0

I'm Testing FIWARE security GEris. But I have a problem when I use PDP (AuthzForce) with PEP Proxy (Wilma).

Now, Wilma and AuthzForce are working well in separately. However, when I request resource to Wilma with an access token, Wilma retrieve the wrong PDP domain because of its 'app_azf_domain' made by Horizon.

This is my access token:

{ "organizations": [ ], "displayName": "user0", "roles": [ { "name": "End user", "id": "bb42b0b3f680469cbba5b2fb4e8c39f7" }, { "name": "Global manager", "id": "17c87423eb514fc1a8a7f0fecaa543f9" }, { "name": "Family", "id": "0a4839c502054c1189a27e40f3189a55" } ], "app_id": "a8e7489b62fc4ed9b8b6ee28d3dd91c8", "email": "user0@test.com", "id": "user0", "app_azf_domain": "iiJ8_xICEeeHFQJCrBEABA" }

Here is the problem. I don't have the iiJ8_xICEeeHFQJCrBEABA domain!

So, can I change the app_azf_domain or make domain named iiJ8_xICEeeHFQJCrBEABA?

weepi
  • 35
  • 6
  • I don't know what do you mean with "I don't have the domain".The app_azf_domain is an AZF scope created automatically by Keyrock and associated to an application to store the related permissions. It is included by Wima when checking permissions with PDP. – Álvaro Alonso May 05 '17 at 09:03
  • OK. Thanks for you comment but my Wilma does not create 'app_azf_domain' attribute. I think there is a bug associated with 'get_application_domain' function in the file named './horizon/openstack_dashboard/fiware_api/access_control_ge.py'. Do you have any idea about this problem? I have already modified the configurations of 'local_settings.py'. For ref., level 2 (basic authorization) works if I set the app_azf_domain manually. So I assume that this might not be the problem about any interworking of GEris. – weepi May 06 '17 at 10:58
  • What are you expecting for "right PDP domain" instead of "wrong PDP domain"? Do you mean the "domains" and "projects" from keystone world? I did not understand your question too. – Dalton Cézane May 06 '17 at 22:54
  • 'right PDP domain' is the policy(?) domain of AuthzForce that I have, and 'wrong PDP domain' is the domain that I do not have. Now I do not use the Tour-guide App environment of FIWARE, so the problem I mentioned in this question does not appear anymore. However, my Wilma (maybe Keyrock or AuthzForce..I don't know exactly for now) does not create app_azf_domain into access token. I'm digging this problem. – weepi May 07 '17 at 15:07
  • the app_azf_domain is created by Keyrock (not Wilma) when you create your first permission in your application. And it is just a "container" where the permissions of your application will be stored. – Álvaro Alonso May 10 '17 at 14:55

1 Answers1

1

I reinstall the Keyrock using following URL and the problem is fixed. (http://fiware-idm.readthedocs.io/en/latest/admin_guide.html)

I recommend you to DO NOT use the following code. (https://github.com/ging/fiware-idm)

weepi
  • 35
  • 6