Created question in FIWARE Q/A platform on 06-04-2018 at 05:04
Please, ANSWER this question AT https://stackoverflow.com/questions/49684767/fiware-configure-authzforce-with-pep-proxy

Question:
Fiware - Configure AuthZForce with PEP Proxy

Description:
I deployed Orion, Cygnus, Keyrock and PEP proxy using docker compose as you can see on the repository. But the security level implemented is not the desired.

keystone_url = "http://localhost:5000"
keyrock_url = "http://localhost:8000"
orion = "http://localhost"

def test_authzforce(create=0,usuario="idm",nombre="",password="idm",correo=""):
if(create != 0):
ktoken=get_token(keystone_url)
create_user(keystone_url, ktoken,usuario,nombre,password,correo)
token = get_access_token(keyrock_url,usuario,password)
entities = get_all_entities(orion,token)
print("""
user:\t\t{}
token:\t\t{}
result:\t\t{}
""".format(usuario,token,entities))

test_authzforce()
test_authzforce(1,"test1","test1","test1","tes1t@test.com")

using this Python package, in the first call of the function, it uses the admin user to get the token, getting all the entities on Orion later. But in the second call the functions creates a new user without any authorization in the keyrock application and despite this can get the entities.

user: idm
token: ggeWahMo3x7gV7IAkg3hzzoRshEd6Y
result: []

user: test1
token: zDTCiE7GkEFujQSGRjYs76SqL6hkad
result: []

[Finished in 2.1s]

Then, trying to implement Authzforce on this docker compose file, got this results,Without giving access permissions to the same administrator:

user: idm
token: DZKTmiV289FPclWKwceiTi7JhvuIUq
result: User token not authorized

user: test1
token: nPH8fdLQeDdJg6Bi1riJfRYybqITud
result: User token not authorized

[Finished in 2.0s]

And this error on console

here you have all my authzforce configurations:

Local_Settings GE Access control

Pep proxy configuration

azj.js cast recomended on the issue on link 8

Issue 36 pep proxy ()