I have created XACML plocies with Wso2 GUI.
I used Basic Policy Editor for the same. I gave following parameters
For policy (in first tab I only gave Resource Name, kept other fields blank): Resource Names : https://www.xyz.com/blabla/
(in second tab) Rule Effect: Permit
USer's : Role is equals Architect
Action Name : is equals Read
So the policy is generated with this condition:
Architect
here the attribute id is : AttributeId="http://wso2.org/claims/role"
Now while I am trying to test this poicy with Tryit tool, with passing parameter in GUI , the automatic request is being generated from WSO2 which has following attribute id for the Role:
AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
And because, the policy attribute id doesn't mached with my test request attribute id is continuously giving Intermediate reply.
I read some blogs and understood that attributeId must be matched while sending the request.
I change the request manually and then its working fine.
The question here is , why WSO2 Identity server is creating request with different attributeID, while we already created the policy from the Same Wso2 identity server? I think both should be matched while you are using the same editor to create it and test it with same parameters.
Or I m missing something here??
