Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-14344

FIWARE.Question.Tech.User not authorized in AZF for the given action and resource.

        Details

          Description

          Created question in FIWARE Q/A platform on 26-06-2018 at 11:06
          Please, ANSWER this question AT https://stackoverflow.com/questions/51039099/user-not-authorized-in-azf-for-the-given-action-and-resource

          Question:
          User not authorized in AZF for the given action and resource

          Description:
          I have issues with pep-proxy and authzforce.

          Authzforce running on docker:release-8.0.1.
          Pep proxy from github, version 5.4/6.2.
          IDM running on docker version 6.2

          So i was able to integrate idm and authzfoce, domain is being created successfully. Roles and permissions are also being created and IDM show no issues or errors on this.

          My setup is 2 users, one user is owner/provider of application and second user is member and have role ( role name Pilot ) with permission to access certain resource.

          Additional info:

          {
          "organizations":[],
          "displayName": "igor",
          "roles":[

          { "name": "Pilot", "id": "04a1d98fc4cb4cf8a16d41090c465734" }

          ],
          "app_id": "b32c080923ab49dcbfaa75402cb8d1bc",
          "isGravatarEnabled": false,
          "email": "igor@patka.rs",
          "id": "igor",
          "app_azf_domain": "LpYVX3hzEeii_gJCrBEAAg"
          }

          So role, domain are created and they exist.

          Then in my application i authorize user successfully by adding them roles...

          Now issue is pep-proxy always showing that user is not authorized for given resource, i looked into logs and what is happening is authzfore response is deny to requests pep is making witch show pep is behaving correctly.

          2018-06-26 00:56:14.077 - INFO: Server - Starting PEP proxy in port 81.
          Keystone authentication ...
          2018-06-26 00:56:14.456 - INFO: Server - Success authenticating PEP proxy.
          Proxy Auth-token: 06b90ad45f5b4c42a21d39a038e8426b
          2018-06-26 00:56:17.416 - INFO: IDM-Client - Checking token with IDM...
          2018-06-26 00:56:17.517 - INFO: AZF-Client - Checking auth with AZF...
          2018-06-26 00:56:17.518 - INFO: AZF-Client - Checking authorization to roles
          [ '04a1d98fc4cb4cf8a16d41090c465734' ] to do GET on version and app
          b32c080923ab49dcbfaa75402cb8d1bc
          2018-06-26 00:56:17.522 - INFO: AZF-Client - Checking auth with AZF...
          2018-06-26 00:56:17.781 - ERROR: Root - User access-token not authorized:
          User not authorized in AZF for the given action and resource

          So my issue and question here is what i missed why authzforce is always responding with deny, even domain is created and all actions with idm where successful.

          I know that older versions could be problem, but latest version of IDM is not working for me with authz, and pep-proxy latest version is not working with older versions of idm (compatible with 7.0) so im in tricky spot here.

          Thanks

            Activity

            Hide
            Permalink
            backlogmanager Backlog Manager added a comment -

            2018-06-26 12:05|CREATED monitor | # answers= 0, accepted answer= False

            Show
            backlogmanager Backlog Manager added a comment - 2018-06-26 12:05|CREATED monitor | # answers= 0, accepted answer= False

              People

              • Assignee:
                aalonsog Alvaro Alonso
                Reporter:
                backlogmanager Backlog Manager
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: