[Fiware-lab-help] Fiware IdM

Pedro Gonçalves pgoncalves at plux.info
Wed Jul 8 10:32:43 CEST 2015

Previous message: [Fiware-lab-help] FIWARE GE questions
Next message: [Fiware-lab-help] R: Fiware IdM
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I'm trying to use the IdM.KeyRock - AuthZForce - PEP.Proxy trinity.

My application is registered in the IdM.KeyRock and already has the
authorization constricts for the users, using organizations and (HTTP VERB
+ RESOURCE) roles.

My (mobile) application is already developed and already successfully
implements the Oauth2 protocol. Meaning I am able to authenticate a user
and get his information from the IdM.KeyRock using the access token alone.

My main problem is the PEP.Proxy configuration (This PEP.Proxy is on top of
the Orion Context Broker). Supposedly, the endpoints of the IdM.KeyRock and
AuthZForce should be configured, but I can't find any reference to what the
endpoint of IdM's integrated AuthZForce is. This is my config.js file so
far, the red is where my problem lies:

var config = {};

config.resource = {
    original: {
        host: 'localhost',
        port: 1026
    },
    proxy: {
        port: 10026
    }
};

config.access = {
   protocol: 'http',
    host: 'localhost',
    port: 7000,
    path: '/validate'
}

config.authentication = {
    protocol: 'https',
    host: 'account.lab.fiware.org',
    port: 443,
    path: '/user'
}

config.ssl = {
    active: false,
    certFile: ''
}

config.logLevel = 'FATAL';

config.middlewares = {
    require: 'lib/services/orionPlugin',
    functions: [
        'extractCBAction'
    ]
};

config.componentName = 'contextbroker';

module.exports = config;

My second problem has to do with the actual information retrieved from the
IdM:

https://account.lab.fiware.org:443/user?access_token=xxXXxxXXxxXX

Let's suppose I asked for the information above and I got the following
response:

{
organizations:
[
0]
displayName: "JohnDoe"
roles:
[
0]
app_id: "33da9471ceXXXXXX5d8b0849f5a64ba"
email: "johndoe at domain.com"
id: "johndoe"
}


it says the user has no organizations, however, I actually added this
specific person to an organization (see attachment - printscreen of Account
Lab while Log'ed In with the example user  johndoe at domain.com).

What am I doing wrong? Is this something to do with domains and services? I
just want to use what I configured in the Account Portal (applications,
organizations and users).

Best Regards,
-- 

*[image: Inline image 1]*




*Pedro GonçalvesResearch Software EngineerPLUX - Wireless Biosignals, S.A.*
*Headquarters*

*Zona Industrial das Corredouras, Lt. 14 - 1º2630-369 Arruda dos
VinhosPortugalT: +351 263 978 572*
*Lisbon Office*
Av. 5 de Outubro, 70 - 8º
1050-059 Lisboa
Portugal
*T*: +351 211 956 542
*T*: +351 211 956 546
*F*: +351 211 956 531

*W*: www.plux.info
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-help/attachments/20150708/fd32b7dc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 5208 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-lab-help/attachments/20150708/fd32b7dc/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: JohnDoeGroups.JPG
Type: image/jpeg
Size: 43331 bytes
Desc: not available
URL: <https://lists.fiware.org/private/fiware-lab-help/attachments/20150708/fd32b7dc/attachment.jpe>

Previous message: [Fiware-lab-help] FIWARE GE questions
Next message: [Fiware-lab-help] R: Fiware IdM
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Fiware-lab-help mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy