In my previous post, we understood how we can create XACML policy using “Simple Policy Editor”. But, there were only few attribute types to select (for user, it has Age, Email, UserName, Roles). It is great, if we can add new attribute types. You can do it also. If you just see around the UI, there is an option to configure this editor, Basically attribute id and data type. Lets see how we can edit those things
Step 1. Goto PAP Policy Administrator page. And click on “Add New Entitlement Policy”
Step 2. With simple policy editor details, you can see a link to configure this policy editor.
Step 3. When you click on that “here” link. you we will be forwarded to the page that contains XML configurations.
By modifying this XML configuration you can add new user and environmental attribute type in to simple policy editor.
Step 5. Lets add new user attribute type called “Country” with Uri “http://sample/country”
Define following XML elements under the <attributeIds> element
<attributeId> <name>Country</name> <uri>http://sample/country</uri> </attributeId>
Now you want to add this under category “Subject” . Therefore define following XML element under <supportedAttributeIds> in “Subject” category element
Step 6. Go to simple Policy editor. you will see “Country” attribute type in the policy editor UI
When you create a policy using “Country” attribute type, you can see that corresponding uri (http://sample/country) has been created with the policy.
By default data type is “String”. If you want to define an other data type for “Country” attribute id. You can do…
Step 7. Change your attribute id definition as following to define a data type other than “String”. Here i am using the data type called “anyURI” which is supported.
<attributeId> <name>Country</name> <uri>http://sample/country</uri> <dataType>http://www.w3.org/2001/XMLSchema#anyURI</dataType> </attributeId>
Here you can define, any number of attribute types for Subject and Environment categories with any supported data type.