search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
741 stars 719 forks source link

XACML policy is not working properly in clustered environment #19676

Open kajal583 opened 6 months ago

kajal583 commented 6 months ago

Describe the issue: I have clustered environment running two instances of WSO2 IS and APIM on two different node and one database. Followed document1 and document2 to configure hazelcast clustering. But update in existing policy is not working fine.

How to reproduce: We have set up as shown in image. IMG_20240219_113213

  1. Policy1 is enabled on PDP on both node of WSO2IS.
  2. Login to Node1: https://fqdn/carbon
  3. Disable Policy1 on PDP from Node1
  4. Execute API from devportal of WSO2APIM.
  5. When request evaluates on Node1, no policy gets evaluated and API execution is success.
  6. When request evaluates on Node2, Policy1 gets evaluated and API execution is failed.

Expected behavior: Policy1 should be disabled on Node2 and no policy should be evaluated.

Environment information

Additional information: We have tried by applying PR#3411 in IS:5.10.0. But PR#3411 does not fix this issue.

kajal583 commented 6 months ago

@Kanapriya Could you please help on this issue?