Cannot import XACML 3,0 policy file inside WSO2 Identity Server 5.1.0

问题

I am getting "Policy uploading failed. Invalid Entitlement Policy. Policy is not valid according to XACML schema" message, whenever i am uploading policy in WSO2 identity server. I have wso2is-5.1.0 version. I got this XACML policy from this WSO2 tutorial.

The XACML policy is:

<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"  PolicyId="Entitlement_Filter_Sample_Policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0">
      <Target/>
      <Rule Effect="Permit" RuleId="Rule1">
        <Target>
          <AnyOf>
            <AllOf>
              <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/Entitlement_Sample_WebApp/protected.jsp</AttributeValue>
                <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
              </Match>
              <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">GET</AttributeValue>
                <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
              </Match>
              <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
            <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">admin</AttributeValue>
                <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
              </Match>
            </AllOf>
          </AnyOf>
        </Target>
      </Rule>
    </Policy>

I am not able to get what is the problem in XACML policy.

回答1:

I managed to successfully import the policy you pasted in your question to the Axiomatics Policy Administration Point. It is a valid XACML 3.0 policy and assuming WSO2 supports XACML 3.0 it should work fine.

回答2:

Your XACML policy is right. I was able to upload it to WSO2 IS 5.1.0. Have a look at the screen capture of the attached XACML Policy.

Did you try the 'Write Policy in XML option'? See whether you experience the same error after copy pasting your policy into the xml base.

来源：https://stackoverflow.com/questions/37812971/cannot-import-xacml-3-0-policy-file-inside-wso2-identity-server-5-1-0