Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:
-
Sender Email:
-
HD-Chapter:Security
-
HD-Enabler:AuthZForce
Description
Hi Fiware team, I'm the CTO of Kuan intelligence. At the stage of our
testing on AuthZForce, we met some problems and hope you could help us with
it. The following content is the problem come from our development team:
-----------------------------------------
Mr Yan Zhang
Chief Technology Officer
Kuan Intelligence Ltd
75 Whitechapel Road,
London, E1 1DU.
Tel: 020 7426 0365
---------- Forwarded message ----------
From: Xibo Wang <paulop5288@gmail.com>
Date: Sun, Mar 13, 2016 at 11:17 PM
Subject: Question about AuthZForce
To: yan.zhang@kuaninc.com
Hi,
I have a bit problem using AuthZForce.
I have a policy set which has specified a resource as target and a
combining algorithm - deny unless permit.
I have a request which doesn't have the same resource, shouldn't it give me
a deny?
I have tried to use a resource name that doesn't match, it returned a
notapplicable. I am really expecting a deny response.
I have attached the policy and the request.
Thanks,
Xibo
ᐧ
Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost.
Please, send your messages using the new domain (Fiware-ceedtech-coaching@lists.fiware.org) instead of the old one.
_______________________________________________
Fiware-ceedtech-coaching mailing list
Fiware-ceedtech-coaching@lists.fiware.org
https://lists.fiware.org/listinfo/fiware-ceedtech-coaching
[Created via e-mail received from: Yan Zhang <yan.zhang@kuaninc.com>]
Issue Links
- relates to
-
HELC-1318
FIWARE.Request.Coach.CEED-Tech.Question about AuthZForce
-
- Closed
-
Activity
Hello,
1) Can you or someone from the JIRA team put the sender's email attachments on this ticket? I am supposed to have two xml files as mentioned in the original email and I can't find any.
2) Which version of Authzforce are you using?
Regards,
Cyril
Hi Cyril,
The two files are available in the parent ticket HELC-1318.
Thanks
BR,
Marco
OK, thanks. So you may answer the second question
Dear Yan,
Can you please specify which version of AuthZForce are you using?
Thanks.
BR,
Marco
Hello,
In the meantime, I looked closely at the xml files, and I realized there were some whitespaces around the string attribute values (to be matched) in your request.xml (bad 
), but there are not in the policy.xml (good 
). Therefore, the resource-id from the request is something like (without the quotes):
"
IdentitySSO
"
... which does not match the value "IdentitySSO" in the policy.xml, therefore the top-level <Target> evaluates to "No Match", and the top-level PolicySet to "NotApplicable". So make sure you format the attribute values in the request.xml like in the policy.xml.
Also, if you want to make sure you never get an unexpected NotApplicable with deny-unless-permit, define a PolicySet with an EMPTY Target (<Target />) at the top level.
Regards,
Cyril
Hi Cyril,
I received no more response from the user, so I assume they fixed the problem.
In any case, I know that this afternoon you're going to have a online session with some of the CEED Tech's teams, so most probably you will meet also the Kuan Intelligence Team (I suppose).
Please, let me know if there will be some additional discussion so, eventually, we will close the tickets.
Thank you very much for your time and effort.
Best regards,
Marco
OK, closing the ticket.
Well, my idea was not to close the ticket right now actually. =]
Anyway, no problem; as I said, most probably you will meet Kuan Team too, so in case they will ask some additional questions directly to you.
Thank you again.
BR,
Marco
Dear Cyril,
Can you please handle this request from Kuan team (CEED Tech)?
Thank you very much for your cooperation.
Best regards,
Marco