Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
HD-Chapter:Security
-
HD-Enabler:Wilma
Description
Created question in FIWARE Q/A platform on 12-11-2015 at 17:11
Please, ANSWER this question AT http://stackoverflow.com/questions/33676409/fiware-setting-up-authzforce-with-idm-and-pep-proxy
Question:
Fiware: Setting up AuthZForce with idm and pep proxy
Description:
I have configured PEP proxy GE and IDM GE, and now Basic authentication works great.
Now i want to set up Level 2:Basic authorization system with http verb and resource path checking, and for that i need AuthZForce GE.
I installed AuthZForce on same server as IDM, created default domain on authZforce with id 562285a1-8950-11e5-980f-6bf3c4dac98a and configured
pep proxy config.js file
config.pep_port = 80;
config.account_host = 'https://192.168.4.180';
config.keystone_host = '192.168.4.180';
config.keystone_port = 5000;
config.app_host = 'localhost';
config.app_port = '8000';
config.azf = {
enabled: true,
host: '192.168.4.180',
port: 8080,
path: '/authzforce/domains/562285a1-8950-11e5-980f-6bf3c4dac98a/pdp'
};
And now when i try to access to some page via curl:
sudo curl -H "X-Auth-Token: vPTru5ikuyLcxf6ujV23V3l4GFNpF5" http://localhost/home/login/
I get this error in the client:
Error in AZF communication
And this error on pep proxy:
2015-11-12 17:09:13.040 - INFO: IDM-Client - Checking token with IDM...
2015-11-12 17:09:13.086 - INFO: AZF-Client - Checking auth with AZF...
2015-11-12 17:09:13.087 - INFO: AZF-Client - Checking authorization to roles [ '4806909eb4b646c7a1f11ad9f9ed53ed',
'09dc1bdba42c48de9e15e88816284cbc',
'5786623590bc4f3ab01c61733a13ee6d',
'e3fe52a0c6c34fe395bb087f42d1cc72',
'44151592f3814929a59d1c1e7022a0bb' ] to do GET on home/login/
and app aea8f4a70b87422cb48068db9f0c6aea
2015-11-12 17:09:13.117 - ERROR: Root - Error in AZF communication
Error: 139773139036032:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:
unknown protocol:s23_clnt.c:795:
PEP Proxy is running on port 80
and IDM is running on 443 port.
What could be a problem?
Should all these services be delivered via https or is that irrelevant?
Activity
| Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
|---|---|---|---|---|---|---|---|---|---|
|
18h 4m | 1 | Alvaro Alonso | 13/Nov/15 12:08 PM | |||||
|
1s | 1 | Alvaro Alonso | 13/Nov/15 12:08 PM | |||||
|
10s | 1 | Alvaro Alonso | 13/Nov/15 12:08 PM |
| Fix Version/s | 2021 [ 12600 ] |
| Summary | FIWARE.Request.Tech.Security.PEP-Proxy.Setting up AuthZForce with idm and pep proxy | FIWARE.Question.Tech.Security.PEP-Proxy.Security.PEP-Proxy.Setting up AuthZForce with idm and pep proxy |
| HD-Enabler | Wilma [ 10890 ] | |
| HD-Chapter | Security [ 10841 ] |
| Summary | FIWARE.Request.Lab.Security.PEP-Proxy.Setting up AuthZForce with idm and pep proxy | FIWARE.Request.Tech.Security.PEP-Proxy.Setting up AuthZForce with idm and pep proxy |
| Summary | [fiware-stackoverflow] Fiware: Setting up AuthZForce with idm and pep proxy | FIWARE.Request.Lab.Security.PEP-Proxy.Setting up AuthZForce with idm and pep proxy |
| Resolution | Done [ 10000 ] | |
| Status | Answered [ 10104 ] | Closed [ 6 ] |
| Status | In Progress [ 3 ] | Answered [ 10104 ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Assignee | Cyril Dangerville [ cyril.dangerville ] | Alvaro Alonso [ aalonsog ] |
| Assignee | Cyril Dangerville [ cyril.dangerville ] |
| Field | Original Value | New Value |
|---|---|---|
| Component/s | FIWARE-TECH-HELP [ 10278 ] |
2015-11-12 18:05|CREATED monitor | # answers= 0, accepted answer= False
The error is logged by the PEP proxy, so re-assigning the ticket to the PEP owner for him to troubleshoot.