[Backlogmanager] [FIWARE-JIRA] (HELP-13936) [fiware-stackoverflow] Fiware - Configure AuthZForce with PEP Proxy

Alvaro Alonso (JIRA) jira-help-desk at jira.fiware.org
Mon Apr 23 14:59:00 CEST 2018

Previous message: [Backlogmanager] [FIWARE-JIRA] (HELP-13936) [fiware-stackoverflow] Fiware - Configure AuthZForce with PEP Proxy
Next message: [Backlogmanager] [FIWARE-JIRA] (HELP-13936) [fiware-stackoverflow] Fiware - Configure AuthZForce with PEP Proxy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     [ https://jira.fiware.org/browse/HELP-13936?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alvaro Alonso updated HELP-13936:
---------------------------------
    Status: In Progress  (was: Open)

> [fiware-stackoverflow] Fiware - Configure AuthZForce with PEP Proxy
> -------------------------------------------------------------------
>
>                 Key: HELP-13936
>                 URL: https://jira.fiware.org/browse/HELP-13936
>             Project: Help-Desk
>          Issue Type: Monitor
>          Components: FIWARE-TECH-HELP
>            Reporter: Backlog Manager
>            Assignee: Alvaro Alonso
>              Labels: authentication, docker, fiware, fiware-orion, fiware-wilma
>
> Created question in FIWARE Q/A platform on 06-04-2018 at 05:04
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/49684767/fiware-configure-authzforce-with-pep-proxy
> +Question:+
> Fiware - Configure AuthZForce with PEP Proxy
> +Description:+
> I deployed Orion, Cygnus, Keyrock and PEP proxy using docker compose as you can see on the repository. But the security level implemented is not the desired.
> keystone_url = "http://localhost:5000"
> keyrock_url  = "http://localhost:8000"
> orion        = "http://localhost"
> def test_authzforce(create=0,usuario="idm",nombre="",password="idm",correo=""):
>     if(create != 0):
>         ktoken=get_token(keystone_url)
>         create_user(keystone_url, ktoken,usuario,nombre,password,correo)
>     token = get_access_token(keyrock_url,usuario,password)
>     entities = get_all_entities(orion,token)
>     print("""
>     user:\t\t{}
>     token:\t\t{}
>     result:\t\t{}
>     """.format(usuario,token,entities))
> test_authzforce()
> test_authzforce(1,"test1","test1","test1","tes1t at test.com")
> using this Python package, in the first call of the function, it uses the admin user to get the token, getting all the entities on Orion later. But in the second call the functions creates a new user without any authorization in the keyrock application and despite this can get the entities.
> user:       idm
> token:      ggeWahMo3x7gV7IAkg3hzzoRshEd6Y
> result:     []
> user:       test1
> token:      zDTCiE7GkEFujQSGRjYs76SqL6hkad
> result:     []
> [Finished in 2.1s]
> Then, trying to implement Authzforce on this docker compose file, got this results,Without giving access permissions to the same administrator:
> user:       idm
> token:      DZKTmiV289FPclWKwceiTi7JhvuIUq
> result:     User token not authorized
> user:       test1
> token:      nPH8fdLQeDdJg6Bi1riJfRYybqITud
> result:     User token not authorized
> [Finished in 2.0s] 
> And this error on console
> here you have all my authzforce configurations:
> Local_Settings GE Access control
> Pep proxy configuration
> azj.js cast recomended on the issue on link 8 
> Issue 36 pep proxy ()



--
This message was sent by Atlassian JIRA
(v6.4.1#64016)

Previous message: [Backlogmanager] [FIWARE-JIRA] (HELP-13936) [fiware-stackoverflow] Fiware - Configure AuthZForce with PEP Proxy
Next message: [Backlogmanager] [FIWARE-JIRA] (HELP-13936) [fiware-stackoverflow] Fiware - Configure AuthZForce with PEP Proxy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Backlogmanager mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy