Using an XML-format domain configuration file
ADS also supports the XML-format authorization domain configuration file produced by Axiomatics Services Manager (ASM) (up to and including version 6.2.9), one of the components of the Axiomatics Policy Server product. ASM also includes a Policy Editor for policy authoring and policy verification.
The web-based interface of ASM can be used to write XACML policies, and then package the policies and attribute source configurations as needed for deployment to Access Decision Service. This package is referred to as an authorization domain, and it is exported from ASM as an XML file.
Refer to the Axiomatics Services Manager documentation for the relevant 6.2.x version, for information about creating and managing XML-format authorization domains. Contact Axiomatics Customer Support for information on available downloads.
Note: When an XML-format authorization domain configuration file is to be used, it must be produced either by exporting it from Axiomatics Services Manager (up to and including version 6.2.9) via the ASM UI or retrieved programmatically using the Admin API. It is not intended to be edited manually.
Deploying the authorization domain configuration file
After creating an authorization domain in ASM, the authorization domain configuration file must be made available for deployment in Access Decision Service.
Refer to the Axiomatics Services Manager 6.2.x documentation, for information about exporting the authorization domain configuration file via the ASM UI. This documentation is included in the ASM 6.2.x distribution zip file (PDF format only).
Refer to Axiomatics Developer Resources and especially the Javadoc-based content included in the package, for information about retrieving the authorization domain configuration file programmatically using the Admin API. Contact Axiomatics Customer Support for information on available downloads.
The XML-format authorization domain configuration file is then deployed by setting a file reference to it using the legacyXmlConfig property in the deployment configuration file. See Authorization domain configuration for more information.