Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
Created question in FIWARE Q/A platform on 29-03-2017 at 22:03
Please, ANSWER this question AT https://stackoverflow.com/questions/43103151/how-does-roles-work-in-keyrock
Question:
How does roles work in Keyrock?
Description:
I want to know how the role based authorization works in FIWARE Keyrock. I have tested a scenario where a user A registers an application appA in Keyrock. The user B that is not on the authorized list for application appA can request a token for another application (appB, for example) and successfully access the appA with the token obtained from appB.
Another test performed was to include user A in the authorized list for appA, but with a role that has no permissions. Again, the user A gets access to appA with credentials from another application.
Can anyone explain me how this work, if it really work?
Activity
| Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
|---|---|---|---|---|---|---|---|---|---|
|
2h 56m | 1 | Backlog Manager | 22/May/17 6:06 PM | |||||
|
3h | 1 | Backlog Manager | 22/May/17 9:06 PM |
