[Backlogmanager] [FIWARE-JIRA] (HELP-8815) [fiware-stackoverflow] Fiware: Setting up AuthZForce with idm and pep proxy

[Fernando Lopez (JIRA)]

     [ https://jira.fiware.org/browse/HELP-8815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Fernando Lopez updated HELP-8815:
---------------------------------
    HD-Chapter: Security
    HD-Enabler: AuthZForce

> [fiware-stackoverflow] Fiware: Setting up AuthZForce with idm and pep proxy
> ---------------------------------------------------------------------------
>
>                 Key: HELP-8815
>                 URL: https://jira.fiware.org/browse/HELP-8815
>             Project: Help-Desk
>          Issue Type: Monitor
>          Components: FIWARE-TECH-HELP
>            Reporter: Backlog Manager
>            Assignee: Cyril Dangerville
>              Labels: authzforce, fiware, fiware-wilma, proxy
>
> Created question in FIWARE Q/A platform on 12-11-2015 at 17:11
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/33676409/fiware-setting-up-authzforce-with-idm-and-pep-proxy
> +Question:+
> Fiware: Setting up AuthZForce with idm and pep proxy
> +Description:+
> I have configured PEP proxy GE and IDM GE, and now Basic authentication works great.
> Now i want to set up Level 2:Basic authorization system with http verb and resource path checking, and for that i need AuthZForce GE.
> I installed AuthZForce on same server as IDM, created default domain on authZforce with id 562285a1-8950-11e5-980f-6bf3c4dac98a and configured
> pep proxy config.js file
> config.pep_port = 80;
> config.account_host = 'https://192.168.4.180';
> config.keystone_host = '192.168.4.180';
> config.keystone_port = 5000;
> config.app_host = 'localhost';
> config.app_port = '8000';
> config.azf = {
> enabled: true,
> host: '192.168.4.180',
> port: 8080,
> path: '/authzforce/domains/562285a1-8950-11e5-980f-6bf3c4dac98a/pdp'
> };
> And now when i try to access to some page via curl:
> sudo curl -H "X-Auth-Token: vPTru5ikuyLcxf6ujV23V3l4GFNpF5" http://localhost/home/login/
> I get this error in the client:
> Error in AZF communication
> And this error on pep proxy:
> 2015-11-12 17:09:13.040  - INFO: IDM-Client - Checking token with IDM...
> 2015-11-12 17:09:13.086  - INFO: AZF-Client - Checking auth with AZF...
> 2015-11-12 17:09:13.087  - INFO: AZF-Client - Checking authorization to roles [ '4806909eb4b646c7a1f11ad9f9ed53ed',
>   '09dc1bdba42c48de9e15e88816284cbc',
>   '5786623590bc4f3ab01c61733a13ee6d',
>   'e3fe52a0c6c34fe395bb087f42d1cc72',
>   '44151592f3814929a59d1c1e7022a0bb' ] to do  GET  on  home/login/
>  and app  aea8f4a70b87422cb48068db9f0c6aea
> 2015-11-12 17:09:13.117  - ERROR: Root - Error in AZF communication  
> Error: 139773139036032:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:
> unknown protocol:s23_clnt.c:795:
> PEP Proxy is running on port 80
> and IDM is running on 443 port.
> What could be a problem?
> Should all these services be delivered via https or is that irrelevant?



--
This message was sent by Atlassian JIRA
(v6.4.1#64016)