lastModifiedUser xsi:nil="true"/>
            <ax2340:policy><![CDATA[<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"  PolicyId="authn_time_and_user_claim_based_policy_template" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0"><Description>This template policy provides ability to authorize users to a given service provider(defined by SP_NAME) in the authentication flow based on the claim values of the user (CLAIM_URI_1=CLAIM_VALUE_1 and CLAIM_URI_2=CLAIM_VALUE_2) and the time of the day (eg. between 09:00:00 to 17:00:00). Users with the given claim values and who are logged in within the given time range will be allowed and any other users will be denied.</Description><Target><AnyOf><AllOf><Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SP_NAME</AttributeValue><AttributeDesignator AttributeId="http://wso2.org/identity/sp/sp-name" Category="http://wso2.org/identity/sp" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"></AttributeDesignator></Match><Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">authenticate</AttributeValue><AttributeDesignator AttributeId="http://wso2.org/identity/identity-action/action-name" Category="http://wso2.org/identity/identity-action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"></AttributeDesignator></Match></AllOf></AnyOf></Target><Rule Effect="Permit" RuleId="permit_by_claims_and_time"><Condition><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"><Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"><AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#time" MustBePresent="true"></AttributeDesignator></Apply><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">09:00:00</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">17:00:00</AttributeValue></Apply><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"><AttributeDesignator AttributeId="CLAIM_URI_1" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator></Apply><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">CLAIM_VALUE_1</AttributeValue></Apply><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"><AttributeDesignator AttributeId="CLAIM_URI_2" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator></Apply><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">CLAIM_VALUE_2</AttributeValue></Apply></Apply></Condition></Rule><Rule Effect="Deny" RuleId="deny_others"></Rule></Policy>]]></ax2340:policy>
            <ax2340:policyEditor xsi:nil="true"/>
            <ax2340:policyId>authn_time_and_user_claim_based_policy_template</ax2340:policyId>
            <ax2340:policyOrder>12</ax2340:policyOrder>
            <ax2340:policyType>Policy</ax2340:policyType>
            <ax2340:promote>false</ax2340:promote>
            <ax2340:version>1</ax2340:version>
         </ns:return>
      </ns:getPolicyResponse>
   </soapenv:Body>
</soapenv:Envelope>


Policy Evaluation API

Table of Contents
maxLevel4
minLevel4
typeflat

...