Error while registering system API resources in tenant carbon.super when setting up XACML policy connector

[aaujayasena]

Description

After setting up the XACML policy connector in WSO2 Identity Server, the following error appears in the logs at server startup time
[2025-02-05 14:59:50,200] [] ERROR {org.wso2.carbon.identity.api.resource.mgt.util.APIResourceManagementUtil} - Error while registering system API resources in the tenant: carbon.super
Additionally, the XACML UI does not get enabled as expected.

Steps to Reproduce

1. Set up WSO2 Identity Server.
2. Configure the XACML policy connector. https://github.com/wso2-extensions/identity-application-authz-xacml?tab=readme-ov-file#xacml-connector
3. Start the server and check the logs.
4. Try accessing the XACML UI.

Version

IS 7.1.0-alpha

Environment Details (with versions)

Mysql 8.0.4

[aaujayasena]

For the mysql 8.0. 4 Server startup time error is available and UI is not available.
But for the postgres 17 only the startup time error is available.

[JeethJJ]

With MySQL, the connector is working as expected. The UI is being enabled as expected and issue was unable to be reproduced.

The mentioned error log was observed in all DBs. Analysing further on that.

[JeethJJ]

Update :

The issue is related to the API resource Entitlement Policy Mgt API registered through deployment.toml with the script. This resource uses a scope that already exists. But this opens up issues in the mentioned endpoint as the scope already existing in the pack. That should be removed by default and with the connector it should be make enable.

Hence access control needs to be sorted out for this endpoint and confirm the mentioned endpoint works.

[JeethJJ]

The mentioned API recourse need to be decided if its further required or we can remove entirely. This will be tracked through [1]. The contradicting api resource will be removed from the toml configs with [2]

[1] #22847
[2] wso2-extensions/identity-application-authz-xacml#61