Created question in FIWARE Q/A platform on 11-02-2016 at 18:02
Please, ANSWER this question AT https://ask.fiware.org/question/381/how-to-configure-keyrock-to-access-a-restful-api-behind-wilma-proxy/

Question:
How to configure Keyrock to access a Restful API behind Wilma Proxy

Description:
Hi, I'm developing an authentication/authorization scheme based on 3 Fiware Enablers: Keyrock IdM (v5.1.0), Wilma PEP Proxy (v4.4.1), AuthZForce (v4.4.1a). I'm using this scheme to protect another Fiware Enabler: POI Data Provider.

I configured the components in order to allow a client to access a resource on the POI Data provider, sending a Restful http request to PEP Proxy that: verify the client's token; check his authorization to access the resource against AuthZForce and redirects the client to the resource if AuthZForce permit it.

For example, if I want to access myResource on myMachine I have to send the following requst to myProxyMachine:

curl -H "X-Auth-Token: mytoken" -X GET "http://myProxyMachine:80/myResource"

It works fine as PEP Proxy redirects me to myResource on myMachine.

But if I want to do a Restful request, with multiple parameters, for example:

curl -H "X-Auth-Token: mytoken" -X GET "http://myProxyMachine:80/myResource?param1=1&param2=2"

It doesn't work as AuthZForce deny the access to the resource.

I think this is caused by Keyrock, because I created a permission for the client to do a GET on myResource, but this is not enough, because the URL of the request have other parameters and doesn't match with the rule.
As the client can do multiple different requests, based on the parameters I just can't create multiple permissions on Keyrock.

So, can anyone suggest how to create a permission on Keyrock to allow a client to GET myResource not regarding the other parameters? I didn't find how to achieve this in the documentation.

Thanks in advance, Michele.