Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
Sender Email:
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
Hi,
I'm trying to use the IdM.KeyRock - AuthZForce - PEP.Proxy trinity.
My application is registered in the IdM.KeyRock and already has the
authorization constricts for the users, using organizations and (HTTP VERB
+ RESOURCE) roles.
My (mobile) application is already developed and already successfully
implements the Oauth2 protocol. Meaning I am able to authenticate a user
and get his information from the IdM.KeyRock using the access token alone.
My main problem is the PEP.Proxy configuration (This PEP.Proxy is on top of
the Orion Context Broker). Supposedly, the endpoints of the IdM.KeyRock and
AuthZForce should be configured, but I can't find any reference to what the
endpoint of IdM's integrated AuthZForce is. This is my config.js file so
far, the red is where my problem lies:
var config = {};
config.resource = {
original:
,
proxy:
};
config.access = {
protocol: 'http',
host: 'localhost',
port: 7000,
path: '/validate'
}
config.authentication = {
protocol: 'https',
host: 'account.lab.fiware.org',
port: 443,
path: '/user'
}
config.ssl = {
active: false,
certFile: ''
}
config.logLevel = 'FATAL';
config.middlewares = {
require: 'lib/services/orionPlugin',
functions: [
'extractCBAction'
]
};
config.componentName = 'contextbroker';
module.exports = config;
My second problem has to do with the actual information retrieved from the
IdM:
https://account.lab.fiware.org:443/user?access_token=xxXXxxXXxxXX
Let's suppose I asked for the information above and I got the following
response:
{
organizations:
[
0]
displayName: "JohnDoe"
roles:
[
0]
app_id: "33da9471ceXXXXXX5d8b0849f5a64ba"
email: "johndoe@domain.com"
id: "johndoe"
}
it says the user has no organizations, however, I actually added this
specific person to an organization (see attachment - printscreen of Account
Lab while Log'ed In with the example user johndoe@domain.com).
What am I doing wrong? Is this something to do with domains and services? I
just want to use what I configured in the Account Portal (applications,
organizations and users).
Best Regards,
–
[image: Inline image 1]
Pedro GonçalvesResearch Software EngineerPLUX - Wireless Biosignals, S.A.
Headquarters
*Zona Industrial das Corredouras, Lt. 14 - 1º2630-369 Arruda dos
VinhosPortugalT: +351 263 978 572*
Lisbon Office
Av. 5 de Outubro, 70 - 8º
1050-059 Lisboa
Portugal
T: +351 211 956 542
T: +351 211 956 546
F: +351 211 956 531
W: www.plux.info
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-lab-help
[Created via e-mail received from: =?UTF-8?Q?Pedro_Gon=C3=A7alves?= <pgoncalves@plux.info>]
Activity
Hi,
I do know I need to have the endpoints configured. What I asked in the
e-mail was exactly that: what are the endpoints, I don't fine them
anywhere. And no, the ones in the template don't work.
"Supposedly, the endpoints of the IdM.KeyRock and
AuthZForce should be configured, but I can't find any reference to what the
endpoint of IdM's integrated AuthZForce is."
Regarding the response of the IdM, the user was already inside of an
organization which was allowed in the application, yes. Here's another
printscreen.
On Thu, Jul 9, 2015 at 11:38 AM, Help-Desk <jira-help-desk@fi-ware.org>
–
[image: Inline image 1]
Pedro GonçalvesResearch Software EngineerPLUX - Wireless Biosignals, S.A.
Headquarters
*Zona Industrial das Corredouras, Lt. 14 - 1º2630-369 Arruda dos
VinhosPortugalT: +351 263 978 572*
Lisbon Office
Av. 5 de Outubro, 70 - 8º
1050-059 Lisboa
Portugal
T: +351 211 956 542
T: +351 211 956 546
F: +351 211 956 531
W: www.plux.info
Hi,
the correct endpoints are the ones configured in the template.
What error are you getting?
BR
–
Álvaro
Dear Pedro,
I have just forwarded your requests to the second level support in order to solve your issues.
Best regards
Marco
Da: fiware-lab-help-bounces@lists.fi-ware.org fiware-lab-help-bounces@lists.fi-ware.org
Per conto di Pedro Gonçalves
Inviato: mercoledì 8 luglio 2015 10:33
A: fiware-lab-help@lists.fi-ware.org
Cc: Gregory Stern; Hugo Silva
Oggetto: [Fiware-lab-help] Fiware IdM
Hi,
I'm trying to use the IdM.KeyRock - AuthZForce - PEP.Proxy trinity.
My application is registered in the IdM.KeyRock and already has the authorization constricts for the users, using organizations and (HTTP VERB + RESOURCE) roles.
My (mobile) application is already developed and already successfully implements the Oauth2 protocol. Meaning I am able to authenticate a user and get his information from the IdM.KeyRock using the access token alone.
My main problem is the PEP.Proxy configuration (This PEP.Proxy is on top of the Orion Context Broker). Supposedly, the endpoints of the IdM.KeyRock and AuthZForce should be configured, but I can't find any reference to what the endpoint of IdM's integrated AuthZForce is. This is my config.js file so far, the red is where my problem lies:
var config = {};
config.resource = {
{ host: 'localhost', port: 1026 }original:
,
{ port: 10026 }proxy:
};
config.access = {
protocol: 'http',
host: 'localhost',
port: 7000,
path: '/validate'
}
config.authentication = {
protocol: 'https',
host: 'account.lab.fiware.org<http://account.lab.fiware.org>',
port: 443,
path: '/user'
}
config.ssl = {
active: false,
certFile: ''
}
config.logLevel = 'FATAL';
config.middlewares = {
require: 'lib/services/orionPlugin',
functions: [
'extractCBAction'
]
};
config.componentName = 'contextbroker';
module.exports = config;
My second problem has to do with the actual information retrieved from the IdM:
https://account.lab.fiware.org:443/user?access_token=xxXXxxXXxxXX
Let's suppose I asked for the information above and I got the following response:
{
>"
organizations:
[
0]
displayName: "JohnDoe"
roles:
[
0]
app_id: "33da9471ceXXXXXX5d8b0849f5a64ba"
email: "johndoe@domain.com<johndoe@domain.com
id: "johndoe"
}
it says the user has no organizations, however, I actually added this specific person to an organization (see attachment - printscreen of Account Lab while Log'ed In with the example user johndoe@domain.com<johndoe@domain.com
>).
What am I doing wrong? Is this something to do with domains and services? I just want to use what I configured in the Account Portal (applications, organizations and users).
Best Regards,
–
[Inline image 1]
Pedro Gonçalves
Research Software Engineer
PLUX - Wireless Biosignals, S.A.
Headquarters
Zona Industrial das Corredouras, Lt. 14 - 1º
2630-369 Arruda dos Vinhos
Portugal
T: +351 263 978 572
Lisbon Office
Av. 5 de Outubro, 70 - 8º
1050-059 Lisboa
Portugal
T: +351 211 956 542
T: +351 211 956 546
F: +351 211 956 531
W: www.plux.info<http://www.plux.info/>
Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie.
This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message and any attachments and advise the sender by return e-mail, Thanks.
[rispetta l'ambiente]Rispetta l'ambiente. Non stampare questa mail se non è necessario.