I am trying to see how XACML can be used with the API Manager for controlling access to some of the resources. I have followed the blog post here,
I have also tried following one more post from the following link, http://niranjankaru.blogspot.fr/2014/11/user-role-based-access-to-api-using.html
Also, I have gone through most of the Stackoverflow question regarding this topic. The following are my questions,
- Are the versions of the "XACML (4.2.2)" and "XACML Mediation (4.2.2)" compatible with the API Manager 1.8?
- I'm getting an error when I try to create a policy. I'm using the simple policy editor in the "Add New Policy" page and following the same instructions as given in the first blog link.
The error shown in the UI is,
"Error while adding entitlement policy. Invalid Entitlement Policy. Policy is not valid according to XACML schema"
and the log has the following error,
ERROR - EntitlementUtil XACML policy is not valid according to the schema :cvc-complex-type.2.4.a: Invalid content was found starting with element 'Description'. One of '{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Description, "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyIssuer, "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":PolicyDefaults, "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":Target}' is expected.
As I am not editing policy by hand and using the Simple Policy Editor and entering all the fields required, I did not expect this error. Any idea if this can be a real error or due to some version mismatch?