Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-8675

[Fiware-lab-help] FIWARE Lab Assistance

        Details

        • Type: extRequest
        • Status: Closed
        • Priority: Major
        • Resolution: Done
        • Fix Version/s: 2021
        • Component/s: FIWARE-TECH-HELP
        • Labels:
          None

          Description

          Hi,

          I am trying to use FIWARE security Generic Enablers: PEP Proxy, IDM KeyRock and AuthZForce. Specifically, I am using the instances available to trial users in the url https://account.lab.fiware.org.

          My problem is related with level 1 of authorization. I have configured PEP proxy to check permissions using AuthZForce as you can see below:

          config.azf =

          { enabled: true, protocol: 'https', host: 'auth.lab.fiware.org', port: 6019, custom_policy: undefined // use undefined to default policy checks (HTTP verb + path). }

          ;

          My application only has an authorized user. When I send requests to PEP proxy with an authorized user's token, everything goes OK:

          2017-05-09 08:56:29.958 - INFO: AZF-Client - Checking authorization to roles [ '106' ] to do GET on and app 43bb03d87eb742918aaef19fcd41a002
          2017-05-09 08:56:29.963 - INFO: AZF-Client - Checking auth with AZF...
          2017-05-09 08:56:30.388 - INFO: Root - Access-token OK. Redirecting to app...

          Nevertheless, if I use a token for an unauthorized user, the result is the same:

          2017-05-09 08:58:09.501 - INFO: AZF-Client - Checking authorization to roles [] to do GET on and app 43bb03d87eb742918aaef19fcd41a002
          2017-05-09 08:58:09.502 - INFO: AZF-Client - Checking auth with AZF...
          2017-05-09 08:58:09.876 - INFO: Root - Access-token OK. Redirecting to app...

          As you can see in the output of PEP Proxy, the user does not have a role in the app but the request is approved.

          Daniel Calvo Alonso
          Energy and Transport Market
          Atos Research and Innovation
          Tel: +34 946 66 20 82
          daniel.calvo@atos.net<daniel.calvo@atos.net>
          C/Real Consulado s/n,
          Polígono Industrial Candina
          39011 Santander
          https://atos.net/en/insights-and-innovation/innovation-labs

          Feel free to download our booklet at
          https://atos.net/wp-content/uploads/2017/01/atos-ari-2016.pdf

          This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it.
          As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.

          Este mensaje y los ficheros adjuntos pueden contener información confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente y pueden estar protegidos por secreto profesional.
          Si usted recibe este correo electrónico por error, gracias por informar inmediatamente al remitente y destruir el mensaje.
          Al no estar asegurada la integridad de este mensaje sobre la red, Atos no se hace responsable por su contenido. Su contenido no constituye ningún compromiso para el grupo Atos, salvo ratificación escrita por ambas partes.
          Aunque se esfuerza al máximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no será responsable de cualesquiera daños que puedan resultar de una transmisión de virus.

          This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it.
          As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.

          Este mensaje y los ficheros adjuntos pueden contener información confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente y pueden estar protegidos por secreto profesional.
          Si usted recibe este correo electrónico por error, gracias por informar inmediatamente al remitente y destruir el mensaje.
          Al no estar asegurada la integridad de este mensaje sobre la red, Atos no se hace responsable por su contenido. Su contenido no constituye ningún compromiso para el grupo Atos, salvo ratificación escrita por ambas partes.
          Aunque se esfuerza al máximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no será responsable de cualesquiera daños que puedan resultar de una transmisión de virus.

          __________________________________________________________________________________________

          You can get more information about our cookies and privacy policies on the following links:

          Fiware-lab-help mailing list
          Fiware-lab-help@lists.fiware.org
          https://lists.fiware.org/listinfo/fiware-lab-help

          [Created via e-mail received from: "Calvo Alonso, Daniel" <daniel.calvo@atos.net>]

            Activity

              People

              • Assignee:
                aalonsog Alvaro Alonso
                Reporter:
                fw.ext.user FW External User
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: