Can't access EntitlementService Webservice on wso2is

Monday, May 5, 2014

I am trying to access the EntitlementService running on a WSO2 IdentityServer on localhost. I want to evaluate IS for use as XACML engine. This is all just Proof-Of-Concept code and tests.

I tried both with a Java client and a php client.

The java code which can be downloaded here:

I only changed the directory for the wso2is related stuff. Running it gives me these error in the wso2is console:

[2014-05-05 01:36:00,058] ERROR {} - Authentication Failed : Invalid remote address passed - https://localhost:9443/
[2014-05-05 01:36:29,127] WARN {} - Could not find IP address for domain name : https://localhost:9443/

Which seems really weird as localhost normally always resolves...

Also tried with a hand made php script:

$context = stream_context_create(array(
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true

$auth = array(
'trace' => true,

$login_client = new SoapClient('https://localhost:9443/services/AuthenticationAdmin?wsdl',$auth);
$client = new SoapClient('https://localhost:9443/services/EntitlementService?wsdl',$auth);

$request = file_get_contents('../xacml_get_users.xml');

echo "\n\nGoing to start login call...\n\n";
try {
$login_response = $login_client->login($auth);
$response_headers = $login_client-> __getLastResponseHeaders();
$request_cookie = $login_client->_cookies;
$a_jsessionid = $request_cookie['JSESSIONID'];
$jsessionid = $a_jsessionid[0];
$cutstr = substr($response_headers,strpos($response_headers,'Set-Cookie: '));
$cookie = substr($cutstr,strlen('Set-Cookie: '));
$cookie = substr($cookie, 0, strpos($cookie,';'));

echo "\n\nGoing to start decision call...\n\n";

$client->__setCookie($cookie_name, $cookie_value);
} catch (Exception $e) {
echo $e->getMessage();

I get past the login call, but then after the "start decision call" I get this error message in the client:

Error occurred while evaluating XACML request

And in the wso2is console:

[2014-05-05 01:33:03,733] ERROR {org.wso2.carbon.identity.entitlement.EntitlementService} - Error occurred while evaluating XACML request
at org.wso2.carbon.identity.entitlement.cache.IdentityCacheKey.hashCode(
at java.util.concurrent.ConcurrentHashMap.hash(
at java.util.concurrent.ConcurrentHashMap.containsKey(
at org.wso2.carbon.caching.impl.CacheImpl.containsKey(
at org.wso2.carbon.identity.entitlement.cache.EntitlementBaseCache.getValueFromCache(
at org.wso2.carbon.identity.entitlement.cache.DecisionCache.getFromCache(
at org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine.getFromCache(
at org.wso2.carbon.identity.entitlement.pdp.EntitlementEngine.evaluate(
at org.wso2.carbon.identity.entitlement.EntitlementService.getDecision(
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

What could be going wrong? I need this to work otherwise we won't be able to choose wso2is for our project.

Also, is there any REST API for this planned? If yes, for when?