Version: 5.3

Configuration

The HTTP Attribute Connector configuration is XML-based. The schema for the configuration is called http.config.xsd and can be used to generate a sample configuration XML file. The HTTP Attribute Connector supports mutual TLS as well as adding static and dynamic HTTP headers.

With the release of HTTP Attribute Connector 5.0.0, Axiomatics introduced crucial improvements and fixes over HTTP-PIP while keeping the core functionality same. The Attribute Connector name displayed in the UI of Axiomatics Services Manager is changed and the Authorization domain className is updated. If you are using a version prior to 5.0.0, it is suggested switching to the latest by creating it from scratch and copy-pasting your existing configuration.

note

It is possible to use your existing older HTTP-PIP AC version and configuration along with a deployment of the new and improved HTTP Attribute Connector 5.0.0.

<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns="http://www.axiomatics.com/http.config" identifier="myUniqueId">
    <connection>
        <url>http://djob-hp:8280/mock/mock</url>
        <!-- <keystore file="keystore.jks" password="changeit" type="JKS"></keystore> -->
        <!-- <truststore file="truststore.jks" type="JKS" password="changeit"></truststore> -->
        <header>
            <name>foo</name>
            <value>bar</value>
        </header>
        <method>POST</method>
        <!-- Consider the following as 200 and return the payload in the relevant attribute -->
        <acceptedHttpCode>404</acceptedHttpCode>
        <!-- Make the following codes silent errors and return an empty value in the relevant attribute -->
        <ignoredHttpCode>405</ignoredHttpCode>
        <ignoredHttpCode>406</ignoredHttpCode>
    </connection>
    <mapping>
        <xacmlAttribute Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="pip.payload" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer=""/>
        <contentType>application/json</contentType>
        <template classpath="true" payload="false">/request.template.json</template>
        <key>
            <xacmlAttribute Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="pip.username" DataType="http://www.w3.org/2001/XMLSchema#string" Issuer=""/>
        </key>
    </mapping>
</configuration>

The configuration starts with a root element called <configuration> that has the following attributes:

Attribute	Description	Mandatory
`identifier`	Used to generate unique identifiers for the mappings within its configuration that are subsequently used to configure the cache strategy at runtime within the PDP. This identifier must be globally unique, similar to a UUID.	Yes
`detailedException`	If set to `true`, a full HTTP request and response will be included in any exception thrown when an unexpected HTTP code is returned. The default is `false`.	No

Additionally, every configuration has the following sections:

Connection section: A <connection> section that contains all the information required to contact a remote service. For details, read the Connection section.
Mapping section: A sequence of <mapping> elements that define how the attributes requested by the PDP map to specific XACML attributes. For more information, refer to the Mapping section.