Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
Created question in FIWARE Q/A platform on 29-03-2017 at 22:03
Please, ANSWER this question AT http://stackoverflow.com/questions/43103151/how-does-roles-work-in-keyrock
Question:
How does roles work in Keyrock?
Description:
I want to know how the role based authorization works in FIWARE Keyrock. I have tested a scenario where a user A registers an application appA in Keyrock. The user B that is not on the authorized list for application appA can request a token for another application (appB, for example) and successfully access the appA with the token obtained from appB.
Another test performed was to include user A in the authorized list for appA, but with a role that has no permissions. Again, the user A gets access to appA with credentials from another application.
Can anyone explain me how this work, if it really work?
Activity
| Field | Original Value | New Value |
|---|---|---|
| Component/s | FIWARE-TECH-HELP [ 10278 ] |
| HD-Enabler | KeyRock [ 10889 ] | |
| Description |
Created question in FIWARE Q/A platform on 29-03-2017 at 22:03 {color: red}Please, ANSWER this question AT{color} http://stackoverflow.com/questions/43103151/how-does-roles-work-in-keyrock +Question:+ How does roles work in Keyrock? +Description:+ I want to know how the role based authorization works in FIWARE Keyrock. I have tested a scenario where a user A registers an application appA in Keyrock. The user B that is not on the authorized list for application appA can request a token for another application (appB, for example) and successfully access the appA with the token obtained from appB. Another test performed was to include user A in the authorized list for appA, but with a role that has no permissions. Again, the user A gets access to appA with credentials from another application. Can anyone explain me how this work, if it really work? |
Created question in FIWARE Q/A platform on 29-03-2017 at 22:03
{color: red}Please, ANSWER this question AT{color} http://stackoverflow.com/questions/43103151/how-does-roles-work-in-keyrock +Question:+ How does roles work in Keyrock? +Description:+ I want to know how the role based authorization works in FIWARE Keyrock. I have tested a scenario where a user A registers an application appA in Keyrock. The user B that is not on the authorized list for application appA can request a token for another application (appB, for example) and successfully access the appA with the token obtained from appB. Another test performed was to include user A in the authorized list for appA, but with a role that has no permissions. Again, the user A gets access to appA with credentials from another application. Can anyone explain me how this work, if it really work? |
| HD-Chapter | Security [ 10841 ] |
| Assignee | Alvaro Alonso [ aalonsog ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Status | In Progress [ 3 ] | Answered [ 10104 ] |
| Resolution | Done [ 10000 ] | |
| Status | Answered [ 10104 ] | Closed [ 6 ] |
| Fix Version/s | 2021 [ 12600 ] |
| Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
|---|---|---|---|---|---|---|---|---|---|
|
4d 14h 24m | 1 | Alvaro Alonso | 03/Apr/17 2:29 PM | |||||
|
2s | 1 | Alvaro Alonso | 03/Apr/17 2:29 PM | |||||
|
1 | Alvaro Alonso | 03/Apr/17 2:29 PM |
2017-03-30 00:05|CREATED monitor | # answers= 0, accepted answer= False