RSS

XACML policy testing with soapUi

30 Aug

This blog post will help you to do the XACML testing on Wso2 Identity Server
You need to have wso2 Identity Server(take the binary) and SoapUi

First go to IS_Home/repository/conf/ and open the carbon.xml then find this property

<HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>

and change to

<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>

to up the Identity Server run the relevant file

In Windows – IS_Home/bin/wso2server.bat
In Linux – IS_Home/bin/wso2server.sh

Assuming there is no any other server running on the local machine
then you can access the management console in
https://localhost:9443/carbon/admin/login.jsp
username – admin
password – admin

go to Administration->Import new Entitlement policy and upload this policy



Open SoapUI and create a new project by using this wsdl URL
https://localhost:9443/services/EntitlementService?wsdl

You will get the project as mentioned bellow then click the “Request 1” under “getDecision”

now clear the request and insert given request bellow


<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
 <soapenv:Header/>
 <soapenv:Body>
 <xsd:getDecision>
 <xsd:request><![CDATA[
 <Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <Subject>
 <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
 DataType="http://www.w3.org/2001/XMLSchema#string">
 <AttributeValue>admin</AttributeValue>
 </Attribute>
 <Attribute AttributeId="group"
 DataType="http://www.w3.org/2001/XMLSchema#string">
 <AttributeValue>admin</AttributeValue>
 </Attribute>
 </Subject>
 <Resource>
 <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string">
 <AttributeValue>http://localhost:8280/services/echo/echoString</AttributeValue>
 </Attribute>
 </Resource>
 <Action>
 <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
 <AttributeValue>read</AttributeValue>
 </Attribute>
 </Action>
 </Request>]]></xsd:request>
 </xsd:getDecision>
 </soapenv:Body>
 </soapenv:Envelope>

Before send the request you have to set the authentication properties for the request
as follows
Username- admin
Password -admin

Now send the request and you will get the response as bellow

Now you can upload your own xacml policy and try out

Advertisements
 
3 Comments

Posted by on August 30, 2012 in wso2

 

Tags:

3 responses to “XACML policy testing with soapUi

  1. Paul Klinker

    May 27, 2014 at 3:55 pm

    Thanks, this was very useful.

    I used WSO2 Identity Server version 4.6.0. In that version I had to do two more steps:

    1) On the Policy Administration page I had to publish the policy to my PDP.
    2) Enable the policy on the PDP Policy View page.

    After doing those steps the tutorial worked perfectly.

     
  2. Antonio

    April 23, 2015 at 2:03 pm

    Thank you it was really useful!

     

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: