Bugzilla – Bug 6568
XACML callout does not deny with unknown obligations
Last modified: 2008-12-10 16:30:57
You need to
before you can comment on or make changes to this bug.
Currently if an obligation handler is not configured for an obligation id, it
is ignored. The decision is based on the decision returned by service and
processing of the configured obligation handlers without errors.
This should be fixed such that a deny decision is returned if any of the
obligations received from the authorization service are not "understood".