Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
HD-Chapter:Security
-
HD-Enabler:AuthZForce
Description
Hello,
We would like to secure out ContextBroker so POSTS are allowed, but a
DELETE isn't. We've asked you about this and you've said we should do the
following:
- You can configure as many PEPs as you want. You have only to modify the
> listening port.
> * You can configure an AuthZForce in
> https://github.com/ging/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L629.
> You only need to configure the URL in which it is listening
> * To configure PEP to work with AuthZForce you have to use the Level 2 of
> security. Here you will find tutorials about this:
> https://edu.fiware.org/course/view.php?id=131
We've tried this, but we've had the following problems:
- If we pull the docker image of
fiware/authzforce-ce-server:release-5.4.0 or release-5.3.0a, the image
starts, but shuts down after a few seconds after which the logs state that
tomcat 7 can't be started. - When we run fiware/authzforce-ce-server:release-4.4.1b, we get a
tomcat with no webapp in the webapps directory other than the default
stuff. - Performing a manual installation using this guide
<http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0a/InstallationAndAdministrationGuide.html#installation>
will
have the same result.
In your previous mail, it is stated that we need AuthZForce. However,
Keypass seems to do something similar. Can you explain the difference?
Can you help us with this?
Activity
| Field | Original Value | New Value |
|---|---|---|
| Component/s | FIWARE-TECH-HELP [ 10278 ] |
| HD-Enabler | Unknown [ 10910 ] | |
| HD-Chapter | Unknown [ 10845 ] | |
| HD-Node | Unknown [ 10852 ] |
| HD-Enabler | Unknown [ 10910 ] | Wilma [ 10890 ] |
| HD-Chapter | Unknown [ 10845 ] | Security [ 10841 ] |
| Assignee | Alvaro Alonso [ aalonsog ] |
| Sender Email | c.meijer@itude.com | c.meijer@itude.com,c.houtman@itude.com |
| Attachment | PastedGraphic-2.png [ 27423 ] | |
| Attachment | PastedGraphic-2.png [ 27424 ] |
| Assignee | Alvaro Alonso [ aalonsog ] | Cyril Dangerville [ cyril.dangerville ] |
| External Participants | babbler@itude.com | c.meijer@itude.com,babbler@itude.com |
| Sender Email | c.meijer@itude.com,c.houtman@itude.com | c.meijer@itude.com,c.houtman@itude.com,aalonsog@dit.upm.es |
| HD-Enabler | Wilma [ 10890 ] | AuthZForce [ 10887 ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Status | In Progress [ 3 ] | Answered [ 10104 ] |
| Attachment | PastedGraphic-2.png [ 27442 ] | |
| Attachment | ParseError at _idm_myApplications_fdae7d987c6a435188a2200e31cac4db_edit_roles_.html [ 27443 ] |
| Attachment | PastedGraphic-2.png [ 27751 ] |
| Attachment | PastedGraphic-2.png [ 27777 ] |
| Attachment | PastedGraphic-2.png [ 27822 ] |
| Attachment | PastedGraphic-2.png [ 27855 ] |
| Assignee | Cyril Dangerville [ cyril.dangerville ] | Alvaro Alonso [ aalonsog ] |
| Attachment | PastedGraphic-2.png [ 27923 ] | |
| Attachment | 2016-09-05 08_57_48.486 21 INFO eventlet.wsgi.txt [ 27924 ] |
| Resolution | Done [ 10000 ] | |
| Status | Answered [ 10104 ] | Closed [ 6 ] |
| Summary | [Fiware-tech-help] Securing verbs via the PEP proxy | FIWARE.Request.Tech.Security.AuthorizationPDP.Securing verbs via the PEP proxy |
| HD-Node | Unknown [ 10852 ] |
| Attachment | PastedGraphic-2.png [ 28023 ] |
| Attachment | Logs IDM_Horizon after creating permission_HTTP.txt rule in IDM [ 28043 ] |
| Attachment | image001_01D21293559CAF30.png [ 28045 ] |
| Attachment | PastedGraphic-2.png [ 28235 ] |
| Description |
Hello, We would like to secure out ContextBroker so POSTS are allowed, but a DELETE isn't. We've asked you about this and you've said we should do the following: * You can configure as many PEPs as you want. You have only to modify the > listening port. > * You can configure an AuthZForce in > https://github.com/ging/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L629. > You only need to configure the URL in which it is listening > * To configure PEP to work with AuthZForce you have to use the Level 2 of > security. Here you will find tutorials about this: > https://edu.fiware.org/course/view.php?id=131 We've tried this, but we've had the following problems: - If we pull the docker image of fiware/authzforce-ce-server:release-5.4.0 or release-5.3.0a, the image starts, but shuts down after a few seconds after which the logs state that tomcat 7 can't be started. - When we run fiware/authzforce-ce-server:release-4.4.1b, we get a tomcat with no webapp in the webapps directory other than the default stuff. - Performing a manual installation using this guide <http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0a/InstallationAndAdministrationGuide.html#installation> will have the same result. In your previous mail, it is stated that we need AuthZForce. However, Keypass seems to do something similar. Can you explain the difference? Can you help us with this? -- *Cristan Meijer* Software engineer Lageweg 2 3703 CA Zeist ■ *mob *+31(0) 6 45 372 363 ■ *tel* +31(0)30 699 70 20 ■ *mail* c.meijer@itude.com www.itude.com ■ K.v.K. 30146090 _____________________________________________________________________________ ****Op deze mail is een disclaimer van toepassing. De inhoud daarvan is te lezen op onze website**** Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost. Please, send your messages using the new domain (Fiware-tech-help@lists.fiware.org) instead of the old one. _______________________________________________ Fiware-tech-help mailing list Fiware-tech-help@lists.fiware.org https://lists.fiware.org/listinfo/fiware-tech-help [Created via e-mail received from: Cristan Meijer <c.meijer@itude.com>] |
Hello,
We would like to secure out ContextBroker so POSTS are allowed, but a DELETE isn't. We've asked you about this and you've said we should do the following: * You can configure as many PEPs as you want. You have only to modify the > listening port. > * You can configure an AuthZForce in > https://github.com/ging/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L629. > You only need to configure the URL in which it is listening > * To configure PEP to work with AuthZForce you have to use the Level 2 of > security. Here you will find tutorials about this: > https://edu.fiware.org/course/view.php?id=131 We've tried this, but we've had the following problems: - If we pull the docker image of fiware/authzforce-ce-server:release-5.4.0 or release-5.3.0a, the image starts, but shuts down after a few seconds after which the logs state that tomcat 7 can't be started. - When we run fiware/authzforce-ce-server:release-4.4.1b, we get a tomcat with no webapp in the webapps directory other than the default stuff. - Performing a manual installation using this guide <http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0a/InstallationAndAdministrationGuide.html#installation> will have the same result. In your previous mail, it is stated that we need AuthZForce. However, Keypass seems to do something similar. Can you explain the difference? Can you help us with this? -- ***** Lageweg 2 3703 CA Zeist ■ *mob *+31(0) 6 45 372 363 ■ *tel* +31(0)30 699 70 20 ■ *mail* ***** www.itude.com ■ K.v.K. 30146090 _____________________________________________________________________________ ****Op deze mail is een disclaimer van toepassing. De inhoud daarvan is te lezen op onze website**** Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost. Please, send your messages using the new domain (Fiware-tech-help@lists.fiware.org) instead of the old one. _______________________________________________ Fiware-tech-help mailing list Fiware-tech-help@lists.fiware.org https://lists.fiware.org/listinfo/fiware-tech-help |
| Attachment | PastedGraphic-2.png [ 28023 ] |
| Attachment | PastedGraphic-2.png [ 28235 ] |
| Attachment | PastedGraphic-2.png [ 27923 ] |
| Attachment | PastedGraphic-2.png [ 27855 ] |
| Attachment | PastedGraphic-2.png [ 27822 ] |
| Attachment | PastedGraphic-2.png [ 27777 ] |
| Attachment | PastedGraphic-2.png [ 27751 ] |
| Attachment | PastedGraphic-2.png [ 27442 ] |
| Attachment | PastedGraphic-2.png [ 27424 ] |
| Attachment | PastedGraphic-2.png [ 27423 ] |
| Attachment | PastedGraphic-2.png [ 27413 ] |
| Attachment | image001_01D21293559CAF30.png [ 28045 ] |
| Description |
Hello,
We would like to secure out ContextBroker so POSTS are allowed, but a DELETE isn't. We've asked you about this and you've said we should do the following: * You can configure as many PEPs as you want. You have only to modify the > listening port. > * You can configure an AuthZForce in > https://github.com/ging/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L629. > You only need to configure the URL in which it is listening > * To configure PEP to work with AuthZForce you have to use the Level 2 of > security. Here you will find tutorials about this: > https://edu.fiware.org/course/view.php?id=131 We've tried this, but we've had the following problems: - If we pull the docker image of fiware/authzforce-ce-server:release-5.4.0 or release-5.3.0a, the image starts, but shuts down after a few seconds after which the logs state that tomcat 7 can't be started. - When we run fiware/authzforce-ce-server:release-4.4.1b, we get a tomcat with no webapp in the webapps directory other than the default stuff. - Performing a manual installation using this guide <http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0a/InstallationAndAdministrationGuide.html#installation> will have the same result. In your previous mail, it is stated that we need AuthZForce. However, Keypass seems to do something similar. Can you explain the difference? Can you help us with this? -- ***** Lageweg 2 3703 CA Zeist ■ *mob *+31(0) 6 45 372 363 ■ *tel* +31(0)30 699 70 20 ■ *mail* ***** www.itude.com ■ K.v.K. 30146090 _____________________________________________________________________________ ****Op deze mail is een disclaimer van toepassing. De inhoud daarvan is te lezen op onze website**** Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost. Please, send your messages using the new domain (Fiware-tech-help@lists.fiware.org) instead of the old one. _______________________________________________ Fiware-tech-help mailing list Fiware-tech-help@lists.fiware.org https://lists.fiware.org/listinfo/fiware-tech-help |
Hello,
We would like to secure out ContextBroker so POSTS are allowed, but a DELETE isn't. We've asked you about this and you've said we should do the following: * You can configure as many PEPs as you want. You have only to modify the > listening port. > * You can configure an AuthZForce in > https://github.com/ging/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L629. > You only need to configure the URL in which it is listening > * To configure PEP to work with AuthZForce you have to use the Level 2 of > security. Here you will find tutorials about this: > https://edu.fiware.org/course/view.php?id=131 We've tried this, but we've had the following problems: - If we pull the docker image of fiware/authzforce-ce-server:release-5.4.0 or release-5.3.0a, the image starts, but shuts down after a few seconds after which the logs state that tomcat 7 can't be started. - When we run fiware/authzforce-ce-server:release-4.4.1b, we get a tomcat with no webapp in the webapps directory other than the default stuff. - Performing a manual installation using this guide <http://authzforce-ce-fiware.readthedocs.io/en/release-5.3.0a/InstallationAndAdministrationGuide.html#installation> will have the same result. In your previous mail, it is stated that we need AuthZForce. However, Keypass seems to do something similar. Can you explain the difference? Can you help us with this? |
| Fix Version/s | 2021 [ 12600 ] |