Migration
This section describes some differences in operation and/or configuration between the Access Decision Service (ADS) and the legacy PDP version.
Response content
For Permit, Deny, and NotApplicable, the Status Object is not included in the JSON response when possible, according to the optionality of the XACML specification.
JNDI not supported
The Access Decision Service does not support JNDI. This means that all legacy attribute connector configurations using JNDI must be revised to instead use JDBC.
The performance issue regarding using JDBC with the legacy PDPs is not relevant for Access Decision Service.
Legacy PDP compatible endpoints
To make migration from legacy PDP installations easier, clients using the REST endpoint can now point to the ADS legacy endpoint.
There is also support for a SOAP endpoint, which means that applications using SOAP can be pointed from a client to a ADS legacy endpoint.
Clients should move to the /authorize endpoint as soon as migration is accomplished, as the legacy endpoints are deprecated and will be removed in a later version of ADS.
Limitations to SOAP support
While ADS supports a SOAP endpoint, there is a limitation to the support of the endpoint.
- The
InvalidateAttributeCache
SOAP API method is not supported