2016-04-04 14:45:33 +0100 | received badge | ● Notable Question (source) |
2016-04-04 14:45:33 +0100 | received badge | ● Famous Question (source) |
2016-03-11 12:40:24 +0100 | received badge | ● Famous Question (source) |
2016-02-25 15:34:54 +0100 | received badge | ● Student (source) |
2016-02-24 10:09:38 +0100 | received badge | ● Notable Question (source) |
2016-02-13 13:23:00 +0100 | received badge | ● Popular Question (source) |
2016-02-13 05:57:17 +0100 | received badge | ● Enthusiast |
2016-02-12 06:27:03 +0100 | commented answer | How to configure Keyrock to access a Restful API behind Wilma Proxy Hi Alvaro, thanks for fast reply. There is another issue about PEP. When PEP receives the json response from AuthZForce, it looks for a key "Response" but it doesn't find it because AuthZforce sends slightly different keys. For example:{ 'ns5:Response':'....'}. ns1,.., ns5 are put before "Response". |
2016-02-11 11:21:40 +0100 | asked a question | How to configure Keyrock to access a Restful API behind Wilma Proxy Hi, I'm developing an authentication/authorization scheme based on 3 Fiware Enablers: Keyrock IdM (v5.1.0), Wilma PEP Proxy (v4.4.1), AuthZForce (v4.4.1a). I'm using this scheme to protect another Fiware Enabler: POI Data Provider. I configured the components in order to allow a client to access a resource on the POI Data provider, sending a Restful http request to PEP Proxy that: verify the client's token; check his authorization to access the resource against AuthZForce and redirects the client to the resource if AuthZForce permit it. For example, if I want to access myResource on myMachine I have to send the following requst to myProxyMachine: curl -H "X-Auth-Token: mytoken" -X GET "http://myProxyMachine:80/myResource" It works fine as PEP Proxy redirects me to myResource on myMachine. But if I want to do a Restful request, with multiple parameters, for example: curl -H "X-Auth-Token: mytoken" -X GET "http://myProxyMachine:80/myResource?param1=1¶m2=2" It doesn't work as AuthZForce deny the access to the resource. I think this is caused by Keyrock, because I created a permission for the client to do a GET on myResource, but this is not enough, because the URL of the request have other parameters and doesn't match with the rule. As the client can do multiple different requests, based on the parameters I just can't create multiple permissions on Keyrock. So, can anyone suggest how to create a permission on Keyrock to allow a client to GET myResource not regarding the other parameters? I didn't find how to achieve this in the documentation. Thanks in advance, Michele. |
2016-02-04 08:59:30 +0100 | commented answer | Problems creating a domain in Fiware AuthZforce Authorization Server Yes I thought that Keyrock was using an old API. I also modified Wilma Proxy to correctly parse responses from AuthZForce. I saw that a new version of Keyrock has been released, so I'm going to install the latest version and I will come back here to post new errors (if present). Thanks for reply. |
2016-02-01 09:28:25 +0100 | received badge | ● Popular Question (source) |
2016-01-28 08:07:06 +0100 | commented answer | Problems creating a domain in Fiware AuthZforce Authorization Server Hi Cyrill, thanks for reply. Now it works. I have another issue about the domain. After creation it doesn't contain the /pap and /pdp directories needed. I tried to create them manually but Keyrock isn't still able to "write" policies in AuthZForce. What is the correct procedure to achieve this? |
2016-01-28 04:35:18 +0100 | received badge | ● Scholar (source) |
2016-01-26 10:41:24 +0100 | received badge | ● Editor (source) |
2016-01-26 10:39:59 +0100 | received badge | ● Organizer (source) |
2016-01-26 09:34:04 +0100 | asked a question | Problems creating a domain in Fiware AuthZforce Authorization Server Hi, I'm developing an authentication/authorization scheme, based on Oauth 2.0, using the Fiware Enablers: Keyrock IdM, Wilma Proxy and AuthZForce authorization server. I installed and configured Keyrock and Wilma and they work fine together. I'm actually having problems with AuthZForce. I followed the installation guide but I can't actually create a domain with curl: curl --verbose --trace-ascii - --request POST \ I got the following error: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:error xmlns:ns2="http://authzforce.github.io/rest-api-model/xmlns/authz/4" xmlns:ns3="http://www.w3.org/2005/Atom" xmlns:ns4="http://authzforce.github.io/core/xmlns/pdp/3.6" xmlns:ns5="http://authzforce.github.io/pap-dao-file/xmlns/properties/3.6"><message>Invalid parameters: cvc-complex-type.2.4.a: Invalid content starting with "name". Invalid content was found starting with element "name". An element "{description, rootPolicyRef}" is expected.</message></ns2:error> It seems to be an xml validation error. I tried to access the AuthZforce API but the link in the the programmer's guide gives a 404 error. Can anyone suggest how to fix this issue? |