XACML Policy Set with Identity Server

Let see how Policy Set works in Identity Server.

You can simply create the policy set easily using Policy Set Editor of the Identity Server.

Here you can,

  • Select a Policy Set Combining Algorithm
  • Define Target element for Policy Set
  • Define Policies references that you like to add in to the Policy Set. You can select existing policies or policy set for this.

Once you created a Policy Set or you upload a Policy Set,  It is just save in the PAP policy store. Therefore you need to publish it to PDP. (If you are new to Identity Server policy management feature,  Please refer this to get familiar)  

Then you need to publish reference policies in to PDP as well.

Your PDP view would contain both Policy Set and reference policies.

 

You can now try out the policies.

But above;  you can see, there is possibility to evaluate all three policies, if target is match for all three policies..

It means

->  Policy Set would evaluate (So, reference policies are evaluated)

->  Then again  reference policies are also evaluated.

You can avoid the two time evaluation of reference policies, you can make them as Disabled policies in PDP.

Thanks for reading…!!!