I have two instances of WSO2 on two different machines, with the same policy published in both instances. Both instances of WSO2 have admin / admin.
I use SOAPUI (runs on 192.168.0.9) to try testing the EntitlementService web service and:
If I use SOAPUI to test the EntitlementService web service on the same machine running SOAPUI (192.168.0.9) using a local or IP address, I get a permission-issued XACML response. Nonetheless,
If I used SOAPUI to test the EntitlementService web service on another computer (192.168.0.210), I get a negative XACML response and an "Illegal Access Error" error in the 192.168.0.210 WSO2 log
Illegal access error in [2014-05-12 15: 26: 47.0563] from IP address 192.168.0.9 when trying to authenticate access to the EntitlementService
In both cases above, I have BASIC authentication and set up an administrator username and password in SOAPUI.
If I run Tryit in 192.168.0.210 WSO2 to check for 192.168.0.210 WSO2, I get permission, i.e. this shows that the policy in 192.168.0.210 should return permission.
Finally, I'm sure this is something with WSO2, not SOAPUI, since I also tested with the 192.168.0.9 machine using Firefox and a plugin called RESTclient to verify that the POST XACML request was executed in the body of the content.
Is there something in the WSO2 Identity Server that will force it to return Deny if requests come from another computer?
Thanks Jim
PS I see the following in the WSO2 wso2carbon.log file:
TID: [0] [IS] [2014-05-12 15: 59: 40,798] ERROR {org.wso2.carbon.core.services.authentication.AbstractAuthenticator} - . {} Org.wso2.carbon.core.services.authentication.AbstractAuthenticator org.wso2.carbon.core.common.AuthenticationException: : - 0: 0: 0: 0: 0: 0: 0: 1 at org.wso2.carbon.core.services.authentication.AuthenticationUtil.validateRemoteAddress(AuthenticationUtil.java:178) at org.wso2.carbon.core.services.authentication.AuthenticationUtil.getRemoteAddress(AuthenticationUtil.java:156) at org.wso2.carbon.core.services.authentication.AbstractAuthenticator.getRemoteAddress(AbstractAuthenticator.java:304) at org.wso2.carbon.core.services.authentication.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:136) org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.isAuthenticated(AuthenticationHandler.java:171) {Org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
?