Skip to main content
Version: 1.16

Migration from legacy PDP

This section describes some differences in operation and/or configuration between the Access Decision Service (ADS) and the legacy PDP version.

Response content

For Permit, Deny, and NotApplicable, the Status Object is not included in the JSON response when possible, according to the optionality of the XACML specification.

JNDI not supported

The Access Decision Service does not support JNDI. This means that all legacy attribute connector configurations using JNDI must be revised to instead use JDBC.

note

The performance issue regarding using JDBC with the legacy PDPs is not relevant for Access Decision Service.

Legacy PDP compatible endpoints

To make migration from legacy PDP installations easier, clients using the REST endpoint can now point to the ADS legacy endpoint.

There is also support for a SOAP endpoint, which means that applications using SOAP can be pointed from a client to a ADS legacy endpoint.

note

Clients should move to the /authorize endpoint as soon as migration is accomplished, as the legacy endpoints are deprecated and will be removed in a later version of ADS.

Limitations to SOAP support

While ADS supports a SOAP endpoint, there is a limitation to the support of the endpoint.

  • The InvalidateAttributeCache SOAP API method is not supported