I created a demo to demonstrates a problem (cache?) in PDP API on WSO2 IS.
My demo creates a policy and two tests to validate, and result OK (first test PERMIT and second DENY)
On first run, the results are displayed correctly (OK).
Via Carbon web interface, I delete all policies in PAP (and PDP), and ran again my Python demo, and the result is wrong (two tests result DENY).
My demo (see the README file for environment and configuration details): https://github.com/welkson/WSO2-PDP-CacheTest
I've tried to disable caching of WSO2, but had no effect.
Tested with WSO2 IS 5.3 and 5.4.0-alpha2.
Looks like its the same issue as that is reported in https://wso2.org/jira/browse/IDENTITY-5603. I have increased the priority so that this will be addressed in the next immediate release.
You can follow up with JIRA for the the progress of the fix.
Possible Workaround:
Clear the cache using the EntitlementAdminService https://localhost:9443/services/EntitlementService?wsdl
Follow [1] to get an idea on how to invoke admin services.
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://org.apache.axis2/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:clearPolicyCache/>
</soapenv:Body>
</soapenv:Envelope>
[1] https://docs.wso2.com/display/IS530/Entitlement+using+SOAP+Service