We have a Web Service management tool which does Authentication and Authorization for all the incoming WebService request.
Authorization is based on the rules that are configured for the appropriate service.
We also have XPath specification as part of rule configuration.
We have a rule configured as mentioned below
TestService authoized to the user of the particular group (TestGroup1) and XPath (\\com9:source[@VendorId='AB'])
When we tried accessing the
Test Service and received the following response despite giving a valid user (TestUser1 belonging to TestGroup1) and the proper XML element [com9:source VendorId='AB'] in the request.
<Response>
<Result ResourceID="http://testHost:testPort/TestService">
<Decision>Indeterminate</Decision>
<Status>
<StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:processing-error"/>
<StatusMessage>error in XPath: Prefix must resolve to a namespace: com7</StatusMessage>
</Status>
</Result>
</Response>
Xacml Authorization is done with the help of
sunxacml.jar.
API 'PDP.evaluate(RequestCtx)' is invoked and
We got the above mentioned response. We came to know that the Decision 'Indeterminate' comes if any exception occurs during authorization.
It would be very helpful if we get to know the rootcause of the decision 'Indeterminate' in the above mentioned scenario and the possible scenarios to get 'Indeterminate' decision.
Thanks in advance,
With regards,
Priya.