[ https://jira.fiware.org/browse/HELP-6964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=54389#comment-54389 ]
Fernando Lopez edited comment on HELP-6964 at 9/24/19 8:43 AM:
---------------------------------------------------------------
Hello,
unfortunately, I cannot reach the usual contacts in the Keyrock team (Alvaro and Frederico) at the moment (probably on leave). Till they get back, I suggest to enable DEBUG logs in Horizon. This is done by changing the _LOGGING_/_handlers_/_console_/_level_ value to _DEBUG_ in the configuration file [local_settings.py|http://fiware-idm.readthedocs.io/en/latest/developer_guide.html#local-settings]:
{code:javascript}
...
LOGGING = {
...
'handlers': {
...
'console': {
# Set the level to "DEBUG" for verbose output logging.
'level': 'DEBUG',
'class': 'logging.StreamHandler',
},
...
{code}
Then uncomment (remove _#_ character) all the lines with {noformat}
LOG.debug(...)
{noformat} in the file _openstack_dashboard/fiware_api/access_control_ge.py_ in order to enable all possible debug messages regarding Keyrock-Authzforce interactions.
Finally, restart Horizon, and check the logs in the console when you try to save rules/permissions in the dashboard again.
According to the code in _openstack_dashboard/fiware_api/access_control_ge.py_, you should see logs like this at least:
{noformat}
Access Control Domain not created, creating it...
...
Domain created: XXXX
...
{noformat}
You may send the logs to us for analysis if necessary. Thanks.
Regards,
Cyril
was (Author: cyril.dangerville):
The issue has been emailed: \\
- Time sent: *18/Aug/16 1:32 AM*
- To: *e.bon at itube.com,cyril.dangerville at thalesgroup.com*
- Cc: *s.vos at itude.com,c.meijer at itude.com,k.patenaude at itude.com,fefernandez at dit.upm.es,c.houtman at itude.com,aalonsog at dit.upm.es *
- with subject: *(HELP-6964) [Fiware-tech-help] Securing verbs via the PEP proxy *
\\
----
Hello,
unfortunately, I cannot reach the usual contacts in the Keyrock team (Alvaro and Frederico) at the moment (probably on leave). Till they get back, I suggest to enable DEBUG logs in Horizon. This is done by changing the _LOGGING_/_handlers_/_console_/_level_ value to _DEBUG_ in the configuration file [local_settings.py|http://fiware-idm.readthedocs.io/en/latest/developer_guide.html#local-settings]:
{code:javascript}
...
LOGGING = {
...
'handlers': {
...
'console': {
# Set the level to "DEBUG" for verbose output logging.
'level': 'DEBUG',
'class': 'logging.StreamHandler',
},
...
{code}
Then uncomment (remove _#_ character) all the lines with {noformat}
LOG.debug(...)
{noformat} in the file _openstack_dashboard/fiware_api/access_control_ge.py_ in order to enable all possible debug messages regarding Keyrock-Authzforce interactions.
Finally, restart Horizon, and check the logs in the console when you try to save rules/permissions in the dashboard again.
According to the code in _openstack_dashboard/fiware_api/access_control_ge.py_, you should see logs like this at least:
{noformat}
Access Control Domain not created, creating it...
...
Domain created: XXXX
...
{noformat}
You may send the logs to us for analysis if necessary. Thanks.
Regards,
Cyril
> FIWARE.Request.Tech.Security.AuthorizationPDP.Securing verbs via the PEP proxy
> ------------------------------------------------------------------------------
>
> Key: HELP-6964
> URL: https://jira.fiware.org/browse/HELP-6964
> Project: Help-Desk
> Issue Type: extRequest
> Components: FIWARE-TECH-HELP
> Reporter: FW External User
> Assignee: Alvaro Alonso
> Attachments: 2016-09-05 08_57_48.486 21 INFO eventlet.wsgi.txt, Logs IDM_Horizon after creating permission_HTTP.txt rule in IDM, ParseError at _idm_myApplications_fdae7d987c6a435188a2200e31cac4db_edit_roles_.html
>
>
> Hello,
> We would like to secure out ContextBroker so POSTS are allowed, but a
> DELETE isn't. We've asked you about this and you've said we should do the
> following:
> * You can configure as many PEPs as you want. You have only to modify the
> > listening port.
> > * You can configure an AuthZForce in
> > https://github.com/ging/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L629.
> > You only need to configure the URL in which it is listening
> > * To configure PEP to work with AuthZForce you have to use the Level 2 of
> > security. Here you will find tutorials about this:
> > https://edu.fiware.org/course/view.php?id=131
> We've tried this, but we've had the following problems:
> - If we pull the docker image of
> fiware/authzforce-ce-server:release-5.4.0 or release-5.3.0a, the image
> starts, but shuts down after a few seconds after which the logs state that
> tomcat 7 can't be started.
> - When we run fiware/authzforce-ce-server:release-4.4.1b, we get a
> tomcat with no webapp in the webapps directory other than the default
> stuff.
> - Performing a manual installation using this guide
> <http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0a/InstallationAndAdministrationGuide.html#installation>
> will
> have the same result.
> In your previous mail, it is stated that we need AuthZForce. However,
> Keypass seems to do something similar. Can you explain the difference?
> Can you help us with this?
--
This message was sent by Atlassian JIRA
(v6.4.1#64016)
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy