Thursday, August 30, 2012

XACML policy testing with soapUi

This blog post will help you to do the XACML testing on Wso2 Identity Server
You need to have wso2 Identity Server(take the binary) and SoapUi

First go to IS_Home/repository/conf/ and open the carbon.xml then find this property

[sourcecode language="xml"]<HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>[/sourcecode]

and change to

[sourcecode language="xml"]<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>[/sourcecode]

to up the Identity Server run the relevant file

In Windows - IS_Home/bin/wso2server.bat
In Linux - IS_Home/bin/wso2server.sh

Assuming there is no any other server running on the local machine
then you can access the management console in
https://localhost:9443/carbon/admin/login.jsp
username - admin
password - admin

go to Administration->Import new Entitlement policy and upload this policy



Open SoapUI and create a new project by using this wsdl URL
https://localhost:9443/services/EntitlementService?wsdl



You will get the project as mentioned bellow then click the "Request 1" under "getDecision"


now clear the request and insert given request bellow

[sourcecode language="xml"]

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:getDecision>
<xsd:request><![CDATA[
<Request xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Subject>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>admin</AttributeValue>
</Attribute>
<Attribute AttributeId="group"
DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>admin</AttributeValue>
</Attribute>
</Subject>
<Resource>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>http://localhost:8280/services/echo/echoString</AttributeValue>
</Attribute>
</Resource>
<Action>
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string">
<AttributeValue>read</AttributeValue>
</Attribute>
</Action>
</Request>]]></xsd:request>
</xsd:getDecision>
</soapenv:Body>
</soapenv:Envelope>

[/sourcecode]

Before send the request you have to set the authentication properties for the request
as follows
Username- admin
Password -admin



Now send the request and you will get the response as bellow


Now you can upload your own xacml policy and try out
Posted by at
Labels: ,

1 comment:

Subscribe to: Post Comments (Atom)