[HELP-8834] [fiware-stackoverflow] AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application" - JIRA

Details

Type: Monitor
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 2021
Component/s: FIWARE-TECH-HELP
Labels:

Source URL:
https://stackoverflow.com/questions/36606813/authzforce-security-level-2-basic-authorization-error-azf-domain-not-created-f
HD-Enabler:
AuthZForce

Description

Created question in FIWARE Q/A platform on 13-04-2016 at 20:04
Please, ANSWER this question AT https://stackoverflow.com/questions/36606813/authzforce-security-level-2-basic-authorization-error-azf-domain-not-created-f

Question:
AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application"

Description:
We are trying to deploy our security layer (KeyRock, Wilma, AuthZForce) to protect our Orion instance.

We are able to have security level 1 (authentication) with Keyrock and Wilma working, but when we try to insert AuthZForce to check the verb+resource authorization we get the error message:

AZF domain not created for application

In the PEP Proxy User Guide, under "Level 2: Basic Authorization" section, it is stated that we have to configure the roles and permissions for the user in the application. I have created my user and registered my application following the steps on the Fiware IdM User and Programmers Guide. I also created an additional rule to match exactly the resource that I'm trying to GET to guarantee that there is no path mistake.

I am also able to create domains as stated in the AuthZForce - Installation and Administration Guide but I don't know how to bind the Domain ID with user roles when creating them. I've searched in the IdM GUI and in the documentation but I couldn't find how to do it.

So, how can I insert users/organizations/applications under a specific domain, and then have the security level 2?

Update:

My Wima's config.js file has this section:

...
config.azf = {
enabled: true,
host: 'authzforce',
port: 8080,
path: '/authzforce/domains/',
custom_policy: undefined
};
...

And my docker-compose.yml file is:

pepwilma:
image: ging/fiware-pep-proxy
container_name: test_pepwilma
hostname: pepwilma
volumes:

./wilma/config.js:/opt/fiware-pep-proxy/config.js
links:
idm
authzforce
ports:
"88:80"
idm:
image: fiware/idm
container_name: test_idm
links:
authzforce
ports:
"5000:5000"
"8000:8000"
authzforce:
image: fiware/authzforce-ce-server
container_name: test_authzforce
hostname: authzforce
ports:
"8080:8080"

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Backlog Manager added a comment - 22/May/17 3:07 PM

2017-05-22 15:08|CREATED monitor | # answers= 1, accepted answer= False

Show

Backlog Manager added a comment - 22/May/17 3:07 PM 2017-05-22 15:08|CREATED monitor | # answers= 1, accepted answer= False

Hide

Permalink

Backlog Manager added a comment - 22/May/17 6:05 PM

2017-05-22 18:06|UPDATED status: transition Answer| # answers= 1, accepted answer= False

Show

Backlog Manager added a comment - 22/May/17 6:05 PM 2017-05-22 18:06|UPDATED status: transition Answer| # answers= 1, accepted answer= False

Hide

Permalink

Backlog Manager added a comment - 22/May/17 9:05 PM

2017-05-22 21:06|UPDATED status: transition Answered| # answers= 1, accepted answer= False

Show

Backlog Manager added a comment - 22/May/17 9:05 PM 2017-05-22 21:06|UPDATED status: transition Answered| # answers= 1, accepted answer= False

People

Assignee:

Francisco Romero

Reporter:

Backlog Manager

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

22/May/17 3:07 PM

Updated:

27/May/21 10:59 AM

Resolved:

29/May/17 12:02 PM

Agile

View on Board