[Backlogmanager] [FIWARE-JIRA] (HELP-14344) [fiware-stackoverflow] User not authorized in AZF for the given action and resource

[Alvaro Alonso (JIRA)]

     [ https://jira.fiware.org/browse/HELP-14344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alvaro Alonso closed HELP-14344.
--------------------------------
    Resolution: Dismissed

> [fiware-stackoverflow] User not authorized in AZF for the given action and resource
> -----------------------------------------------------------------------------------
>
>                 Key: HELP-14344
>                 URL: https://jira.fiware.org/browse/HELP-14344
>             Project: Help-Desk
>          Issue Type: Monitor
>          Components: FIWARE-TECH-HELP
>            Reporter: Backlog Manager
>            Assignee: Alvaro Alonso
>              Labels: authzforce, fiware, fiware-wilma
>
> Created question in FIWARE Q/A platform on 26-06-2018 at 11:06
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/51039099/user-not-authorized-in-azf-for-the-given-action-and-resource
> +Question:+
> User not authorized in AZF for the given action and resource
> +Description:+
> I have issues with pep-proxy and authzforce.
> Authzforce running on docker:release-8.0.1.
> Pep proxy from github, version 5.4/6.2.
> IDM running on docker version 6.2
> So i was able to integrate idm and authzfoce, domain is being created successfully. Roles and permissions are also being created and IDM show no issues or errors on this.
> My setup is 2 users, one user is owner/provider of application and second user is member and have role ( role name Pilot ) with permission to access certain resource.
> Additional info:
> {
> "organizations":[],
> "displayName": "igor",
> "roles":[
> {
> "name": "Pilot",
> "id": "04a1d98fc4cb4cf8a16d41090c465734"
> }
> ],
> "app_id": "b32c080923ab49dcbfaa75402cb8d1bc",
> "isGravatarEnabled": false,
> "email": "igor at patka.rs",
> "id": "igor",
> "app_azf_domain": "LpYVX3hzEeii_gJCrBEAAg"
> }
> So role, domain are created and they exist.
> Then in my application i authorize user successfully by adding them roles...
> Now issue is pep-proxy always showing that user is not authorized for given resource, i looked into logs and what is happening is authzfore response is deny to requests pep is making witch show pep is behaving correctly.
> 2018-06-26 00:56:14.077  - INFO: Server - Starting PEP proxy in port 81. 
> Keystone authentication ...
> 2018-06-26 00:56:14.456  - INFO: Server - Success authenticating PEP proxy. 
> Proxy Auth-token:  06b90ad45f5b4c42a21d39a038e8426b
> 2018-06-26 00:56:17.416  - INFO: IDM-Client - Checking token with IDM...
> 2018-06-26 00:56:17.517  - INFO: AZF-Client - Checking auth with AZF...
> 2018-06-26 00:56:17.518  - INFO: AZF-Client - Checking authorization to roles 
> [ '04a1d98fc4cb4cf8a16d41090c465734' ] to do  GET  on  version and app  
> b32c080923ab49dcbfaa75402cb8d1bc
> 2018-06-26 00:56:17.522  - INFO: AZF-Client - Checking auth with AZF...
> 2018-06-26 00:56:17.781  - ERROR: Root - User access-token not authorized:  
> User not authorized in AZF for the given action and resource
> So my issue and question here is what i missed why authzforce is always responding with deny, even domain is created and all actions with idm where successful.
> I know that older versions could be problem, but latest version of IDM is not working for me with authz, and pep-proxy latest version is not working with older versions of idm (compatible with 7.0) so im in tricky spot here.
> Thanks



--
This message was sent by Atlassian JIRA
(v6.4.1#64016)