[Backlogmanager] [FIWARE-JIRA] (HELP-14344) FIWARE.Question.Tech.User not authorized in AZF for the given action and resource.

Fernando Lopez (JIRA) jira-help-desk at jira.fiware.org
Tue Sep 11 15:30:00 CEST 2018

Previous message: [Backlogmanager] [FIWARE-JIRA] (HELP-14376) [fiware-stackoverflow] Can I create a subscription that notifies only those context attributes that has changed?
Next message: [Backlogmanager] [FIWARE-JIRA] (HELP-14329) FIWARE.Question.Tech.Error: Failed to update policies in Access Control GE.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     [ https://jira.fiware.org/browse/HELP-14344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Fernando Lopez updated HELP-14344:
----------------------------------
    Description: 
Created question in FIWARE Q/A platform on 26-06-2018 at 11:06
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/51039099/user-not-authorized-in-azf-for-the-given-action-and-resource


+Question:+
User not authorized in AZF for the given action and resource

+Description:+
I have issues with pep-proxy and authzforce.


Authzforce running on docker:release-8.0.1.
Pep proxy from github, version 5.4/6.2.
IDM running on docker version 6.2


So i was able to integrate idm and authzfoce, domain is being created successfully. Roles and permissions are also being created and IDM show no issues or errors on this.

My setup is 2 users, one user is owner/provider of application and second user is member and have role ( role name Pilot ) with permission to access certain resource.

Additional info:

{
"organizations":[],
"displayName": "igor",
"roles":[
{
"name": "Pilot",
"id": "04a1d98fc4cb4cf8a16d41090c465734"
}
],
"app_id": "b32c080923ab49dcbfaa75402cb8d1bc",
"isGravatarEnabled": false,
"email": "igor at patka.rs",
"id": "igor",
"app_azf_domain": "LpYVX3hzEeii_gJCrBEAAg"
}


So role, domain are created and they exist.

Then in my application i authorize user successfully by adding them roles...

Now issue is pep-proxy always showing that user is not authorized for given resource, i looked into logs and what is happening is authzfore response is deny to requests pep is making witch show pep is behaving correctly.

2018-06-26 00:56:14.077  - INFO: Server - Starting PEP proxy in port 81. 
Keystone authentication ...
2018-06-26 00:56:14.456  - INFO: Server - Success authenticating PEP proxy. 
Proxy Auth-token:  06b90ad45f5b4c42a21d39a038e8426b
2018-06-26 00:56:17.416  - INFO: IDM-Client - Checking token with IDM...
2018-06-26 00:56:17.517  - INFO: AZF-Client - Checking auth with AZF...
2018-06-26 00:56:17.518  - INFO: AZF-Client - Checking authorization to roles 
[ '04a1d98fc4cb4cf8a16d41090c465734' ] to do  GET  on  version and app  
b32c080923ab49dcbfaa75402cb8d1bc
2018-06-26 00:56:17.522  - INFO: AZF-Client - Checking auth with AZF...
2018-06-26 00:56:17.781  - ERROR: Root - User access-token not authorized:  
User not authorized in AZF for the given action and resource


So my issue and question here is what i missed why authzforce is always responding with deny, even domain is created and all actions with idm where successful.

I know that older versions could be problem, but latest version of IDM is not working for me with authz, and pep-proxy latest version is not working with older versions of idm (compatible with 7.0) so im in tricky spot here.

Thanks


  was:

Created question in FIWARE Q/A platform on 26-06-2018 at 11:06
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/51039099/user-not-authorized-in-azf-for-the-given-action-and-resource


+Question:+
User not authorized in AZF for the given action and resource

+Description:+
I have issues with pep-proxy and authzforce.


Authzforce running on docker:release-8.0.1.
Pep proxy from github, version 5.4/6.2.
IDM running on docker version 6.2


So i was able to integrate idm and authzfoce, domain is being created successfully. Roles and permissions are also being created and IDM show no issues or errors on this.

My setup is 2 users, one user is owner/provider of application and second user is member and have role ( role name Pilot ) with permission to access certain resource.

Additional info:

{
"organizations":[],
"displayName": "igor",
"roles":[
{
"name": "Pilot",
"id": "04a1d98fc4cb4cf8a16d41090c465734"
}
],
"app_id": "b32c080923ab49dcbfaa75402cb8d1bc",
"isGravatarEnabled": false,
"email": "igor at patka.rs",
"id": "igor",
"app_azf_domain": "LpYVX3hzEeii_gJCrBEAAg"
}


So role, domain are created and they exist.

Then in my application i authorize user successfully by adding them roles...

Now issue is pep-proxy always showing that user is not authorized for given resource, i looked into logs and what is happening is authzfore response is deny to requests pep is making witch show pep is behaving correctly.

2018-06-26 00:56:14.077  - INFO: Server - Starting PEP proxy in port 81. 
Keystone authentication ...
2018-06-26 00:56:14.456  - INFO: Server - Success authenticating PEP proxy. 
Proxy Auth-token:  06b90ad45f5b4c42a21d39a038e8426b
2018-06-26 00:56:17.416  - INFO: IDM-Client - Checking token with IDM...
2018-06-26 00:56:17.517  - INFO: AZF-Client - Checking auth with AZF...
2018-06-26 00:56:17.518  - INFO: AZF-Client - Checking authorization to roles 
[ '04a1d98fc4cb4cf8a16d41090c465734' ] to do  GET  on  version and app  
b32c080923ab49dcbfaa75402cb8d1bc
2018-06-26 00:56:17.522  - INFO: AZF-Client - Checking auth with AZF...
2018-06-26 00:56:17.781  - ERROR: Root - User access-token not authorized:  
User not authorized in AZF for the given action and resource


So my issue and question here is what i missed why authzforce is always responding with deny, even domain is created and all actions with idm where successful.

I know that older versions could be problem, but latest version of IDM is not working for me with authz, and pep-proxy latest version is not working with older versions of idm (compatible with 7.0) so im in tricky spot here.

Thanks


     HD-Enabler: Wilma

> FIWARE.Question.Tech.User not authorized in AZF for the given action and resource.
> ----------------------------------------------------------------------------------
>
>                 Key: HELP-14344
>                 URL: https://jira.fiware.org/browse/HELP-14344
>             Project: Help-Desk
>          Issue Type: Monitor
>          Components: FIWARE-TECH-HELP
>            Reporter: Backlog Manager
>            Assignee: Alvaro Alonso
>              Labels: authzforce, fiware, fiware-wilma
>
> Created question in FIWARE Q/A platform on 26-06-2018 at 11:06
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/51039099/user-not-authorized-in-azf-for-the-given-action-and-resource
> +Question:+
> User not authorized in AZF for the given action and resource
> +Description:+
> I have issues with pep-proxy and authzforce.
> Authzforce running on docker:release-8.0.1.
> Pep proxy from github, version 5.4/6.2.
> IDM running on docker version 6.2
> So i was able to integrate idm and authzfoce, domain is being created successfully. Roles and permissions are also being created and IDM show no issues or errors on this.
> My setup is 2 users, one user is owner/provider of application and second user is member and have role ( role name Pilot ) with permission to access certain resource.
> Additional info:
> {
> "organizations":[],
> "displayName": "igor",
> "roles":[
> {
> "name": "Pilot",
> "id": "04a1d98fc4cb4cf8a16d41090c465734"
> }
> ],
> "app_id": "b32c080923ab49dcbfaa75402cb8d1bc",
> "isGravatarEnabled": false,
> "email": "igor at patka.rs",
> "id": "igor",
> "app_azf_domain": "LpYVX3hzEeii_gJCrBEAAg"
> }
> So role, domain are created and they exist.
> Then in my application i authorize user successfully by adding them roles...
> Now issue is pep-proxy always showing that user is not authorized for given resource, i looked into logs and what is happening is authzfore response is deny to requests pep is making witch show pep is behaving correctly.
> 2018-06-26 00:56:14.077  - INFO: Server - Starting PEP proxy in port 81. 
> Keystone authentication ...
> 2018-06-26 00:56:14.456  - INFO: Server - Success authenticating PEP proxy. 
> Proxy Auth-token:  06b90ad45f5b4c42a21d39a038e8426b
> 2018-06-26 00:56:17.416  - INFO: IDM-Client - Checking token with IDM...
> 2018-06-26 00:56:17.517  - INFO: AZF-Client - Checking auth with AZF...
> 2018-06-26 00:56:17.518  - INFO: AZF-Client - Checking authorization to roles 
> [ '04a1d98fc4cb4cf8a16d41090c465734' ] to do  GET  on  version and app  
> b32c080923ab49dcbfaa75402cb8d1bc
> 2018-06-26 00:56:17.522  - INFO: AZF-Client - Checking auth with AZF...
> 2018-06-26 00:56:17.781  - ERROR: Root - User access-token not authorized:  
> User not authorized in AZF for the given action and resource
> So my issue and question here is what i missed why authzforce is always responding with deny, even domain is created and all actions with idm where successful.
> I know that older versions could be problem, but latest version of IDM is not working for me with authz, and pep-proxy latest version is not working with older versions of idm (compatible with 7.0) so im in tricky spot here.
> Thanks



--
This message was sent by Atlassian JIRA
(v6.4.1#64016)

Previous message: [Backlogmanager] [FIWARE-JIRA] (HELP-14376) [fiware-stackoverflow] Can I create a subscription that notifies only those context attributes that has changed?
Next message: [Backlogmanager] [FIWARE-JIRA] (HELP-14329) FIWARE.Question.Tech.Error: Failed to update policies in Access Control GE.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Backlogmanager mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy