[ https://jira.fiware.org/browse/HELP-6964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=53390#comment-53390 ]
Fernando Lopez edited comment on HELP-6964 at 9/24/19 8:39 AM:
---------------------------------------------------------------
Dear Sir,
We have finally managed to get AuthZForce up and running (despite the fact
it's version 4.4.1b and not the latest version). We used the available
image on Docker Hub. To achieve this we used this guide:
http://authzforce-ce-fiware.readthedocs.io/en/release-4.4.1d/InstallationAndAdministrationGuide.html#domain-creation
We tried linking idm and AuthZForce. These are the steps we took:
- We created a domain in AuthZForce
- In the local_settings.py file in horizon we changed the ACCESS_CONTROL_URL
to: http://idm.dev.
babbler.io:8080/authzforce-ce/domains/ZWMqg1NHEea4zwJCrBEAAw/pap/policies
- In our idm app, we created a role and a permission and tried to assign
the permission to the role, when clicking on the save button we get a page
full of errors (see .html attachment for the error messages)
The policy does not appear in our
http://idm.dev.babbler.io:8080/authzforce-ce/domains/ZWMqg1NHEea4zwJCrBEAAw/pap/policies
xml tree.
Roles are permissions do get saved in our keystone database,
but apparently can't be linked to each other.
We are stumped and have no idea what's going on.
What are we doing wrong? Hopefully you could shed some light on the
situation. We would appreciate an answer asap, as we would like to get it
working before the end of our sprint.
Met vriendelijke groet/Kind regards,
was (Author: fw.external.urser):
Comment by k.patenaude at itude.com :
Dear Sir,
We have finally managed to get AuthZForce up and running (despite the fact
it's version 4.4.1b and not the latest version). We used the available
image on Docker Hub. To achieve this we used this guide:
http://authzforce-ce-fiware.readthedocs.io/en/release-4.4.1d/InstallationAndAdministrationGuide.html#domain-creation
We tried linking idm and AuthZForce. These are the steps we took:
- We created a domain in AuthZForce
- In the local_settings.py file in horizon we changed the ACCESS_CONTROL_URL
to: http://idm.dev.
babbler.io:8080/authzforce-ce/domains/ZWMqg1NHEea4zwJCrBEAAw/pap/policies
- In our idm app, we created a role and a permission and tried to assign
the permission to the role, when clicking on the save button we get a page
full of errors (see .html attachment for the error messages)
The policy does not appear in our
http://idm.dev.babbler.io:8080/authzforce-ce/domains/ZWMqg1NHEea4zwJCrBEAAw/pap/policies
xml tree.
Roles are permissions do get saved in our keystone database,
but apparently can't be linked to each other.
We are stumped and have no idea what's going on.
What are we doing wrong? Hopefully you could shed some light on the
situation. We would appreciate an answer asap, as we would like to get it
working before the end of our sprint.
Met vriendelijke groet/Kind regards,
*Kirstie Patenaude*
Mobile Software Engineer
Lageweg 2
3703 CA Zeist
■ *Mob:* +31(0)6 51 13 56 18
■ *Tel. receptie:* +31(0)30 699 70 20
■ *Mail:* k.patenaude at itude.com
www.itude.com ■ K.v.K. 30146090
On Wed, Jul 27, 2016 at 6:16 PM, Cristan Meijer <c.meijer at itude.com> wrote:
> Het lijkt me slim om dit te beantwoorden en hierin te vermelden de
> foutmelding die jullie nu krijgen.
>
> ---------- Forwarded message ----------
>
> FIWARE.Request.Tech.Security.AuthorizationPDP.Securing verbs via the PEP proxy
> ------------------------------------------------------------------------------
>
> Key: HELP-6964
> URL: https://jira.fiware.org/browse/HELP-6964
> Project: Help-Desk
> Issue Type: extRequest
> Components: FIWARE-TECH-HELP
> Reporter: FW External User
> Assignee: Alvaro Alonso
> Attachments: 2016-09-05 08_57_48.486 21 INFO eventlet.wsgi.txt, Logs IDM_Horizon after creating permission_HTTP.txt rule in IDM, ParseError at _idm_myApplications_fdae7d987c6a435188a2200e31cac4db_edit_roles_.html
>
>
> Hello,
> We would like to secure out ContextBroker so POSTS are allowed, but a
> DELETE isn't. We've asked you about this and you've said we should do the
> following:
> * You can configure as many PEPs as you want. You have only to modify the
> > listening port.
> > * You can configure an AuthZForce in
> > https://github.com/ging/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L629.
> > You only need to configure the URL in which it is listening
> > * To configure PEP to work with AuthZForce you have to use the Level 2 of
> > security. Here you will find tutorials about this:
> > https://edu.fiware.org/course/view.php?id=131
> We've tried this, but we've had the following problems:
> - If we pull the docker image of
> fiware/authzforce-ce-server:release-5.4.0 or release-5.3.0a, the image
> starts, but shuts down after a few seconds after which the logs state that
> tomcat 7 can't be started.
> - When we run fiware/authzforce-ce-server:release-4.4.1b, we get a
> tomcat with no webapp in the webapps directory other than the default
> stuff.
> - Performing a manual installation using this guide
> <http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0a/InstallationAndAdministrationGuide.html#installation>
> will
> have the same result.
> In your previous mail, it is stated that we need AuthZForce. However,
> Keypass seems to do something similar. Can you explain the difference?
> Can you help us with this?
--
This message was sent by Atlassian JIRA
(v6.4.1#64016)
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy