Hi, Our Policy Enforcement Point persists any XACML Result that returns either Deny or Indeterminate with a reference to the PolicyIdentifier(s). The current Policy and PolicySet implementations do not include the PolicyIdentifiers in case the Decision is not Permit or Deny despite the Request returning true for Request#getReturnPolicyIdList.
I made a pull request - https://github.com/apache/incubator-openaz/pull/1 <https://github.com/apache/incubator-openaz/pull/1> - to remedy this and added unit tests to verify the new behaviour. Normally I would create an issue with a reference to the pull request (and vice versa) but I could not create an issue in https://github.com/apache/incubator-openaz <https://github.com/apache/incubator-openaz>. Could anybody have a look at the pull request and comment on it? Thanks, Okke
