Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
Sender Email:
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
Hi,
I'm trying to use the IdM.KeyRock - AuthZForce - PEP.Proxy trinity.
My application is registered in the IdM.KeyRock and already has the
authorization constricts for the users, using organizations and (HTTP VERB
+ RESOURCE) roles.
My (mobile) application is already developed and already successfully
implements the Oauth2 protocol. Meaning I am able to authenticate a user
and get his information from the IdM.KeyRock using the access token alone.
My main problem is the PEP.Proxy configuration (This PEP.Proxy is on top of
the Orion Context Broker). Supposedly, the endpoints of the IdM.KeyRock and
AuthZForce should be configured, but I can't find any reference to what the
endpoint of IdM's integrated AuthZForce is. This is my config.js file so
far, the red is where my problem lies:
var config = {};
config.resource = {
original:
,
proxy:
};
config.access = {
protocol: 'http',
host: 'localhost',
port: 7000,
path: '/validate'
}
config.authentication = {
protocol: 'https',
host: 'account.lab.fiware.org',
port: 443,
path: '/user'
}
config.ssl = {
active: false,
certFile: ''
}
config.logLevel = 'FATAL';
config.middlewares = {
require: 'lib/services/orionPlugin',
functions: [
'extractCBAction'
]
};
config.componentName = 'contextbroker';
module.exports = config;
My second problem has to do with the actual information retrieved from the
IdM:
https://account.lab.fiware.org:443/user?access_token=xxXXxxXXxxXX
Let's suppose I asked for the information above and I got the following
response:
{
organizations:
[
0]
displayName: "JohnDoe"
roles:
[
0]
app_id: "33da9471ceXXXXXX5d8b0849f5a64ba"
email: "johndoe@domain.com"
id: "johndoe"
}
it says the user has no organizations, however, I actually added this
specific person to an organization (see attachment - printscreen of Account
Lab while Log'ed In with the example user johndoe@domain.com).
What am I doing wrong? Is this something to do with domains and services? I
just want to use what I configured in the Account Portal (applications,
organizations and users).
Best Regards,
–
[image: Inline image 1]
Pedro GonçalvesResearch Software EngineerPLUX - Wireless Biosignals, S.A.
Headquarters
*Zona Industrial das Corredouras, Lt. 14 - 1º2630-369 Arruda dos
VinhosPortugalT: +351 263 978 572*
Lisbon Office
Av. 5 de Outubro, 70 - 8º
1050-059 Lisboa
Portugal
T: +351 211 956 542
T: +351 211 956 546
F: +351 211 956 531
W: www.plux.info
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-lab-help
[Created via e-mail received from: =?UTF-8?Q?Pedro_Gon=C3=A7alves?= <pgoncalves@plux.info>]
Activity
| Fix Version/s | 2021 [ 12600 ] |
| HD-Enabler | KeyRock [ 10889 ] | |
| HD-Chapter | Security [ 10841 ] |
| Sender Email | pgoncalves@plux.info |
| Summary | FIWARE.Request.Lab.Security.IDM-KeyRock.FiwareIdM | FIWARE.Request.Tech.Security.IDM-KeyRock.FiwareIdM |
| Component/s | FIWARE-TECH-HELP [ 10278 ] | |
| Component/s | FIWARE-LAB-HELP [ 10279 ] |
| Summary | FIWARE.Request.Lab.IDM-KeyRock.FiwareIdM | FIWARE.Request.Lab.Security.IDM-KeyRock.FiwareIdM |
| Summary | FIWARE.Request.Lab.Fiware IdM | FIWARE.Request.Lab.IDM-KeyRock.FiwareIdM |
| Summary | [Fiware-lab-help] Fiware IdM | FIWARE.Request.Lab.Fiware IdM |
| Attachment | image.png [ 17083 ] | |
| Attachment | application.JPG [ 17084 ] |
| Resolution | Done [ 10000 ] | |
| Status | Answered [ 10104 ] | Closed [ 6 ] |
| Status | In Progress [ 3 ] | Answered [ 10104 ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Attachment | logo Ambiente_foglia2.jpg [ 17074 ] |
| Component/s | FIWARE-LAB-HELP [ 10279 ] |
| Attachment | image001.png [ 17073 ] | |
| Attachment | logo Ambiente_foglia2.jpg [ 17074 ] |
| Field | Original Value | New Value |
|---|---|---|
| Assignee | Alvaro Alonso [ aalonsog ] |