What are the Possible XACML REST PDP Response Codes?
Mark Berg · Wednesday, May 18th, 2016The Axiomatics Policy Server provides both a SOAP and a REST endpoint to which authorization requests can be sent to. This blog will focus on the REST endpoint.
The specification of the REST profile of XACML states that following response codes are possible.
Verb | Response Codes |
GET | 200, 400, 401, 403, 406, 5xx |
POST | 200, 400, 401, 403, 406, 415, 5xx |
A more detailed description of some of these are:
Response | Description |
400 Bad Request | The request was malformed |
415 Media not supported | The media type of the request was not set to application/xacml+json |
401 Unauthorized | Authentication failure |
500 Internal Server Error | One possible reason is an expired license |
200 OK | No server errors. Check the decision for Permit / Deny / Not Applicable / Indeterminate |
Tools such as SoapUI and Postman can be used to generate these requests without the need to develop your own PEP. This makes learning how to form a request and capturing the response codes much easier.
More information on the REST profile of XACML.
Examples of how to use Postman to simulate requests.
Conclusion
Things don’t always go as planned and when they don’t, knowing what response codes are returned will help you to understand what went wrong and resolve the issue.
Archived under:
Join us on LinkedIn for more insights 
About the author
Loading ...