WSO2 Identity Server Disable Rule (PDP) not Reflecting in Java Client (PEP)

2
votes

After adding a new policy and disabling an outdated policy at the PDP console, an action that displays correctly at the PDP Policy view, the connected PDP process using a Java client did not reflect the logic added by the new policy, still acting according to the older, disabled rules. We also tried to run "Clear Decision Cache" and" Clear Attribute Cache" widgets at the PDP Extension screen, and the PEP is still showing the same issue.

A graceful restart of the WSO2 did solve the error. The server is running WSO2 5.1 release. From an operational standpoint, the restart command is a rather disruptive action and should be avoided.

Are further configuration, or command options available at the WSO2 IS package to drop cache and dynamically refresh an active policy without causing disruption of ongoing services?

2
wso2identityxacmlpdp

2 Answers

0
votes

This is already tested and working scenario in 5.1.0. As I understood, you wanted to edit a policy and should reflect that changes after you publish that new policy without doing any other operation, right ? Yes, when you publish a same policy again with new changes, it will replace the new policy in DB and cache in cluster as well. It should reflect at that time.

0
votes

Actually the scenario described by Harsha is not the same as the one Claude asked. Changing the policy and publishing might work. But disabling or even deleting a policy from the PDP does not become effective unless the server is restarted.

There is a new ticket in jira: Disabling/Deleting Policy from PDP Configuration does not work