Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-8834

[fiware-stackoverflow] AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application"

        Details

          Description

          Created question in FIWARE Q/A platform on 13-04-2016 at 20:04
          Please, ANSWER this question AT https://stackoverflow.com/questions/36606813/authzforce-security-level-2-basic-authorization-error-azf-domain-not-created-f

          Question:
          AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application"

          Description:
          We are trying to deploy our security layer (KeyRock, Wilma, AuthZForce) to protect our Orion instance.

          We are able to have security level 1 (authentication) with Keyrock and Wilma working, but when we try to insert AuthZForce to check the verb+resource authorization we get the error message:

          AZF domain not created for application

          In the PEP Proxy User Guide, under "Level 2: Basic Authorization" section, it is stated that we have to configure the roles and permissions for the user in the application. I have created my user and registered my application following the steps on the Fiware IdM User and Programmers Guide. I also created an additional rule to match exactly the resource that I'm trying to GET to guarantee that there is no path mistake.

          I am also able to create domains as stated in the AuthZForce - Installation and Administration Guide but I don't know how to bind the Domain ID with user roles when creating them. I've searched in the IdM GUI and in the documentation but I couldn't find how to do it.

          So, how can I insert users/organizations/applications under a specific domain, and then have the security level 2?

          Update:

          My Wima's config.js file has this section:

          ...
          config.azf = {
          enabled: true,
          host: 'authzforce',
          port: 8080,
          path: '/authzforce/domains/',
          custom_policy: undefined
          };
          ...

          And my docker-compose.yml file is:

          pepwilma:
          image: ging/fiware-pep-proxy
          container_name: test_pepwilma
          hostname: pepwilma
          volumes:

          • ./wilma/config.js:/opt/fiware-pep-proxy/config.js
            links:
          • idm
          • authzforce
            ports:
          • "88:80"
            idm:
            image: fiware/idm
            container_name: test_idm
            links:
          • authzforce
            ports:
          • "5000:5000"
          • "8000:8000"
            authzforce:
            image: fiware/authzforce-ce-server
            container_name: test_authzforce
            hostname: authzforce
            ports:
          • "8080:8080"

            Activity

              People

              • Assignee:
                frb Francisco Romero
                Reporter:
                backlogmanager Backlog Manager
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: