Versions Compared

Old Version 13

changes.mady.by.user Former user

Saved on

compared with

New Version 14

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

DescriptionRetrieve a pre-defined policy.
Input Parameters
ParameterDescription
policyId
The policy name that is registered.
isPDPPolicy
A boolean which tells whether the policy is published to PDP or not.
Request
Expand
titleClick here to see the request
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:getPolicy>
         <!--Optional:-->
         <xsd:policyId>authn_time_and_user_claim_based_policy_template</xsd:policyId>
         <!--Optional:-->
         <xsd:isPDPPolicy>false</xsd:isPDPPolicy>
      </xsd:getPolicy>
   </soapenv:Body>
</soapenv:Envelope>
Response
Expand
titleClick here to see the response
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:getPolicyResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:type="ax2340:PolicyDTO" xmlns:ax2340="http://dto.entitlement.identity.carbon.wso2.org/xsd" xmlns:ax2338="http://entitlement.identity.carbon.wso2.org/xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2340:active>true</ax2340:active>
            <ax2340:attributeDTOs xsi:type="ax2340:AttributeDTO">
               <ax2340:attributeDataType>http://www.w3.org/2001/XMLSchema#string</ax2340:attributeDataType>
               <ax2340:attributeId>http://wso2.org/identity/sp/sp-name</ax2340:attributeId>
               <ax2340:attributeValue>SP_NAME</ax2340:attributeValue>
               <ax2340:category>http://wso2.org/identity/sp</ax2340:category>
            </ax2340:attributeDTOs>
            <ax2340:attributeDTOs xsi:type="ax2340:AttributeDTO">
               <ax2340:attributeDataType>http://www.w3.org/2001/XMLSchema#string</ax2340:attributeDataType>
               <ax2340:attributeId>http://wso2.org/identity/identity-action/action-name</ax2340:attributeId>
               <ax2340:attributeValue>authenticate</ax2340:attributeValue>
               <ax2340:category>http://wso2.org/identity/identity-action</ax2340:category>
            </ax2340:attributeDTOs>
            <ax2340:attributeDTOs xsi:type="ax2340:AttributeDTO">
               <ax2340:attributeDataType>http://www.w3.org/2001/XMLSchema#time</ax2340:attributeDataType>
               <ax2340:attributeId>urn:oasis:names:tc:xacml:1.0:environment:current-time</ax2340:attributeId>
               <ax2340:attributeValue>09:00:00</ax2340:attributeValue>
               <ax2340:category>urn:oasis:names:tc:xacml:3.0:attribute-category:environment</ax2340:category>
            </ax2340:attributeDTOs>
            <ax2340:attributeDTOs xsi:type="ax2340:AttributeDTO">
               <ax2340:attributeDataType>http://www.w3.org/2001/XMLSchema#time</ax2340:attributeDataType>
               <ax2340:attributeId>urn:oasis:names:tc:xacml:1.0:environment:current-time</ax2340:attributeId>
               <ax2340:attributeValue>17:00:00</ax2340:attributeValue>
               <ax2340:category>urn:oasis:names:tc:xacml:3.0:attribute-category:environment</ax2340:category>
            </ax2340:attributeDTOs>
            <ax2340:attributeDTOs xsi:type="ax2340:AttributeDTO">
               <ax2340:attributeDataType>http://www.w3.org/2001/XMLSchema#string</ax2340:attributeDataType>
               <ax2340:attributeId>CLAIM_URI_1</ax2340:attributeId>
               <ax2340:attributeValue>CLAIM_VALUE_1</ax2340:attributeValue>
               <ax2340:category>urn:oasis:names:tc:xacml:3.0:attribute-category:resource</ax2340:category>
            </ax2340:attributeDTOs>
            <ax2340:attributeDTOs xsi:type="ax2340:AttributeDTO">
               <ax2340:attributeDataType>http://www.w3.org/2001/XMLSchema#string</ax2340:attributeDataType>
               <ax2340:attributeId>CLAIM_URI_2</ax2340:attributeId>
               <ax2340:attributeValue>CLAIM_VALUE_2</ax2340:attributeValue>
               <ax2340:category>urn:oasis:names:tc:xacml:3.0:attribute-category:resource</ax2340:category>
            </ax2340:attributeDTOs>
            <ax2340:lastModifiedTime>1508817592043</ax2340:lastModifiedTime>
            <ax2340:lastModifiedUser xsi:nil="true"/>
            <ax2340:policy><![CDATA[<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"  PolicyId="authn_time_and_user_claim_based_policy_template" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0"><Description>This template policy provides ability to authorize users to a given service provider(defined by SP_NAME) in the authentication flow based on the claim values of the user (CLAIM_URI_1=CLAIM_VALUE_1 and CLAIM_URI_2=CLAIM_VALUE_2) and the time of the day (eg. between 09:00:00 to 17:00:00). Users with the given claim values and who are logged in within the given time range will be allowed and any other users will be denied.</Description><Target><AnyOf><AllOf><Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SP_NAME</AttributeValue><AttributeDesignator AttributeId="http://wso2.org/identity/sp/sp-name" Category="http://wso2.org/identity/sp" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"></AttributeDesignator></Match><Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">authenticate</AttributeValue><AttributeDesignator AttributeId="http://wso2.org/identity/identity-action/action-name" Category="http://wso2.org/identity/identity-action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"></AttributeDesignator></Match></AllOf></AnyOf></Target><Rule Effect="Permit" RuleId="permit_by_claims_and_time"><Condition><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"><Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"><AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" DataType="http://www.w3.org/2001/XMLSchema#time" MustBePresent="true"></AttributeDesignator></Apply><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">09:00:00</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">17:00:00</AttributeValue></Apply><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"><AttributeDesignator AttributeId="CLAIM_URI_1" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator></Apply><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">CLAIM_VALUE_1</AttributeValue></Apply><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"><AttributeDesignator AttributeId="CLAIM_URI_2" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator></Apply><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">CLAIM_VALUE_2</AttributeValue></Apply></Apply></Condition></Rule><Rule Effect="Deny" RuleId="deny_others"></Rule></Policy>]]></ax2340:policy>
            <ax2340:policyEditor xsi:nil="true"/>
            <ax2340:policyId>authn_time_and_user_claim_based_policy_template</ax2340:policyId>
            <ax2340:policyOrder>12</ax2340:policyOrder>
            <ax2340:policyType>Policy</ax2340:policyType>
            <ax2340:promote>false</ax2340:promote>
            <ax2340:version>1</ax2340:version>
         </ns:return>
      </ns:getPolicyResponse>
   </soapenv:Body>
</soapenv:Envelope>


getPolicyVersions()


DescriptionGet the version of a given policy.
Input Parameters
ParameterDescription
policyId
The policy name is registered.
Request
Expand
titleClick here to see the request
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:getPolicyVersions>
         <!--Optional:-->
         <xsd:policyId>authn_time_and_user_claim_based_policy_template</xsd:policyId>
      </xsd:getPolicyVersions>
   </soapenv:Body>
</soapenv:Envelope>
Responae
Expand
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:getPolicyVersionsResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2340="http://dto.entitlement.identity.carbon.wso2.org/xsd" xmlns:ax2338="http://entitlement.identity.carbon.wso2.org/xsd">
         <ns:return>1</ns:return>
      </ns:getPolicyVersionsResponse>
   </soapenv:Body>
</soapenv:Envelope>
getPublisherModuleData()


DescriptionGet the details of the publisher
Input Parameters

None

Request
Expand
titleClick here to expand the request
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:getPublisherModuleData/>
   </soapenv:Body>
</soapenv:Envelope>
Response
Expand
titleClick here to expand the response
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:getPublisherModuleDataResponse xmlns:ns="http://org.apache.axis2/xsd" xmlns:ax2340="http://dto.entitlement.identity.carbon.wso2.org/xsd" xmlns:ax2338="http://entitlement.identity.carbon.wso2.org/xsd">
         <ns:return xsi:type="ax2340:PublisherDataHolder" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <ax2340:moduleName>Carbon Basic Auth Policy Publisher Module</ax2340:moduleName>
            <ax2340:propertyDTOs xsi:type="ax2340:PublisherPropertyDTO">
               <ax2340:displayName>Subscriber Password</ax2340:displayName>
               <ax2340:displayOrder>3</ax2340:displayOrder>
               <ax2340:id>subscriberPassword</ax2340:id>
               <ax2340:module>Carbon Basic Auth Policy Publisher Module</ax2340:module>
               <ax2340:required>true</ax2340:required>
               <ax2340:secret>true</ax2340:secret>
               <ax2340:value xsi:nil="true"/>
            </ax2340:propertyDTOs>
            <ax2340:propertyDTOs xsi:type="ax2340:PublisherPropertyDTO">
               <ax2340:displayName>Subscriber URL</ax2340:displayName>
               <ax2340:displayOrder>1</ax2340:displayOrder>
               <ax2340:id>subscriberURL</ax2340:id>
               <ax2340:module>Carbon Basic Auth Policy Publisher Module</ax2340:module>
               <ax2340:required>true</ax2340:required>
               <ax2340:secret>false</ax2340:secret>
               <ax2340:value xsi:nil="true"/>
            </ax2340:propertyDTOs>
            <ax2340:propertyDTOs xsi:type="ax2340:PublisherPropertyDTO">
               <ax2340:displayName>Subscriber User Name</ax2340:displayName>
               <ax2340:displayOrder>2</ax2340:displayOrder>
               <ax2340:id>subscriberUserName</ax2340:id>
               <ax2340:module>Carbon Basic Auth Policy Publisher Module</ax2340:module>
               <ax2340:required>true</ax2340:required>
               <ax2340:secret>false</ax2340:secret>
               <ax2340:value xsi:nil="true"/>
            </ax2340:propertyDTOs>
            <ax2340:propertyDTOs xsi:type="ax2340:PublisherPropertyDTO">
               <ax2340:displayName>Subscriber Id</ax2340:displayName>
               <ax2340:displayOrder>0</ax2340:displayOrder>
               <ax2340:id>subscriberId</ax2340:id>
               <ax2340:module>Carbon Basic Auth Policy Publisher Module</ax2340:module>
               <ax2340:required>true</ax2340:required>
               <ax2340:secret>false</ax2340:secret>
               <ax2340:value xsi:nil="true"/>
            </ax2340:propertyDTOs>
         </ns:return>
      </ns:getPublisherModuleDataResponse>
   </soapenv:Body>
</soapenv:Envelope>
publishToPDP()


DescriptionPublish a policy to PDP
Input Parameters
ParameterDescription
policyId
The policy name that should be published to PDP.
Request
Expand
titleClick here to expand the request
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:publishToPDP>
         <!--Zero or more repetitions:-->
         <xsd:policyIds>provisioning_user_claim_based_policy_template</xsd:policyIds>
         <!--Optional:-->
         <xsd:version>1</xsd:version>
         <!--Optional:-->
         <xsd:enabled>false</xsd:enabled>
         <!--Optional:-->
         <xsd:order>30</xsd:order>
      </xsd:publishToPDP>
   </soapenv:Body>
</soapenv:Envelope>
Response
Expand
titleClick here to expand the response
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:publishToPDPResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:publishToPDPResponse>
   </soapenv:Body>
</soapenv:Envelope>
removePolicy()


DescriptionRemove policy from PDP
Input Parameters
ParameterDescription
policyId
The policy name that should be removed.
Request
Expand
titleClick here to expand the request
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:removePolicy>
         <!--Optional:-->
         <xsd:policyId>authn_role_based_policy_template</xsd:policyId>
         <!--Optional:-->
         <xsd:dePromote>true</xsd:dePromote>
      </xsd:removePolicy>
   </soapenv:Body>
</soapenv:Envelope>
Response
Expand
titleClick here to expand the response
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:removePolicyResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:removePolicyResponse>
   </soapenv:Body>
</soapenv:Envelope>
updatePolicy()


DescriptionPublish a policy to PDP
Input Parameters
ParameterDescription
policyId
The policy name that should be published to PDP.
Request
Expand
titleClick here to expand the request
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd" xmlns:xsd1="http://dto.entitlement.identity.carbon.wso2.org/xsd">
   <soapenv:Header/>
   <soapenv:Body>
      <xsd:updatePolicy>
         <!--Optional:-->
         <xsd:policyDTO>
        
            <!--Optional:-->
            <xsd1:policy>
            <![CDATA[
				   <Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"  PolicyId="samplepolicy_template" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0">
				   <Description>This policy template provides ability to authorize users to a given service provider(defined by SP_NAME) in the authentication flow based on the roles of the user (defined by ROLE_1 and ROLE_2). Users who have at least one of the given roles, will be allowed and any others will be denied.</Description>
				   <Target>
				      <AnyOf>
				         <AllOf>
				            <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
				               <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SP_NAME</AttributeValue>
				               <AttributeDesignator AttributeId="http://wso2.org/identity/sp/sp-name" Category="http://wso2.org/identity/sp" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"></AttributeDesignator>
				            </Match>
				         </AllOf>
				      </AnyOf>
				   </Target>
				   <Rule Effect="Permit" RuleId="permit_by_roles">
				      <Condition>
				         <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
				            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
				               <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">myName</AttributeValue>
				               <AttributeDesignator AttributeId="http://wso2.org/claims/role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
				            </Apply>
				         </Apply>
				      </Condition>
				   </Rule>
				   <Rule Effect="Deny" RuleId="deny_others"></Rule>
				</Policy>        
				]]>
            </xsd1:policy>
          
            <xsd1:policyEditorData>?</xsd1:policyEditorData>
            <!--Optional:-->
            <xsd1:policyId>samplepolicy_template</xsd1:policyId>
          
         </xsd:policyDTO>
      </xsd:updatePolicy>
   </soapenv:Body>
</soapenv:Envelope>
Response
Expand
titleClick here to expand the response
Code Block
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Body>
      <ns:updatePolicyResponse xmlns:ns="http://org.apache.axis2/xsd">
         <ns:return xsi:nil="true" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>
      </ns:updatePolicyResponse>
   </soapenv:Body>
</soapenv:Envelope>

Policy Evaluation API

Table of Contents
maxLevel4
minLevel4
typeflat

...