Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
HD-Chapter:Security
-
HD-Enabler:AuthZForce
Description
Created question in FIWARE Q/A platform on 07-05-2017 at 22:05
Please, ANSWER this question AT http://stackoverflow.com/questions/43836571/authzforce-failed-update-policies
Question:
AuthzForce failed update policies
Description:
I'm assigning permission (only access to /resource1) to a role.
However Keyrock said 'Failed to update policies in Access Control GE'.
So, even I request the resource2 (not resource1) with an access token that has the permission that can access resource1 only, AuthzForce permit the access because policies are not updated (it might be other problem).
The question is why authzforce cannot update policy?
Now, I successfully linked permission to the role (except failing policy update), and I assigned the role to the user. Then I double checked configurations of Keyrock and AuthzForce. They are connected well I think.
Error msg of Keyrock
What makes I think AuthzForce working well (this is the Wilma's successful log when I send a access request to Wilma with the access token)
Please refer above images and below configuretion of Keyrock.
// 'local_settings.py' in Keyrock
ACCESS_CONTROL_URL = 'http://127.0.0.1:8080'
ACCESS_CONTROL_MAGIC_KEY = 'abcdefghijkmn'
Activity
| Field | Original Value | New Value |
|---|---|---|
| Component/s | FIWARE-TECH-HELP [ 10278 ] |
| Assignee | Cyril Dangerville [ cyril.dangerville ] |
| HD-Enabler | AuthZForce [ 10887 ] | |
| Description |
Created question in FIWARE Q/A platform on 07-05-2017 at 22:05 {color: red}Please, ANSWER this question AT{color} http://stackoverflow.com/questions/43836571/authzforce-failed-update-policies +Question:+ AuthzForce failed update policies +Description:+ I'm assigning permission (only access to /resource1) to a role. However Keyrock said 'Failed to update policies in Access Control GE'. So, even I request the resource2 (not resource1) with an access token that has the permission that can access resource1 only, AuthzForce permit the access because policies are not updated (it might be other problem). The question is why authzforce cannot update policy? Now, I successfully linked permission to the role (except failing policy update), and I assigned the role to the user. Then I double checked configurations of Keyrock and AuthzForce. They are connected well I think. Error msg of Keyrock What makes I think AuthzForce working well (this is the Wilma's successful log when I send a access request to Wilma with the access token) Please refer above images and below configuretion of Keyrock. // 'local_settings.py' in Keyrock ACCESS_CONTROL_URL = 'http://127.0.0.1:8080' ACCESS_CONTROL_MAGIC_KEY = 'abcdefghijkmn' |
Created question in FIWARE Q/A platform on 07-05-2017 at 22:05
{color: red}Please, ANSWER this question AT{color} http://stackoverflow.com/questions/43836571/authzforce-failed-update-policies +Question:+ AuthzForce failed update policies +Description:+ I'm assigning permission (only access to /resource1) to a role. However Keyrock said 'Failed to update policies in Access Control GE'. So, even I request the resource2 (not resource1) with an access token that has the permission that can access resource1 only, AuthzForce permit the access because policies are not updated (it might be other problem). The question is why authzforce cannot update policy? Now, I successfully linked permission to the role (except failing policy update), and I assigned the role to the user. Then I double checked configurations of Keyrock and AuthzForce. They are connected well I think. Error msg of Keyrock What makes I think AuthzForce working well (this is the Wilma's successful log when I send a access request to Wilma with the access token) Please refer above images and below configuretion of Keyrock. // 'local_settings.py' in Keyrock ACCESS_CONTROL_URL = 'http://127.0.0.1:8080' ACCESS_CONTROL_MAGIC_KEY = 'abcdefghijkmn' |
| HD-Chapter | Security [ 10841 ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
Asking for more info. A priori an issue with KeyRock-Authzforce incompatibility. May re-assign to KeyRock owner.
| Summary | [fiware-stackoverflow] AuthzForce failed update policies | [fiware-stackoverflow] KeyRock failing to update policies on AuthzForce |
| Assignee | Cyril Dangerville [ cyril.dangerville ] | Alvaro Alonso [ aalonsog ] |
| Resolution | Done [ 10000 ] | |
| Status | In Progress [ 3 ] | Closed [ 6 ] |
2017-05-11 12:05|UPDATED status: transition Finish| # answers= 1, accepted answer= True
| Fix Version/s | 2021 [ 12600 ] |
| Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
|---|---|---|---|---|---|---|---|---|---|
|
1d 10h 40m | 1 | Cyril Dangerville | 09/May/17 10:45 AM | |||||
|
2d 1h 19m | 1 | Backlog Manager | 11/May/17 12:04 PM |
2017-05-08 00:05|CREATED monitor | # answers= 0, accepted answer= False