[英]WSO2 Identity Server XACML JSON Request results in “Indeterminate” [Couldn't find AttributeDesignator attribute]
我尝试使用POSTMAN向wso2授权端点发送JSON请求
这是我在身份服务器中发布的策略:
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="samplePolicy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
read
</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule Effect="Permit" RuleId="permit"/>
这是我发送的JSON请求:
{
"Request": {
"Action": {
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
"Value": "read"
}
]
},
"Resource": {
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
"Value": "http://127.0.0.1/service/very_secure/"
}
]
}
}
}
但是无论我尝试了什么,它总是会给我“不确定”的响应
我也尝试自己的政策和要求,但总是得到相同的答复
到底是怎么回事?
固定于:删除xml策略中“ read”属性值前后的所有空格:
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="samplePolicyforJSON" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule Effect="Permit" RuleId="permit"></Rule>
</Policy>
经过测试:
XACML请求:
{
"Request": {
"Action": {
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
"Value": "read"
}
]
},
"Resource": {
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
"Value": "http://127.0.0.1/service/very_secure/"
}
]
}
}
}
XACML响应:
{
"Response": [
{
"Decision": "Permit",
"Status": {
"StatusCode": {
"Value": "urn:oasis:names:tc:xacml:1.0:status:ok"
}
}
}
]
}
与:
XACML请求:
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" CombinedDecision="false" ReturnPolicyIdList="false">
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">http://localhost/secureAccess/resource</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
</Attribute>
</Attributes>
</Request>
XACML响应:
<Response xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<Result>
<Decision>Permit</Decision>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
</Status>
</Result>
</Response>
如果您正确执行了所有步骤,则它应该可以工作。 添加策略后,请检查策略是否正确添加。 例如。 删除策略中不必要的空格
将其正确发布到PDP,然后尝试。 您也可以在IS 5.3.0的策略窗口中尝试“尝试”选项。 仅使用xml请求,因为它不适用于JSON
WSO2 Identity Server是否可以使用JSON XACML请求/响应?
[英]Is WSO2 Identity Server working with JSON XACML request/response?
wso2 5.6身份服务器使用电子邮件创建SCIM用户,并且在发现用户电子邮件未从JSON返回时
[英]wso2 5.6 identity server SCIM user creation with email and while find the users email is not returning from JSON
为什么JSON路径对于WSO2 ESB 5.0的JSON请求无效
[英]Why the JSON path is invalid into a JSON request for WSO2 ESB 5.0
一次验证JSON请求,而不是在WSO2 ESB中一一验证
[英]Validating JSON request at at time instead of one by one in WSO2 ESB
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.