[ https://jira.fiware.org/browse/HELP-6964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=53355#comment-53355 ]
Fernando Lopez edited comment on HELP-6964 at 9/24/19 8:39 AM:
---------------------------------------------------------------
I have been informed about your issue installing Authzforce, after Alvaro re-assigned your helpdesk ticket to me.
Could you try installing authzforce-ce-server 5.4.0 by following the latest installation guide?
Link:
http://authzforce-ce-fiware.readthedocs.io/en/release-5.4.0a/
This means using the .deb package (not Docker).
Let me know how it goes.
For the other question regarding Keypass, all I know is what you can find on their github page:
https://github.com/authzforce/server
It is owned by Telefonica (not me/Thales), it is not an official FIWARE GEi since it is not in the FIWARE catalogue. It does not implement the FIWARE Authorization PDP GE API/specification. The features are not much detailed on github, apart from the fact that it provides a multi-tenant REST API to XACML 3.0 PAP/PDP. No info on which part of the XACML Core or which XACML profiles are supported for instance.
On the other hand, Authzforce is the FIWARE Authorization PDP GEri (GE Reference Implementation) and therefore published in the FIWARE catalogue. More info on the FIWARE catalogue:
http://catalogue.fiware.org/enablers/authorization-pdp-authzforce
and on github for the list of features:
https://github.com/authzforce/server
Regards,
Cyril Dangerville, Authorization PDP GE owner
was (Author: cyril.dangerville):
The issue has been emailed: \\
- Time sent: *27/Jul/16 12:25 PM*
- To: *c.meijer at itude.com*
- Cc: *aalonsog at dit.upm.es,babbler at itude.com,c.houtman at itude.com*
- with subject: *[Fiware-tech-help] Securing verbs via the PEP proxy*
\\
----
Dear Mr Meijer,
I have been informed about your issue installing Authzforce, after Alvaro re-assigned your helpdesk ticket to me.
Could you try installing authzforce-ce-server 5.4.0 by following the latest installation guide?
Link:
http://authzforce-ce-fiware.readthedocs.io/en/release-5.4.0a/
This means using the .deb package (not Docker).
Let me know how it goes.
For the other question regarding Keypass, all I know is what you can find on their github page:
https://github.com/authzforce/server
It is owned by Telefonica (not me/Thales), it is not an official FIWARE GEi since it is not in the FIWARE catalogue. It does not implement the FIWARE Authorization PDP GE API/specification. The features are not much detailed on github, apart from the fact that it provides a multi-tenant REST API to XACML 3.0 PAP/PDP. No info on which part of the XACML Core or which XACML profiles are supported for instance.
On the other hand, Authzforce is the FIWARE Authorization PDP GEri (GE Reference Implementation) and therefore published in the FIWARE catalogue. More info on the FIWARE catalogue:
http://catalogue.fiware.org/enablers/authorization-pdp-authzforce
and on github for the list of features:
https://github.com/authzforce/server
Regards,
Cyril Dangerville, Authorization PDP GE owner
> FIWARE.Request.Tech.Security.AuthorizationPDP.Securing verbs via the PEP proxy
> ------------------------------------------------------------------------------
>
> Key: HELP-6964
> URL: https://jira.fiware.org/browse/HELP-6964
> Project: Help-Desk
> Issue Type: extRequest
> Components: FIWARE-TECH-HELP
> Reporter: FW External User
> Assignee: Alvaro Alonso
> Attachments: 2016-09-05 08_57_48.486 21 INFO eventlet.wsgi.txt, Logs IDM_Horizon after creating permission_HTTP.txt rule in IDM, ParseError at _idm_myApplications_fdae7d987c6a435188a2200e31cac4db_edit_roles_.html
>
>
> Hello,
> We would like to secure out ContextBroker so POSTS are allowed, but a
> DELETE isn't. We've asked you about this and you've said we should do the
> following:
> * You can configure as many PEPs as you want. You have only to modify the
> > listening port.
> > * You can configure an AuthZForce in
> > https://github.com/ging/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L629.
> > You only need to configure the URL in which it is listening
> > * To configure PEP to work with AuthZForce you have to use the Level 2 of
> > security. Here you will find tutorials about this:
> > https://edu.fiware.org/course/view.php?id=131
> We've tried this, but we've had the following problems:
> - If we pull the docker image of
> fiware/authzforce-ce-server:release-5.4.0 or release-5.3.0a, the image
> starts, but shuts down after a few seconds after which the logs state that
> tomcat 7 can't be started.
> - When we run fiware/authzforce-ce-server:release-4.4.1b, we get a
> tomcat with no webapp in the webapps directory other than the default
> stuff.
> - Performing a manual installation using this guide
> <http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0a/InstallationAndAdministrationGuide.html#installation>
> will
> have the same result.
> In your previous mail, it is stated that we need AuthZForce. However,
> Keypass seems to do something similar. Can you explain the difference?
> Can you help us with this?
--
This message was sent by Atlassian JIRA
(v6.4.1#64016)
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy