Error in XACML validation

Question

I have created a XACML file for authorization, which looks as:

<?xml version="1.0" encoding="UTF-8"?><PolicySet xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicySetId="mysecurity:security:policyset:testmypolicyapi" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides" xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:oshttp://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-context-schema-os.xsd">
<Policy PolicyId="mytest:security:policy:testcollection" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides">
<Description>This is a test policy,not for official use</Description>
<Target/>
<Rule Effect="Deny" RuleId="RuleIdrule1">
<Description>This is a test rule</Description>
<Target>
<Subjects>
<Subject>
<SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ADMIN</AttributeValue>
<SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:ADMIN" DataType="POLICY_ATTRIBUTEDATATYPE"/>
</SubjectMatch>
</Subject>
</Subjects>
<Resources>
<Resource>
<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TESTRESOURCE1</AttributeValue>
<ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:TESTRESOURCE1" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ResourceMatch>
</Resource>
</Resources>
<Actions>
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TESTACTION</AttributeValue>
<ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:TESTACTION"/>
</ActionMatch>
</Action>
</Actions>
</Target>
</Rule>
</Policy>
</PolicySet>

I am doing balana based validation but I am getting the error as:

 resource missing resource-id

But I have mentioned the resource-id already, same code works with balana test policy file, difference is I am using policy set instead of "policy".

score 0 · Answer 1 · answered Mar 20 '14 at 11:52

0

Could you please let us know XACML request that you are using.. If not, please try to change the following value in the policy and try out. I guess that can be the issues. In your request you may sending resource-id value as attribute id

urn:oasis:names:tc:xacml:1.0:resource:TESTRESOURCE1

into

urn:oasis:names:tc:xacml:1.0:resource:resource-id

answered Mar 20 '14 at 11:52

Asela

5,781
1
15
23

Asela actually the PolicySet defination is creating problem i.e: – Phalguni Mukherjee Mar 20 '14 at 17:54
– Phalguni Mukherjee Mar 20 '14 at 17:54

Error in XACML validation

1 Answers1