[Backlogmanager] [FIWARE-JIRA] (HELP-13351) [fiware-stackoverflow] Access request policy not being invoked in AuthZForce PDP

Fernando Lopez (JIRA) jira-help-desk at jira.fiware.org
Tue Jan 16 16:20:00 CET 2018 

     [ https://jira.fiware.org/browse/HELP-13351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Fernando Lopez reassigned HELP-13351:
-------------------------------------

    Assignee: Cyril Dangerville

> [fiware-stackoverflow] Access request policy not being invoked in AuthZForce PDP
> --------------------------------------------------------------------------------
>
>                 Key: HELP-13351
>                 URL: https://jira.fiware.org/browse/HELP-13351
>             Project: Help-Desk
>          Issue Type: Monitor
>          Components: FIWARE-TECH-HELP
>            Reporter: Backlog Manager
>            Assignee: Cyril Dangerville
>              Labels: authz, fiware, pdp
>
> Created question in FIWARE Q/A platform on 14-07-2017 at 16:07
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/45105078/access-request-policy-not-being-invoked-in-authzforce-pdp
> +Question:+
> Access request policy not being invoked in AuthZForce PDP
> +Description:+
> Ive created this policy in the Domain of the AuthZForce PDP:
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <PolicySet
>  xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
>  PolicySetId="P1"
>  Version="1.0"
>  PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides">
>  <Description>Reject if the Date is July PolicySet</Description>
>  <Target />
>  <Policy PolicyId="urn:oasis:names:tc:xacml:1.0:date-in:july:policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides" Version="01">
> <Description>Reject if the Date is July Policy</Description>
> <Target />
> <Rule RuleId="urn:oasis:names:tc:xacml:1.0:date-in:july:rule" Effect="Deny">
> <Condition>
>     <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of">
>      <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:date-is-in" />
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2017-07-01</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-02</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-03</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-04</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-05</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-06</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-07</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-08</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-09</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-10</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-11</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-12</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-13</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-14</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-15</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-16</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-17</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-18</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-19</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-20</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-21</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-22</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-23</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-24</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-25</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-26</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-27</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-28</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-29</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-30</AttributeValue>
> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2002-07-31</AttributeValue>
> <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:date-in:july:current-date" 
>     DataType="http://www.w3.org/2001/XMLSchema#date" 
>     MustBePresent="true"
>     Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"/>
> </Apply>
> </Condition>
> </Rule>
> </Policy>
> </PolicySet>
> and the response is:
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <link xmlns="http://www.w3.org/2005/Atom" xmlns:ns2="http://authzforce.github.io/rest-api-model/xmlns/authz/5" xmlns:ns3="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:ns4="http://authzforce.github.io/pap-dao-flat-file/xmlns/properties/3.6" xmlns:ns5="http://authzforce.github.io/core/xmlns/pdp/5.0" rel="item" href="P1/1.0" title="Policy 'P1' v1.0"/>
> So I know that the policy is defined in the PDP.
> However, when I run this request against the PDP domain, The policy is not evaluated, only the default allow-all:
> <Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
>  CombinedDecision="false" ReturnPolicyIdList="true">
>    <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
>       <Attribute IncludeInResult="false"
>                  AttributeId="urn:oasis:names:tc:xacml:1.0:date-in:july:current-date">
>          <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#date">2017-07-01</AttributeValue>
>       </Attribute>
>    </Attributes>
> </Request>
> response:
> <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
> <ns3:Response xmlns="http://www.w3.org/2005/Atom" xmlns:ns2="http://authzforce.github.io/rest-api-model/xmlns/authz/5" xmlns:ns3="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:ns4="http://authzforce.github.io/pap-dao-flat-file/xmlns/properties/3.6" xmlns:ns5="http://authzforce.github.io/core/xmlns/pdp/5.0">
>     <ns3:Result>
>         <ns3:Decision>Permit</ns3:Decision>
>         <ns3:PolicyIdentifierList>
>             <ns3:PolicyIdReference Version="0.1.0">permit-all</ns3:PolicyIdReference>
>             <ns3:PolicySetIdReference Version="0.1.0">root</ns3:PolicySetIdReference>
>         </ns3:PolicyIdentifierList>
>     </ns3:Result>
> </ns3:Response>
> why is this?



--
This message was sent by Atlassian JIRA
(v6.4.1#64016)

More information about the Backlogmanager mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy   Cookies policy