[Backlogmanager] [FIWARE-JIRA] (HELP-8834) [fiware-stackoverflow] AuthZForce Security Level 2: Basic Authorization error " AZF domain not created for application"

[José Ignacio Carretero Guarde (JIRA)]

     [ https://jira.fiware.org/browse/HELP-8834?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

José Ignacio Carretero Guarde updated HELP-8834:
------------------------------------------------
    Labels: authzforce fiware fiware-wilma  (was: fiware fiware-wilma)

> [fiware-stackoverflow] AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application"
> --------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HELP-8834
>                 URL: https://jira.fiware.org/browse/HELP-8834
>             Project: Help-Desk
>          Issue Type: Monitor
>          Components: FIWARE-TECH-HELP
>            Reporter: Backlog Manager
>              Labels: authzforce, fiware, fiware-wilma
>
> Created question in FIWARE Q/A platform on 13-04-2016 at 20:04
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/36606813/authzforce-security-level-2-basic-authorization-error-azf-domain-not-created-f
> +Question:+
> AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application"
> +Description:+
> We are trying to deploy our security layer (KeyRock, Wilma, AuthZForce) to protect our Orion instance.
> We are able to have security level 1 (authentication) with Keyrock and Wilma working, but when we try to insert AuthZForce to check the verb+resource authorization we get the error message:
>   AZF domain not created for application
> In the PEP Proxy User Guide, under "Level 2: Basic Authorization" section, it is stated that we have to configure the roles and permissions for the user in the application. I have created my user and registered my application following the steps on the Fiware IdM User and Programmers Guide. I also created an additional rule to match exactly the resource that I'm trying to GET to guarantee that there is no path mistake.
> I am also able to create domains as stated in the AuthZForce - Installation and Administration Guide but I don't know how to bind the Domain ID with user roles when creating them. I've searched in the IdM GUI and in the documentation but I couldn't find how to do it.
> So, how can I insert users/organizations/applications under a specific domain, and then have the security level 2?
> Update:
> My Wima's config.js file has this section:
> ...
> config.azf = {
>     enabled: true,
>     host: 'authzforce',
>     port: 8080,
>     path: '/authzforce/domains/',
>     custom_policy: undefined
> };
> ...
> And my docker-compose.yml file is:
> pepwilma:
>     image: ging/fiware-pep-proxy
>     container_name: test_pepwilma
>     hostname: pepwilma
>     volumes:
>         - ./wilma/config.js:/opt/fiware-pep-proxy/config.js
>     links:
>         - idm
>         - authzforce
>     ports:
>         - "88:80"
> idm:
>     image: fiware/idm
>     container_name: test_idm
>     links:
>         - authzforce
>     ports:
>         - "5000:5000"
>         - "8000:8000"
> authzforce:
>     image: fiware/authzforce-ce-server
>     container_name: test_authzforce
>     hostname: authzforce
>     ports:
>       - "8080:8080"



--
This message was sent by Atlassian JIRA
(v6.4.1#64016)