WSO2 Identity Server XACML JSON请求的结果为“不确定” [找不到AttributeDesignator属性]

Question

I am try to send a JSON request to wso2 entitlement endpoint using POSTMAN 我尝试使用POSTMAN向wso2授权端点发送JSON请求

Here is my published policy in the identity server: 这是我在身份服务器中发布的策略：

<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="samplePolicy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
    <Target>
        <AnyOf>
            <AllOf>
                <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
                                             read
                                        </AttributeValue>
                    <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
                </Match>
            </AllOf>
        </AnyOf>
    </Target>
    <Rule Effect="Permit" RuleId="permit"/>

Here is JSON request I send: 这是我发送的JSON请求：

    {
    "Request": {
        "Action": {
            "Attribute": [
                {
                    "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
                    "Value": "read"
                }
            ]
        },
        "Resource": {
            "Attribute": [
                {
                    "AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
                    "Value": "http://127.0.0.1/service/very_secure/"
                }
            ]
        }
    }
}

Both blocks of the code came from this blog https://medium.com/@gdrdabarera/how-entitlement-management-works-with-rest-api-via-xacml-in-wso2-identity-server-5-3-0-7a60940d040c#.4lxgiw6tn 这两个代码块均来自此博客https://medium.com/@gdrdabarera/how-entitlement-management-works-with-rest-api-via-xacml-in-wso2-identity-server-5-3- 0-7a60940d040c＃.4lxgiw6tn

But no matter what I tried it always give me "Indeterminate" response 但是无论我尝试了什么，它总是会给我“不确定”的响应

Postman response screenshot 邮差回复截图

I also try my own policy and request but I always get the same response 我也尝试自己的政策和要求，但总是得到相同的答复

What is going on? 到底是怎么回事？

Answer 1

Fixed with: Remove any white space before and after the "read" attribute value in the xml policy: 固定于：删除xml策略中“ read”属性值前后的所有空格：

<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"  PolicyId="samplePolicyforJSON" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
   <Target>
      <AnyOf>
         <AllOf>
            <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
               <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
               <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
            </Match>
         </AllOf>
      </AnyOf>
   </Target>
   <Rule Effect="Permit" RuleId="permit"></Rule>
</Policy>

Tested with: 经过测试：

XACML Request: XACML请求：

{
    "Request": {
        "Action": {
            "Attribute": [
                {
                    "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
                    "Value": "read"
                }
            ]
        },
        "Resource": {
            "Attribute": [
                {
                    "AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
                    "Value": "http://127.0.0.1/service/very_secure/"
                }
            ]
        }
    }
}

XACML Response: XACML响应：

{
  "Response": [
    {
      "Decision": "Permit",
      "Status": {
        "StatusCode": {
          "Value": "urn:oasis:names:tc:xacml:1.0:status:ok"
        }
      }
    }
  ]
}

And with: 与：

XACML Request: XACML请求：

<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" CombinedDecision="false" ReturnPolicyIdList="false">
    <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
        <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="false">
           <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">http://localhost/secureAccess/resource</AttributeValue>
        </Attribute>
    </Attributes>   
    <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
        <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="false">
            <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
        </Attribute>
    </Attributes>
</Request>

XACML Response: XACML响应：

<Response xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
    <Result>
        <Decision>Permit</Decision>
        <Status>
            <StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
        </Status>
    </Result>
</Response>

Answer 2

If you followed all the steps correctly, It should work. 如果您正确执行了所有步骤，则它应该可以工作。 After adding the policy, please check whether the policy is correctly added. 添加策略后，请检查策略是否正确添加。 eg. 例如。 Remove unnecessary spaces in the policy 删除策略中不必要的空格

Publish it to the PDP correctly and try. 将其正确发布到PDP，然后尝试。 You can also try in "try" option in the policy window in IS 5.3.0. 您也可以在IS 5.3.0的策略窗口中尝试“尝试”选项。 Use only xml request because it does not works for JSON 仅使用xml请求，因为它不适用于JSON

WSO2 Identity Server XACML JSON请求的结果为“不确定” [找不到AttributeDesignator属性]

问题描述

2 个解决方案

解决方案1
2 已采纳 2017-03-20 04:29:57

解决方案2
0 2017-03-20 13:06:17

WSO2 Identity Server XACML JSON请求的结果为“不确定” [找不到AttributeDesignator属性]

问题描述

2 个解决方案

解决方案1 2 已采纳 2017-03-20 04:29:57

解决方案2 0 2017-03-20 13:06:17

解决方案1
2 已采纳 2017-03-20 04:29:57

解决方案2
0 2017-03-20 13:06:17