Policy testing
The PingAuthorize Policy Editor provides testing capabilities to evaluate test authorization requests against any or all policy nodes.
To specify the nodes to test policies against, select the root node from the tree on the left side of the page.
In the following example, the evaluation runs against all policies because the root policy set is selected.
Select the following main elements to form a request:
-
Domain
-
Service
-
IdP
-
Action
If the information endpoints that your attribute resolvers require are running, click Execute. If your endpoints are not running or are otherwise unavailable, as is often the case in development, use the Overrides section to provide stubbed values for the attributes and services that might be required during evaluation. This step overrides the attribute resolution and uses these values instead.
After a request is evaluated, you will see the following set of result tabs:
-
Request – Shows the actual JSON request sent to the policy engine.
-
Response – Contains the complete, high-verbosity response for the decision.
If the same comparison condition is attached to more than one rule in the policy subtree, the decision response only includes evaluation of the first occurrence of this condition. Despite only appearing once in the response, the decision service evaluates this condition wherever it is needed to make a decision.
If the parent policy of the first instance of this condition is not applicable to the request, the decision response does not include evaluation of any rule containing this condition. This behavior is the same regardless of the rule’s outcome (
Permit
,Deny
,Not Applicable
). -
Attributes – Contains an expandable list of the attributes executed as part of the test.
-
Services – Contains an expandable list of the services executed as part of the test.
-
Visualisation – Contains a visual representation of the decision tree.
-
Output – Provides a summary of the decision.