-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This may be a simplistic idea, but are the policies on the col:policy object set so that it can effectively be referenced from the other objects? In other words, might the 401 be occurring because col:policy/POLICY is off-limits? Or do you have a recursion problem wherein col:policy is trying to retrieve its own policy from itself?
Can you try an object or two using the same policy as is stored in col:policy/POLICY, but stored in some ordinary web-accessible location, and not in Fedora itself? That would clarify whether the problem is arising as I suggest. - --- A. Soroka Software & Systems Engineering :: Online Library Environment the University of Virginia Library On Mar 20, 2012, at 8:09 AM, Daniel wrote: > Dear all, > > with our latest ingest we tried to change our object related XACML policies > from Internal XML (X) to External Reference (E) so we could change the > policy in the source object col:policy in order to change all the policies > that refer to this one. > > But unfortunatley we encounter massive problems: > After changing to "enforce-policies" all objects that reference to > col:policy/POLICY may not be opened due to an authentication error. > But in the source object the policy works as intented which still can be > opened in FedoraAdmin. Also the policy works well when we use Inline XML or > Managed Content. > > The policy denies access if the user is not administrator (or another > specified role). > > We use Fedora 3.5 and Islandora as front end. > > If we don't find a solution, we will ingest the policies again as internal > XML - but if anyone could tell me, what the problem is I would feel more > comfortable. > > Many thanks in advance > > Daniel > > -- > View this message in context: > http://fedora-commons.1317035.n2.nabble.com/Authentication-Problem-with-External-Referenced-Policies-tp7388893p7388893.html > Sent from the Fedora Commons Users mailing list archive at Nabble.com. > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Fedora-commons-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJPaIV0AAoJEATpPYSyaoIkqmIIAIl7d11S077bey6Ij6gCjWpL /Ac0JuATMC/Y1cv/POtFn1idmJUaSTs5JcO1k3DFPr+nM18M1UHoEAjC7dBrJcUW mfK0q2ULwk8IU3uRNxZu8dSfX3Zs3KNMB3o+p1cyw5s2mdlsS8+iIb80zWDHTQA0 QXti9c5K6/DUMv1qMLv3oZQ0hbOmbAelN1k1v0sV2yoY3VGznPezBM02qpHKToqI ESxzb/FqosBxlOKQSZidwiBf3Y0LLwKNjO6J1s7P+loy0Jp9eoH0fhvVTHjRvc6P D/xLKul7TmXb5sF3RH/bOeNY//L9xD6QsGzcKzhPdhTuf/ug6x3BGjAlm0xfyWU= =QbOW -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
