[ https://jira.fiware.org/browse/HELP-15802?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Fernando Lopez updated HELP-15802:
----------------------------------
Description:
Created question in FIWARE Q/A platform on 09-05-2019 at 17:05
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/56062441/how-to-configure-fiware-components-to-avoid-azf-domain-not-created-for-applicati
+Question:+
How to configure FIWARE Components to avoid AZF domain not created for application response
+Description:+
I'm trying to configure a server with FIWARE Orion, FIWARE PepProxy Wilma, FIWARE IdM Keyrock, FIWARE Authzforce properly.
I arrived at the point in which the first 3 components work properly and interact with each other, but now I'm trying to insert autorization and I obtain the following error:
AZF domain not created for application.
I've already tried all the solutions presented at the following links but no one works:
https://fiware-pep-proxy.readthedocs.io/en/latest/user_guide/#level-2-basic-authorization
https://www.youtube.com/watch?v=coxFQEY0_So
How to configure the Fiware PEP WILMA proxy to use a Keyrock and Orion instance on my own servers
Fiware IDM+AuthZForce+PEP-Proxy-Wilma
Fiware - how to connect PEP proxy to Orion and configure both with HTTPS?
Fiware AuthZForce error: "AZF domain not created for application"
AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application"
https://www.slideshare.net/daltoncezane/integrating-fiware-orion-keyrock-and-wilma
“AZF domain not created for application” AuthZforce
Fiware AuthZForce error: "AZF domain not created for application"
Fiware suitable Components
In the following you can find the instructions to reproduce my scenario:
Install Orion by using the Docker container
Create a directory on your system on which to work (for example, /home/fiware-orion-docker).
Create a new file called docker-compose.yml inside your directory with the following contents:
mongo:
image: mongo:3.4
command: --nojournal
orion:
image: fiware/orion
links:
- mongo
ports:
- "1026:1026"
command: -dbhost mongo -logLevel DEBUG
dns:
- 208.67.222.222
- 208.67.220.220
PAY ATTENTION: without the DNS it will never send notifications!!!
PAY ATTENTION 2 (source ): Connections from docker containers get routed into the (iptables) FORWARD chain, this needs to be configured to allow connections through it. The default is to DROP the connections. Thus if you use a firewall you have to change it:
sudo nano /etc/default/ufw
Set DEFAULTFORWARDPOLICY to “ACCEPT”.
DEFAULT_FORWARD_POLICY="ACCEPT"
Save the file.
Reload ufw
sudo ufw reload
Within the directory you created, type the following command in the command line: sudo docker-compose up -d.
After a few seconds you should have your Context Broker running and listening on port 1026.
Check that everything works with
curl localhost:1026/version
Install FIWARE IdM Keyrock (used for authentication over the Orion Context Broker):
https://github.com/ging/fiware-idm
WARNING -1: (if the next command doesn't work:
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu artful stable" )
WARNING 0: if you have a firewall: DISABLE IT, otherwise docker-compose will not work
sudo apt-get install docker-compose
mkdir fiware-idm
cd fiware-idm
create docker-compose.yml
nano docker-compose.yml
version: "3.5"
services:
keyrock:
image: fiware/idm:7.6.0
container_name: fiware-keyrock
hostname: keyrock
networks:
default:
ipv4_address: 172.18.1.5
depends_on:
- mysql-db
ports:
- "3000:3000"
environment:
- DEBUG=idm:*
- IDM_DB_HOST=mysql-db
- IDM_HOST=http://localhost:3000
- IDM_PORT=3000
# Development use only
# Use Docker Secrets for Sensitive Data
- IDM_DB_PASS=secret
- IDM_DB_USER=root
- IDM_ADMIN_USER=admin
- IDM_ADMIN_EMAIL=admin at test.com
- IDM_ADMIN_PASS=1234
mysql-db:
restart: always
image: mysql:5.7
hostname: mysql-db
container_name: db-mysql
expose:
- "3306"
ports:
- "3306:3306"
networks:
default:
ipv4_address: 172.18.1.6
environment:
# Development use only
# Use Docker Secrets for Sensitive Data
- "MYSQL_ROOT_PASSWORD=secret"
- "MYSQL_ROOT_HOST=172.18.1.5"
volumes:
- mysql-db:/var/lib/mysql
networks:
default:
ipam:
config:
- subnet: 172.18.1.0/24
volumes:
mysql-db: ~
sudo docker-compose up -d (This will automatically download the two images and run the IdM Keyrock service. (-d is used to run it in background)).
Now you should be able to access the Identity Management tool through the website http://localhost:3000
username: admin at test.com
password: 1234
Register a new user and enable it through the interface
Then use the GUI to:
Create an "Organization" (e.g., ORGANIZ1)
Create an "application"
Step 1:
Name: Orion Idm
Description: Orion Idm
URL: http://localhost
Callback URL: http://localhost
Grant Type: Authorization Code, Implicit, Resource Owner Password, Client Credentials, Refresh Token
Provider: newuser
Step 2: leave empty
Step 3: choose "Provider"
Step 4:
click on "OAuth2 Credentials" and take notes of "Client ID" (94480bc9-43e8-4c15-ad45-0bb227e42e63) and "Client Secret" (4f6ye5y7-b90d-473a-3rr7-ea2f6dd43246)
Click on "PEP Proxy" and then on "Register a new PEP Proxy"
take notes of "Application Id" (94480bc9-43e8-4c15-ad45-0bb227e42e63), "Pep Proxy Username" (pep_proxy_dad356d2-dasa-4f95-a9hf-9ab06tccf929), and "Pep Proxy Password" (pep_proxy_a33667ec-57y1-498k-85aa-ef77ue5f6234)
Click on "Authorize" (Users) and authorize all the existing users with both roles (Purchaser and Provider for all the options)
Click on "Authorize" (Organizations) and authorize all the existing organizations with both roles (Purchaser and Provider for all the options)
Install the FIWARE Authzforce
sudo docker pull authzforce/server:latest (latest was 8.1.0 at the moment of writing)
sudo docker run -d -p 8085:8080 --name authzforce_server authzforce/server
Install the FIWARE PEP Proxy Wilma (used to enable https and authentication for Orion):
git clone https://github.com/ging/fiware-pep-proxy.git
cd fiware-pep-proxy
cp config.js.template config.js
nano config.js
var config = {};
// Used only if https is disabled
config.pep_port = 5056;
config.https = undefined
config.idm = {
host: 'localhost',
port: 3000,
ssl: false
}
config.app = {
host: 'localhost',
port: '1026',
ssl: false // Use true if the app server listens in https
}
config.response_type = 'code';
// Credentials obtained when registering PEP Proxy in app_id in Account Portal
config.pep = {
app_id: '91180bc9-43e8-4c14-ad45-0bb117e42e63',
username: 'pep_proxy_dad356d2-dasa-4f95-a9hf-9ab06tccf929',
password: 'pep_proxy_a33667ec-57y1-498k-85aa-ef77ue5f6234',
trusted_apps : []
}
// in seconds
config.cache_time = 300;
// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];
config.magic_key = undefined;
module.exports = config;
config.authorization = {
enabled: true,
pdp: 'authzforce', // idm|authzforce
azf: {
protocol: 'http',
host: 'localhost',
port: 8085,
custom_policy: undefined, // use undefined to default policy checks (HTTP verb + path).
}
}
install all the dependencies
npm install
run the proxy
sudo node server
Create a user role:
Reconnect to the IdM http://localhost:3000:
click on your application
click on Manage rules at the top of the page
click on the + button near Roles
Name: "trial"
Save
click on the + button near Permission
Permission Name: trial1
Description: trial1
HTTP action: GET
Resource: version
Save
come back to the application
Click on "Authorize" near "Authorized users"
Assign the "trial" role to your user
Now use PostMan to get a token:
connect to localhost:3000/oauth2/token and send the following parameters
Body:
username:
password:
grant_type: password
Header:
Content-Type: application/x-www-form-urlencoded
Authorization: BASIC
take note of the obtained access_token
Try to connect to Orion though http://localhost:5056/version with the following parameters:
Header:
X-auth-token:
You will obtain the following response:
AZF domain not created for application 91180bc9-43e8-4c14-ad45-0bb117e42e63
PS. If you (reader) are from FIWARE, please consider the possibility to update the documentation and the tutorials (404 errors in documentation may be useless ;-) ).
was:
Created question in FIWARE Q/A platform on 09-05-2019 at 17:05
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/56062441/how-to-configure-fiware-components-to-avoid-azf-domain-not-created-for-applicati
+Question:+
How to configure FIWARE Components to avoid AZF domain not created for application response
+Description:+
I'm trying to configure a server with FIWARE Orion, FIWARE PepProxy Wilma, FIWARE IdM Keyrock, FIWARE Authzforce properly.
I arrived at the point in which the first 3 components work properly and interact with each other, but now I'm trying to insert autorization and I obtain the following error:
AZF domain not created for application.
I've already tried all the solutions presented at the following links but no one works:
https://fiware-pep-proxy.readthedocs.io/en/latest/user_guide/#level-2-basic-authorization
https://www.youtube.com/watch?v=coxFQEY0_So
How to configure the Fiware PEP WILMA proxy to use a Keyrock and Orion instance on my own servers
Fiware IDM+AuthZForce+PEP-Proxy-Wilma
Fiware - how to connect PEP proxy to Orion and configure both with HTTPS?
Fiware AuthZForce error: "AZF domain not created for application"
AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application"
https://www.slideshare.net/daltoncezane/integrating-fiware-orion-keyrock-and-wilma
“AZF domain not created for application” AuthZforce
Fiware AuthZForce error: "AZF domain not created for application"
Fiware suitable Components
In the following you can find the instructions to reproduce my scenario:
Install Orion by using the Docker container
Create a directory on your system on which to work (for example, /home/fiware-orion-docker).
Create a new file called docker-compose.yml inside your directory with the following contents:
mongo:
image: mongo:3.4
command: --nojournal
orion:
image: fiware/orion
links:
- mongo
ports:
- "1026:1026"
command: -dbhost mongo -logLevel DEBUG
dns:
- 208.67.222.222
- 208.67.220.220
PAY ATTENTION: without the DNS it will never send notifications!!!
PAY ATTENTION 2 (source ): Connections from docker containers get routed into the (iptables) FORWARD chain, this needs to be configured to allow connections through it. The default is to DROP the connections. Thus if you use a firewall you have to change it:
sudo nano /etc/default/ufw
Set DEFAULTFORWARDPOLICY to “ACCEPT”.
DEFAULT_FORWARD_POLICY="ACCEPT"
Save the file.
Reload ufw
sudo ufw reload
Within the directory you created, type the following command in the command line: sudo docker-compose up -d.
After a few seconds you should have your Context Broker running and listening on port 1026.
Check that everything works with
curl localhost:1026/version
Install FIWARE IdM Keyrock (used for authentication over the Orion Context Broker):
https://github.com/ging/fiware-idm
WARNING -1: (if the next command doesn't work:
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu artful stable" )
WARNING 0: if you have a firewall: DISABLE IT, otherwise docker-compose will not work
sudo apt-get install docker-compose
mkdir fiware-idm
cd fiware-idm
create docker-compose.yml
nano docker-compose.yml
version: "3.5"
services:
keyrock:
image: fiware/idm:7.6.0
container_name: fiware-keyrock
hostname: keyrock
networks:
default:
ipv4_address: 172.18.1.5
depends_on:
- mysql-db
ports:
- "3000:3000"
environment:
- DEBUG=idm:*
- IDM_DB_HOST=mysql-db
- IDM_HOST=http://localhost:3000
- IDM_PORT=3000
# Development use only
# Use Docker Secrets for Sensitive Data
- IDM_DB_PASS=secret
- IDM_DB_USER=root
- IDM_ADMIN_USER=admin
- IDM_ADMIN_EMAIL=admin at test.com
- IDM_ADMIN_PASS=1234
mysql-db:
restart: always
image: mysql:5.7
hostname: mysql-db
container_name: db-mysql
expose:
- "3306"
ports:
- "3306:3306"
networks:
default:
ipv4_address: 172.18.1.6
environment:
# Development use only
# Use Docker Secrets for Sensitive Data
- "MYSQL_ROOT_PASSWORD=secret"
- "MYSQL_ROOT_HOST=172.18.1.5"
volumes:
- mysql-db:/var/lib/mysql
networks:
default:
ipam:
config:
- subnet: 172.18.1.0/24
volumes:
mysql-db: ~
sudo docker-compose up -d (This will automatically download the two images and run the IdM Keyrock service. (-d is used to run it in background)).
Now you should be able to access the Identity Management tool through the website http://localhost:3000
username: admin at test.com
password: 1234
Register a new user and enable it through the interface
Then use the GUI to:
Create an "Organization" (e.g., ORGANIZ1)
Create an "application"
Step 1:
Name: Orion Idm
Description: Orion Idm
URL: http://localhost
Callback URL: http://localhost
Grant Type: Authorization Code, Implicit, Resource Owner Password, Client Credentials, Refresh Token
Provider: newuser
Step 2: leave empty
Step 3: choose "Provider"
Step 4:
click on "OAuth2 Credentials" and take notes of "Client ID" (94480bc9-43e8-4c15-ad45-0bb227e42e63) and "Client Secret" (4f6ye5y7-b90d-473a-3rr7-ea2f6dd43246)
Click on "PEP Proxy" and then on "Register a new PEP Proxy"
take notes of "Application Id" (94480bc9-43e8-4c15-ad45-0bb227e42e63), "Pep Proxy Username" (pep_proxy_dad356d2-dasa-4f95-a9hf-9ab06tccf929), and "Pep Proxy Password" (pep_proxy_a33667ec-57y1-498k-85aa-ef77ue5f6234)
Click on "Authorize" (Users) and authorize all the existing users with both roles (Purchaser and Provider for all the options)
Click on "Authorize" (Organizations) and authorize all the existing organizations with both roles (Purchaser and Provider for all the options)
Install the FIWARE Authzforce
sudo docker pull authzforce/server:latest (latest was 8.1.0 at the moment of writing)
sudo docker run -d -p 8085:8080 --name authzforce_server authzforce/server
Install the FIWARE PEP Proxy Wilma (used to enable https and authentication for Orion):
git clone https://github.com/ging/fiware-pep-proxy.git
cd fiware-pep-proxy
cp config.js.template config.js
nano config.js
var config = {};
// Used only if https is disabled
config.pep_port = 5056;
config.https = undefined
config.idm = {
host: 'localhost',
port: 3000,
ssl: false
}
config.app = {
host: 'localhost',
port: '1026',
ssl: false // Use true if the app server listens in https
}
config.response_type = 'code';
// Credentials obtained when registering PEP Proxy in app_id in Account Portal
config.pep = {
app_id: '91180bc9-43e8-4c14-ad45-0bb117e42e63',
username: 'pep_proxy_dad356d2-dasa-4f95-a9hf-9ab06tccf929',
password: 'pep_proxy_a33667ec-57y1-498k-85aa-ef77ue5f6234',
trusted_apps : []
}
// in seconds
config.cache_time = 300;
// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];
config.magic_key = undefined;
module.exports = config;
config.authorization = {
enabled: true,
pdp: 'authzforce', // idm|authzforce
azf: {
protocol: 'http',
host: 'localhost',
port: 8085,
custom_policy: undefined, // use undefined to default policy checks (HTTP verb + path).
}
}
install all the dependencies
npm install
run the proxy
sudo node server
Create a user role:
Reconnect to the IdM http://localhost:3000:
click on your application
click on Manage rules at the top of the page
click on the + button near Roles
Name: "trial"
Save
click on the + button near Permission
Permission Name: trial1
Description: trial1
HTTP action: GET
Resource: version
Save
come back to the application
Click on "Authorize" near "Authorized users"
Assign the "trial" role to your user
Now use PostMan to get a token:
connect to localhost:3000/oauth2/token and send the following parameters
Body:
username:
password:
grant_type: password
Header:
Content-Type: application/x-www-form-urlencoded
Authorization: BASIC
take note of the obtained access_token
Try to connect to Orion though http://localhost:5056/version with the following parameters:
Header:
X-auth-token:
You will obtain the following response:
AZF domain not created for application 91180bc9-43e8-4c14-ad45-0bb117e42e63
PS. If you (reader) are from FIWARE, please consider the possibility to update the documentation and the tutorials (404 errors in documentation may be useless ;-) ).
HD-Enabler: AuthZForce
> [fiware-stackoverflow] How to configure FIWARE Components to avoid AZF domain not created for application response
> ------------------------------------------------------------------------------------------------------------------
>
> Key: HELP-15802
> URL: https://jira.fiware.org/browse/HELP-15802
> Project: Help-Desk
> Issue Type: Monitor
> Components: FIWARE-TECH-HELP
> Reporter: Backlog Manager
> Assignee: Jason Fox
> Labels: fiware, fiware-keyrock, fiware-orion, fiware-wilma
>
> Created question in FIWARE Q/A platform on 09-05-2019 at 17:05
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/56062441/how-to-configure-fiware-components-to-avoid-azf-domain-not-created-for-applicati
> +Question:+
> How to configure FIWARE Components to avoid AZF domain not created for application response
> +Description:+
> I'm trying to configure a server with FIWARE Orion, FIWARE PepProxy Wilma, FIWARE IdM Keyrock, FIWARE Authzforce properly.
> I arrived at the point in which the first 3 components work properly and interact with each other, but now I'm trying to insert autorization and I obtain the following error:
> AZF domain not created for application.
> I've already tried all the solutions presented at the following links but no one works:
> https://fiware-pep-proxy.readthedocs.io/en/latest/user_guide/#level-2-basic-authorization
> https://www.youtube.com/watch?v=coxFQEY0_So
> How to configure the Fiware PEP WILMA proxy to use a Keyrock and Orion instance on my own servers
> Fiware IDM+AuthZForce+PEP-Proxy-Wilma
> Fiware - how to connect PEP proxy to Orion and configure both with HTTPS?
> Fiware AuthZForce error: "AZF domain not created for application"
> AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application"
> https://www.slideshare.net/daltoncezane/integrating-fiware-orion-keyrock-and-wilma
> “AZF domain not created for application” AuthZforce
> Fiware AuthZForce error: "AZF domain not created for application"
> Fiware suitable Components
> In the following you can find the instructions to reproduce my scenario:
> Install Orion by using the Docker container
> Create a directory on your system on which to work (for example, /home/fiware-orion-docker).
> Create a new file called docker-compose.yml inside your directory with the following contents:
> mongo:
> image: mongo:3.4
> command: --nojournal
> orion:
> image: fiware/orion
> links:
> - mongo
> ports:
> - "1026:1026"
> command: -dbhost mongo -logLevel DEBUG
> dns:
> - 208.67.222.222
> - 208.67.220.220
> PAY ATTENTION: without the DNS it will never send notifications!!!
> PAY ATTENTION 2 (source ): Connections from docker containers get routed into the (iptables) FORWARD chain, this needs to be configured to allow connections through it. The default is to DROP the connections. Thus if you use a firewall you have to change it:
> sudo nano /etc/default/ufw
> Set DEFAULTFORWARDPOLICY to “ACCEPT”.
>
> DEFAULT_FORWARD_POLICY="ACCEPT"
> Save the file.
> Reload ufw
>
> sudo ufw reload
> Within the directory you created, type the following command in the command line: sudo docker-compose up -d.
> After a few seconds you should have your Context Broker running and listening on port 1026.
> Check that everything works with
> curl localhost:1026/version
> Install FIWARE IdM Keyrock (used for authentication over the Orion Context Broker):
> https://github.com/ging/fiware-idm
> WARNING -1: (if the next command doesn't work:
> sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu artful stable" )
> WARNING 0: if you have a firewall: DISABLE IT, otherwise docker-compose will not work
> sudo apt-get install docker-compose
> mkdir fiware-idm
> cd fiware-idm
> create docker-compose.yml
> nano docker-compose.yml
> version: "3.5"
> services:
> keyrock:
> image: fiware/idm:7.6.0
> container_name: fiware-keyrock
> hostname: keyrock
> networks:
> default:
> ipv4_address: 172.18.1.5
> depends_on:
> - mysql-db
> ports:
> - "3000:3000"
> environment:
> - DEBUG=idm:*
> - IDM_DB_HOST=mysql-db
> - IDM_HOST=http://localhost:3000
> - IDM_PORT=3000
> # Development use only
> # Use Docker Secrets for Sensitive Data
> - IDM_DB_PASS=secret
> - IDM_DB_USER=root
> - IDM_ADMIN_USER=admin
> - IDM_ADMIN_EMAIL=admin at test.com
> - IDM_ADMIN_PASS=1234
> mysql-db:
> restart: always
> image: mysql:5.7
> hostname: mysql-db
> container_name: db-mysql
> expose:
> - "3306"
> ports:
> - "3306:3306"
> networks:
> default:
> ipv4_address: 172.18.1.6
> environment:
> # Development use only
> # Use Docker Secrets for Sensitive Data
> - "MYSQL_ROOT_PASSWORD=secret"
> - "MYSQL_ROOT_HOST=172.18.1.5"
> volumes:
> - mysql-db:/var/lib/mysql
> networks:
> default:
> ipam:
> config:
> - subnet: 172.18.1.0/24
> volumes:
> mysql-db: ~
> sudo docker-compose up -d (This will automatically download the two images and run the IdM Keyrock service. (-d is used to run it in background)).
> Now you should be able to access the Identity Management tool through the website http://localhost:3000
> username: admin at test.com
> password: 1234
> Register a new user and enable it through the interface
> Then use the GUI to:
> Create an "Organization" (e.g., ORGANIZ1)
> Create an "application"
> Step 1:
> Name: Orion Idm
> Description: Orion Idm
> URL: http://localhost
> Callback URL: http://localhost
> Grant Type: Authorization Code, Implicit, Resource Owner Password, Client Credentials, Refresh Token
> Provider: newuser
> Step 2: leave empty
> Step 3: choose "Provider"
> Step 4:
> click on "OAuth2 Credentials" and take notes of "Client ID" (94480bc9-43e8-4c15-ad45-0bb227e42e63) and "Client Secret" (4f6ye5y7-b90d-473a-3rr7-ea2f6dd43246)
> Click on "PEP Proxy" and then on "Register a new PEP Proxy"
> take notes of "Application Id" (94480bc9-43e8-4c15-ad45-0bb227e42e63), "Pep Proxy Username" (pep_proxy_dad356d2-dasa-4f95-a9hf-9ab06tccf929), and "Pep Proxy Password" (pep_proxy_a33667ec-57y1-498k-85aa-ef77ue5f6234)
> Click on "Authorize" (Users) and authorize all the existing users with both roles (Purchaser and Provider for all the options)
> Click on "Authorize" (Organizations) and authorize all the existing organizations with both roles (Purchaser and Provider for all the options)
> Install the FIWARE Authzforce
> sudo docker pull authzforce/server:latest (latest was 8.1.0 at the moment of writing)
> sudo docker run -d -p 8085:8080 --name authzforce_server authzforce/server
> Install the FIWARE PEP Proxy Wilma (used to enable https and authentication for Orion):
> git clone https://github.com/ging/fiware-pep-proxy.git
> cd fiware-pep-proxy
> cp config.js.template config.js
> nano config.js
> var config = {};
> // Used only if https is disabled
> config.pep_port = 5056;
> config.https = undefined
> config.idm = {
> host: 'localhost',
> port: 3000,
> ssl: false
> }
> config.app = {
> host: 'localhost',
> port: '1026',
> ssl: false // Use true if the app server listens in https
> }
> config.response_type = 'code';
> // Credentials obtained when registering PEP Proxy in app_id in Account Portal
> config.pep = {
> app_id: '91180bc9-43e8-4c14-ad45-0bb117e42e63',
> username: 'pep_proxy_dad356d2-dasa-4f95-a9hf-9ab06tccf929',
> password: 'pep_proxy_a33667ec-57y1-498k-85aa-ef77ue5f6234',
> trusted_apps : []
> }
> // in seconds
> config.cache_time = 300;
> // list of paths that will not check authentication/authorization
> // example: ['/public/*', '/static/css/']
> config.public_paths = [];
> config.magic_key = undefined;
> module.exports = config;
> config.authorization = {
> enabled: true,
> pdp: 'authzforce', // idm|authzforce
> azf: {
> protocol: 'http',
> host: 'localhost',
> port: 8085,
> custom_policy: undefined, // use undefined to default policy checks (HTTP verb + path).
> }
> }
> install all the dependencies
> npm install
> run the proxy
> sudo node server
> Create a user role:
> Reconnect to the IdM http://localhost:3000:
> click on your application
> click on Manage rules at the top of the page
> click on the + button near Roles
> Name: "trial"
> Save
> click on the + button near Permission
> Permission Name: trial1
> Description: trial1
> HTTP action: GET
> Resource: version
> Save
> come back to the application
> Click on "Authorize" near "Authorized users"
> Assign the "trial" role to your user
> Now use PostMan to get a token:
> connect to localhost:3000/oauth2/token and send the following parameters
> Body:
> username:
> password:
> grant_type: password
> Header:
> Content-Type: application/x-www-form-urlencoded
> Authorization: BASIC
> take note of the obtained access_token
> Try to connect to Orion though http://localhost:5056/version with the following parameters:
> Header:
> X-auth-token:
> You will obtain the following response:
> AZF domain not created for application 91180bc9-43e8-4c14-ad45-0bb117e42e63
> PS. If you (reader) are from FIWARE, please consider the possibility to update the documentation and the tutorials (404 errors in documentation may be useless ;-) ).
--
This message was sent by Atlassian JIRA
(v6.4.1#64016)
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy