ContextId JSON example
The ContextId attribute must contain the full policy key, that is the server and the resourceUri.
For a reverse proxy resource with the server isam.ibm.com-default and resourceUri /protected, the corresponding XACML JSON request would be:
{
"Request": {
"Action": {
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
"DataType": "string", "Value": "GET"
}
]
},
"Resource": {
"Attribute": [
{
"AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id",
"DataType": "string", "Value": "/protected"
}
]
},
"Environment": {
"Attribute": [
{
"AttributeId": "ContextId", "DataType": "string", "Value":
"/WebSEAL/isam.ibm.com-default/protected", "Issuer":
"http://security.tivoli.ibm.com/policy/distribution",
}
]
}
}
}If the policy attached to isam.ibm.com-default/protected results in a Permit decision, the XACML JSON response would be:
{
"Response": [
{
"Status": {
"StatusCode": {
"Value":"urn:oasis:names:tc:xacml:1.0:status:ok"
}
},
"Decision":"Permit"
}
]
}