C Support for SAML 2.0 Profile for XACML

Obtaining the source

The source distribution contains gSOAP to generate bindings form the WSDL and XML schemas, client and server APIs for writing XACML-aware applications, and example client and server programs demonstrating using the APIs.

DateReleaseNotes
2009-03-30 xacml-alpha_16.tar.gz
  • Add API function xacml_server_set_fd() to allow application to pass in a server socket.
  • API Documentation
2008-11-03
2009-01-22 xacml-alpha_15.tar.gz
  • Use gsoap memory allocator for message-related data to avoid leaks.
  • API Documentation
2008-11-03 xacml-alpha_14.tar.gz
2008-10-13 xacml-alpha_13.tar.gz
  • Update pep obligation URI to http://authz-interop.org/xacml/environment/pep-oblig-supported
  • API Documentation
2008-10-09 xacml-alpha_12.tar.gz
  • Update to support RequestContext attribute and returning request information it nhe response.
  • API Documentation
2008-10-06 xacml-alpha_11.tar.gz
  • Update to support authz interop profile for attributes and obligations.
  • API Documentation
2008-08-01 xacml-alpha_10.tar.gz
  • Fix crash when response does not include SAML Status Code
  • Restructure Makefile.am to make patch step explicit
2008-08-01 xacml-alpha_09.tar.gz Fix interoperability issues with Java:
  • XACML status string type mismatch
  • Add SOAP messages with namespace prefix definitions in the child element of the soap body.
  • API Documentation
    • 2008-03-11 xacml-alpha08.tar.gz
    • Change to use schemas: urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:assertion and urn:oasis:names:tc:xacml:2.0:profile:saml2.0:v2:schema:protocol
    • Fix error serializing null obligation name
    • Fix global namespace shadowing warning
    • Remove extra , from xacml_effect_t definition
    • Fix crash when no environment attributes are part of the XACML request
    • API Documentation
    2008-01-15 xacml-alpha-07.tar.gz
    • Use server I/O handler via command-line in server example program.
    • Add I/O module params to help text for client and server examples
    • API Documentation
    2008-01-11 xacml-alpha-06.tar.gz
    • Add functions for accessing attributes in a request and response
    • Add functions to add custom I/O handlers
    • Add API Reference Documentation
    • Add Test cases
    • Remove -c -k -a options from command-line examples.
    2007-11-26 xacml-alpha-05.tar.gz Use standard XACML and SAML schemas
    2007-09-05 xacml-alpha-04.tar.gz Fix linkage error on RedHat linux
    2007-08-30 xacml-alpha-03.tar.gz
    • Removed most schema alterations
    • Added support for default obligation handler if obligation_id is unknown
    2007-08-06 xacml-alpha-02.tar.gz Fix linkage error on RedHat linux
    2007-08-02 xacml-alpha-01.tar.gz Initial release, includes client and server programs.

    Compiling the source

    After downloading the source, untar it and change to the dist xacml* subdirectory. This directory contains the build.sh script which will compile all parts of the system and deposit them into the INSTALL subdirectory.

    Example programs

    Example XACML server

    The example XACML server is located at INSTALL/bin/xacml-server. The source for this service is xacml-1.0/xacml_server_example.c. This server processes the XACML request and then unconditionally responds with a Permit decision and send an "urn:globus:local-user-name:obj" obligation to the client. It can be invoked via the command-line: 

    Usage: xacml-server [-p port]

    If no options are specified, the server will run on port 8080 without SSL. Versions prior to alpha 06 had command-line options for setting SSL cert, key, and CA path. Those were removed in alpha 06.

    Command-line option Meaning
    -p PORT Listen on TCP port with value PORT

    Example XACML client

    The example XACML client is located at INSTALL/bin/xacml-client. The source for this service is xacml-1.0/xacml_client_program.c. This client generates an XACML decision request, sends it to the server, and then displays the response status and any obligations it understands. This can be run against either the example xacml server described above or the java example xacml service.

    It can be invoked via the command-line: 

    Usage: xacml-client [-e endpoint]

    If no options are specified, the client connect to the service running at port 8080 on localhost without SSL.

    Command-line option Meaning
    -e endpoint Connect to he service located at the endpoint. The default is http://localhost:8080/wsrf/services/XACML