[Fiware-lab-help] FIWARE Lab Assistance

Calvo Alonso, Daniel daniel.calvo at atos.net
Tue May 9 10:08:33 CEST 2017 

Hi,

I am trying to use FIWARE security Generic Enablers: PEP Proxy, IDM KeyRock and AuthZForce. Specifically, I am using the instances available to trial users in the url https://account.lab.fiware.org.

My problem is related with level 1 of authorization. I have configured PEP proxy to check permissions using AuthZForce as you can see below:

config.azf = {
        enabled: true,
        protocol: 'https',
    host: 'auth.lab.fiware.org',
    port: 6019,
    custom_policy: undefined // use undefined to default policy checks (HTTP verb + path).
};

My application only has an authorized user. When I send requests to PEP proxy with an authorized user's token, everything goes OK:

2017-05-09 08:56:29.958  - INFO: AZF-Client - Checking authorization to roles [ '106' ] to do  GET  on   and app  43bb03d87eb742918aaef19fcd41a002
2017-05-09 08:56:29.963  - INFO: AZF-Client - Checking auth with AZF...
2017-05-09 08:56:30.388  - INFO: Root - Access-token OK. Redirecting to app...

Nevertheless, if I use a token for an unauthorized user, the result is the same:

2017-05-09 08:58:09.501  - INFO: AZF-Client - Checking authorization to roles [] to do  GET  on   and app  43bb03d87eb742918aaef19fcd41a002
2017-05-09 08:58:09.502  - INFO: AZF-Client - Checking auth with AZF...
2017-05-09 08:58:09.876  - INFO: Root - Access-token OK. Redirecting to app...

As you can see in the output of PEP Proxy, the user does not have a role in the app but the request is approved.



Daniel Calvo Alonso
Energy and Transport Market
Atos Research and Innovation
Tel: +34 946 66 20 82
daniel.calvo at atos.net<mailto:daniel.calvo at atos.net>
C/Real Consulado s/n,
Polígono Industrial Candina
39011 Santander
https://atos.net/en/insights-and-innovation/innovation-labs


Feel free to download our booklet at
https://atos.net/wp-content/uploads/2017/01/atos-ari-2016.pdf

This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.

Este mensaje y los ficheros adjuntos pueden contener información confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente y pueden estar protegidos por secreto profesional.
Si usted recibe este correo electrónico por error, gracias por informar inmediatamente al remitente y destruir el mensaje.
Al no estar asegurada la integridad de este mensaje sobre la red, Atos no se hace responsable por su contenido. Su contenido no constituye ningún compromiso para el grupo Atos, salvo ratificación escrita por ambas partes.
Aunque se esfuerza al máximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no será responsable de cualesquiera daños que puedan resultar de una transmisión de virus.


This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.

Este mensaje y los ficheros adjuntos pueden contener información confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente y pueden estar protegidos por secreto profesional.
Si usted recibe este correo electrónico por error, gracias por informar inmediatamente al remitente y destruir el mensaje.
Al no estar asegurada la integridad de este mensaje sobre la red, Atos no se hace responsable por su contenido. Su contenido no constituye ningún compromiso para el grupo Atos, salvo ratificación escrita por ambas partes.
Aunque se esfuerza al máximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no será responsable de cualesquiera daños que puedan resultar de una transmisión de virus.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-help/attachments/20170509/02d95497/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture (Device Independent Bitmap) 1.jpg
Type: image/jpeg
Size: 894 bytes
Desc: Picture (Device Independent Bitmap) 1.jpg
URL: <https://lists.fiware.org/private/fiware-lab-help/attachments/20170509/02d95497/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Picture (Device Independent Bitmap) 2.jpg
Type: image/jpeg
Size: 2012 bytes
Desc: Picture (Device Independent Bitmap) 2.jpg
URL: <https://lists.fiware.org/private/fiware-lab-help/attachments/20170509/02d95497/attachment-0001.jpg>

More information about the Fiware-lab-help mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy   Cookies policy