0

Scanning through the WSO2 documentation and several blogs, I found three different type of registry mechanisms to add new claims to a Java PIP module:

  1. By use of setup file calledentitlement.properties and by adding of Java static properties for each variable as described in the sample case from the WSO2 manual, see: Writing a Custom Policy Info Point;

  2. By use of supportedAttributesIds.add as described in link How to write a PIP point for WSO2 IS;

  3. By use of a setter method: public Set getSupportedIds() { Set<String> ids = new HashSet<String>(); ids.add("http://kmarket.com/id/role"); return ids; } as described in the Stackoverflow post How To Add User Defined Attribute in PIP Attribute User Store

Please instruct which of the three options is the updated and recommended solution for adding new fields produced by the lookup of external data sources executed by the Balana PIP as an extension of the "AttributeFinderModule" class.

I've also tested the code posted in this example and compiled it with Java 6 JDK, see source reference How To Add User Defined Attribute in PIP Attribute User Store After the restart, the WSO2 server continues to display the following error: 

Error while loading entitlement policies. Exception occurred while trying to invoke service method getAllPolicies
The following error details are available. Please refer logs for more details.
org.apache.axis2.AxisFault: Exception occurred while trying to invoke service method getAllPolicies
at org.wso2.carbon.identity.entitlement.ui.client.EntitlementPolicyAdminServiceClient.handleException(EntitlementPolicyAdminServiceClient.java:478)
at org.wso2.carbon.identity.entitlement.ui.client.EntitlementPolicyAdminServiceClient.getAllPolicies(EntitlementPolicyAdminServiceClient.java:81)
at org.apache.jsp.entitlement.index_jsp._jspService(org.apache.jsp.entitlement.index_jsp:183)

when adding the extended AttributeFinder Java extension. Is this a known bug in the WSO2 server?

Community
  • 1
  • 1
Claude Falbriard
  • 925
  • 8
  • 27
  • You could also use the Axiomatics Services Manager which lets you do runtime on-the-fly editing of your PIP. You do not need to edit any properties file and you do not need to restart your PDPs – David Brossard Sep 16 '15 at 09:30

2 Answers2

0

The first way is configurable, you don't need to rebuild and deploy the PIP when you want to add new attibute. You just have to add them to entitlement.properties file. and restart the IS.

In other two ways, you have to rebuild the PIP module for each attribute changes.

But, If you are going to add and attribute, you have to implement the logic for that too, so in that case going for last two ways also make sense.

Abimaran Kugathasan
  • 31,165
  • 11
  • 75
  • 105
  • After activating the PIP extension code following the example 1. and by using the line: PIP.AttributeDesignators.Designator.2=com.red.carbon.pip.RedAttributeFinder, at the entitlement.properties, I get a general error at the XACML engine, telling: Error while loading entitlement policies. org.apache.axis2.AxisFault: Exception occurred while trying to invoke service. No error message was spotted in the wso2carbon.log. My question: What is the best way to isolate errors in the PIP code and its extensions and where is the log area used by the routine? – Claude Falbriard Sep 16 '15 at 18:59
  • A simplified example with source code that extends the PIPAttributeFinder would be a very helpful, specially a code that was tested against the current WSO2 IS Version 5 running the Balana XACML V3. We plan to use Web services in place of database resource lookups. Also inform about additional .jar libraries (dependencies) required to be placed into the /repository/components/lib and best practice for logger activation and debug. – Claude Falbriard Sep 16 '15 at 22:03
  • Testing the instructions following sample 3) the WSO2 PAP displays an error at the upload and import of the three sample policies: [ kmarket-blue-policy.xml, kmarket-silver-policy.xml, kmarket-gold-polixy.xml] , showing the following error message: Policy uploading failed. Invalid Entitlement Policy. Policy is not valid according to XACML schema. – Claude Falbriard Sep 21 '15 at 21:07
0

I've replaced the KmarketPIPAttributeFinder program module by the latest version from the svn source repository (see link below) and compiled it. This solved the problem under WSO2 Identity Server Version 5 and the routine started to register the PIP attributes, now visible at the PDP extensions.

Download the latest code from: https://svn.wso2.org/repos/wso2/carbon/platform/trunk/components/identity/org.wso2.carbon.identity.samples.entitlement.pip/src/main/java/org/wso2/carbon/identity/samples/entitlement/pip/KmarketPIPAttributeFinder.java

Claude Falbriard
  • 925
  • 8
  • 27