We use proprietary and third party´s cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Ask Your Question

michele gucciardo's profile - activity

2016-04-04 14:45:33 +0100 received badge  Notable Question (source)
2016-04-04 14:45:33 +0100 received badge  Famous Question (source)
2016-03-11 12:40:24 +0100 received badge  Famous Question (source)
2016-02-25 15:34:54 +0100 received badge  Student (source)
2016-02-24 10:09:38 +0100 received badge  Notable Question (source)
2016-02-13 13:23:00 +0100 received badge  Popular Question (source)
2016-02-13 05:57:17 +0100 received badge  Enthusiast
2016-02-12 06:27:03 +0100 commented answer How to configure Keyrock to access a Restful API behind Wilma Proxy

Hi Alvaro, thanks for fast reply. There is another issue about PEP. When PEP receives the json response from AuthZForce, it looks for a key "Response" but it doesn't find it because AuthZforce sends slightly different keys. For example:{ 'ns5:Response':'....'}. ns1,.., ns5 are put before "Response".

2016-02-11 11:21:40 +0100 asked a question How to configure Keyrock to access a Restful API behind Wilma Proxy

Hi, I'm developing an authentication/authorization scheme based on 3 Fiware Enablers: Keyrock IdM (v5.1.0), Wilma PEP Proxy (v4.4.1), AuthZForce (v4.4.1a). I'm using this scheme to protect another Fiware Enabler: POI Data Provider.

I configured the components in order to allow a client to access a resource on the POI Data provider, sending a Restful http request to PEP Proxy that: verify the client's token; check his authorization to access the resource against AuthZForce and redirects the client to the resource if AuthZForce permit it.

For example, if I want to access myResource on myMachine I have to send the following requst to myProxyMachine:

curl -H "X-Auth-Token: mytoken" -X GET "http://myProxyMachine:80/myResource"

It works fine as PEP Proxy redirects me to myResource on myMachine.

But if I want to do a Restful request, with multiple parameters, for example:

curl -H "X-Auth-Token: mytoken" -X GET "http://myProxyMachine:80/myResource?param1=1&param2=2"

It doesn't work as AuthZForce deny the access to the resource.

I think this is caused by Keyrock, because I created a permission for the client to do a GET on myResource, but this is not enough, because the URL of the request have other parameters and doesn't match with the rule. As the client can do multiple different requests, based on the parameters I just can't create multiple permissions on Keyrock.

So, can anyone suggest how to create a permission on Keyrock to allow a client to GET myResource not regarding the other parameters? I didn't find how to achieve this in the documentation.

Thanks in advance, Michele.

2016-02-04 08:59:30 +0100 commented answer Problems creating a domain in Fiware AuthZforce Authorization Server

Yes I thought that Keyrock was using an old API. I also modified Wilma Proxy to correctly parse responses from AuthZForce. I saw that a new version of Keyrock has been released, so I'm going to install the latest version and I will come back here to post new errors (if present). Thanks for reply.

2016-02-01 09:28:25 +0100 received badge  Popular Question (source)
2016-01-28 08:07:06 +0100 commented answer Problems creating a domain in Fiware AuthZforce Authorization Server

Hi Cyrill, thanks for reply. Now it works. I have another issue about the domain. After creation it doesn't contain the /pap and /pdp directories needed. I tried to create them manually but Keyrock isn't still able to "write" policies in AuthZForce. What is the correct procedure to achieve this?

2016-01-28 04:35:18 +0100 received badge  Scholar (source)
2016-01-26 10:41:24 +0100 received badge  Editor (source)
2016-01-26 10:39:59 +0100 received badge  Organizer (source)
2016-01-26 09:34:04 +0100 asked a question Problems creating a domain in Fiware AuthZforce Authorization Server


I'm developing an authentication/authorization scheme, based on Oauth 2.0, using the Fiware Enablers: Keyrock IdM, Wilma Proxy and AuthZForce authorization server.

I installed and configured Keyrock and Wilma and they work fine together. I'm actually having problems with AuthZForce. I followed the installation guide but I can't actually create a domain with curl:

curl --verbose --trace-ascii - --request POST \
--header "Content-Type: application/xml;charset=UTF-8" \
--data '<?xml version="1.0" encoding="UTF-8"?><taz:domainProperties xmlns:taz="http://authzforce.github.io/rest-api-model/xmlns/authz/4"> <name>MyDomain</name><description>This is my domain.</description></taz:domainProperties>' \
--header "Accept: application/xml" http://${MYSERVERHOST}:${MYPORT}/authzforce-ce/domains

I got the following error:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:error xmlns:ns2="http://authzforce.github.io/rest-api-model/xmlns/authz/4" xmlns:ns3="http://www.w3.org/2005/Atom" xmlns:ns4="http://authzforce.github.io/core/xmlns/pdp/3.6" xmlns:ns5="http://authzforce.github.io/pap-dao-file/xmlns/properties/3.6"><message>Invalid parameters: cvc-complex-type.2.4.a: Invalid content starting with "name". Invalid content was found starting with element "name". An element "{description, rootPolicyRef}" is expected.</message></ns2:error>

It seems to be an xml validation error. I tried to access the AuthZforce API but the link in the the programmer's guide gives a 404 error.

Can anyone suggest how to fix this issue?