Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-8757

[fiware-stackoverflow] FIWare KeyRock: How to prevent fiware labs data being created when a new user registers

        Details

        • Type: Monitor
        • Status: Closed
        • Priority: Major
        • Resolution: Done
        • Affects Version/s: None
        • Fix Version/s: 2021
        • Component/s: FIWARE-TECH-HELP
        • Labels:

          Description

          Created question in FIWARE Q/A platform on 30-04-2016 at 19:04
          Please, ANSWER this question AT https://stackoverflow.com/questions/36958289/fiware-keyrock-how-to-prevent-fiware-labs-data-being-created-when-a-new-user-re

          Question:
          FIWare KeyRock: How to prevent fiware labs data being created when a new user registers

          Description:
          We want to use the FIWARE IdM, both Keystone and Horizon. Specifically during sign-up we want to

          create a user
          add that user to an organisation
          authorise the user for an application

          We have installed Keystone and Horizon using the latest KeyRock docker image on the docker hub.
          When a new user signs up:

          a 'cloud organisation' is created.
          By default, the 'provider' and 'purchaser' roles are present
          and the 'Store' application is assigned to the user (although i cannot verify this).
          We can add the user to an organisation by hand, and authorise the user for an application by hand in the KeyRock UI.

          However this does not make any sense for our local installation.

          How can we prevent Horizon from creating the cloud organisation upon user sign-up?
          How can we assign a default application authorization upon user sign-up?

          – Edit –

          It’s becoming increasingly clear to me that the way KeyRock is implemented is primarily useful for setting up your own Fiware labs environment, as opposed to setting up a generic Identity management service. If we use KeyRock, we will be stuck with cloud organisations, stores etc. Far from being a Generic Enabler (GE), KeyRock seems to be a “Fiware Labs” specific enabler.

          All the GE documentation references KeyRock as the reference Identity Management GE. Therefore we (and i assume others too) have followed the documented architecture and configuration to link to KeyRock from:

          Wilma PEP Proxy GE
          Wirecloud Application Mashup GE

          Because of the inbuilt Fiware Labs functions of KeyRock, we are having a really hard time applying Wilma PEP Proxy and Wirecloud Application Mashup to our use cases.
          If we decide to use Keystone instead, we will lose

          OAuth2 support
          Permissions
          sign-up, admin and login screens.

          Is anyone else having this problem?
          How have they tackled it?

          – SCIM API –

          Attempt at using the SCIM API is described here: Fiware KeyRock SCIM API bug: _check_allowed_to_get_and_assign() got an unexpected keyword argument 'userName'

            Activity

            Hide
            Permalink
            backlogmanager Backlog Manager added a comment -

            2017-05-22 15:06|CREATED monitor | # answers= 0, accepted answer= False

            Show
            backlogmanager Backlog Manager added a comment - 2017-05-22 15:06|CREATED monitor | # answers= 0, accepted answer= False

              People

              • Assignee:
                aalonsog Alvaro Alonso
                Reporter:
                backlogmanager Backlog Manager
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: