Cyril Dangerville added a comment - 20/May/15 10:26 AM Already answered in April. Mail thread: Hello, As the global instance's API requires client certificate authentication over SSL, first you need to request a valid certificate, i.e. trusted/authorized by the server. In order to do that, please follow the instructions below: 1. Generate an RSA keypair on your side, or use one you already have, and send a CSR (Certificate Signing Request) for it in PKCS#10 format (which is very likely to be the default format of your keypair generation tool) to the administrator (me). For instance, using keytool from the JDK 7 (I have not checked with JDK 6, maybe the command works the same), you can do it with the following commands, and what you send me is the resulting .csr file: Replace "John Doe"/”john.doe” with your actual full name (use the dot character as separator in filenames) everywhere. If this is for an application, i.e. not a human, use preferably a fully qualified domain name identifying the application. $ keytool -genkey -keystore john.doe-taz-client-keystore.jks -alias john.doe-taz-client -keyalg RSA -keysize 2048 -dname "CN=John Doe" Replace “passwordsetpreviously” with the keystore password set in the previous command. $ keytool -certreq -storepass passwordsetpreviously -keystore john.doe-taz-client-keystore.jks -alias john.doe-taz-client > john.doe-taz-client.csr 2. Please also send the first name, last name and email address of the key/certificate owner, or the application owner/admin if this is for an application. In return, I will send you a valid certificate to be used for SSL client authentication to the API, and your API endpoint. Thank you. For your info, the user guide is available here for the version used by the global instance: https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/Access_Control_-_User_and_Programmers_Guide E-learning course: http://edu.fi-ware.org/course/view.php?id=57 Regards, Cyril De : Truong Xuan Khanh khanh85_bk@yahoo.com Envoyé : mercredi 8 avril 2015 11:33 À : DANGERVILLE Cyril Objet : Về: [Fiware-tech-help] Question on PDP Hi, Can you please instruct me to use global instance for PDP ? The purpose I want to use it is I don't expect to build a new server for PDP because we are in researching process. We can invest more for new PDP server in future but we need to pass this researching phase. Thanks ! Vào ngày 23:49 Thứ Tư, 1 tháng 4 2015, DANGERVILLE Cyril đã viết: Hello Truong, Today, if you want the latest version of the API (compliant with XACML 3.0), the only way is to install the reference implementation: https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Authorization_PDP_-_AuthZForce_-_Installation_and_Administration_Guide_%28R4.1%29 More info: http://catalogue.fiware.org/enablers/authorization-pdp-authzforce/documentation As for the global instance, it is still using the old API (XACML 2.0 only). Moreover, it requires authentication with SSL client certificate. So if you want to use it, I will give you instructions to get a valid certificate authorized by server, in order to access the API. I prefer to make you aware. So please tell me which option you prefer. I recommend not using the global instance if you start from scratch. Regards, Cyril De : Truong Xuan Khanh Envoyé : vendredi 27 mars 2015 03:30 À : DANGERVILLE Cyril Objet : Về: [Fiware-tech-help] Question on PDP Hi, Sorry maybe I used global instance for IDM. Can you please tell me how I can use global instance for Authzforce PDP ? Thanks ! Vào ngày 23:33 Thứ Năm, 26 tháng 3 2015, DANGERVILLE Cyril đã viết: Hello Truong, Could you tell me where/how you got this URL , please? http://cloud.lab.fiware.org:4731/ I have no Authzforce PDP instance available at this URL (to my knowledge), and the curl request you mentioned does not correspond to the PDP API. Are you sure that you are not making a confusion with another GE? Regards, Cyril