Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Tip
titleBefore you begin

Before publishing a XACML policy to the Policy Decision Point (PDP), you need to create the policy first. For more information on how to create a XACML policy, see Creating a XACML Policy.

In order to use a XACML policy for authorization in WSO2 Identity Server, you need to publish it to the Policy Decision Point (PDP) where the authorization decision is made. The policy will not be enforced unless it is published.

At the point of publishing the policy, the policy in the Policy Administration Point(PAP) policy store will sync up with PDP policy store. The PDP will access one or more policies in the Policy Administration Point(PAP), and other additional information such as subject, resource, action and environmental resources in the Policy Information Point(PIP) to make the decision. For more information about this process, see XACML system architecture

You can publish a XACML policy to PDP for run time runtime evaluation using the instructions in this topic.

  1. Sign in. Enter your user name username and password to log on to the Management Console.
  2. Navigate to the Main menu to access the Entitlement menu. Click Policy Administration under PAP.
    1. The policies that you created are listed in
    the
    1. the Available Entitlement Policies
    table
    1.  table
      Image Modified
    2. You can publish policies using one of the following options.
      Click
      1. Click Publish to My PDP
      next
      1.  next to the policy you wish to publish - This will publish the specific policy to PDP.
      2. Select the specific policies you wish to publish using the checkboxes available and
      click Publish.Click Publish All to
      1. click Publish This will allow us to publish multiple policies at the same time to the PDP. 
      2. Click Publish All to publish all the available policies
      .
    The Publish Policy page
      1. This will publish all the policies available in the "Available Entitlement Policy" to the PDP 
    2. The Publish Policy page appears.
      Image Modified
    3. Here you can do the following by clicking on an option from each section.Delete Policy - Allows you to delete the policy

      1. Select policy publishing action.

    4. Add Policy - Shows all options relevant to adding a new policy to the policies published to PDP.
    5. Update Policy - Shows all options relevant to updating an existing policy that was already published to PDP.
    6. Order Policy - Shows only the options available to change the order of the published policy in the PDP.
    7. Enable Policy - Allows you to enable the policy.
    8. Disable Policy - Allows you to disable the policy.
      1. ActionDiscription
        Add PolicyThe target action of the policy is "CREATE". This option works only for the initial policy publishing process. The policy is published to the PDP and can be viewed by navigating to PDP>Policy View.
        Update PolicyThe target action of the policy is "UPDATE". This option updates an existing policy that has already been published to the PDP. The existing policy listed in the Policy View will be updated.
        Order Policy

        The target action of the policy is "ORDER". This option is used to put the existing published policies in order. The policies will be ordered in descending order in the Policy View.

        This is notrelevantforthe initial policy publishing process.

        Enable Policy

        The target action of the policy is "ENABLE". This option enables the policy in the PDP. 

        Image Added

        This is notrelevantforthe initial policy publishing process. 

        Disable Policy

        The target action of the policy is "DISABLE". This option disables the policy in the PDP.

        Image Added

        This is notrelevantforthe initial policy publishing process.

        Delete PolicyThe target action of the policy is "DELETE". This option deletes an existing published policy in the PDP. The relevant policy will be removed from the Policy View in the PDP.
      2. Select policy Enable/Disable.
        • Publish As Enabled Policy - Allows you to enable the policy to be published. This is available by default when publishing to PDP.
        • Publish As Disabled Policy - Allows you to disable the policy to be published.
      3. Select policy order.
        • Use default policy order - Sets the default order
      for the policy to appear when published
        • of a policy as "0".
        • Define policy order -
      Set a number to define the order in which the policy will appear in the PDP.
    9. Select Subscriber
    Click Publish
        • Allows you to set a policy order according to your preference. 
  3. Click Publish.

  4. Once you publish, you can see published policies in the Policy View in the Entitlement menu under PDP.

  5. By clicking "Edit Order"(2), you can edit the order of the policy and the order will be displayed in the policy view(1).
    Image Added  When you have multiple policies published, you can select a policy combining algorithm from(3) and click "Update".

Info

When you have multiple ordered policies, the least order will evaluate first and the policies will evaluate in the ascending order of the order number(priority). When the priority is high, the order number is low.

Info

For further details on Policy Combining algorithms read the below section here.