AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application"

Question

We are trying to deploy our security layer (KeyRock, Wilma, AuthZForce) to protect our Orion instance.

We are able to have security level 1 (authentication) with Keyrock and Wilma working, but when we try to insert AuthZForce to check the verb+resource authorization we get the error message:

AZF domain not created for application

In the PEP Proxy User Guide, under "Level 2: Basic Authorization" section, it is stated that we have to configure the roles and permissions for the user in the application. I have created my user and registered my application following the steps on the Fiware IdM User and Programmers Guide. I also created an additional rule to match exactly the resource that I'm trying to GET to guarantee that there is no path mistake.

I am also able to create domains as stated in the AuthZForce - Installation and Administration Guide but I don't know how to bind the Domain ID with user roles when creating them. I've searched in the IdM GUI and in the documentation but I couldn't find how to do it.

So, how can I insert users/organizations/applications under a specific domain, and then have the security level 2?

Update:

My Wima's config.js file has this section:

...
config.azf = {
    enabled: true,
    host: 'authzforce',
    port: 8080,
    path: '/authzforce/domains/',
    custom_policy: undefined
};
...

And my docker-compose.yml file is:

pepwilma:
    image: ging/fiware-pep-proxy
    container_name: test_pepwilma
    hostname: pepwilma
    volumes:
        - ./wilma/config.js:/opt/fiware-pep-proxy/config.js
    links:
        - idm
        - authzforce
    ports:
        - "88:80"
idm:
    image: fiware/idm
    container_name: test_idm
    links:
        - authzforce
    ports:
        - "5000:5000"
        - "8000:8000"
authzforce:
    image: fiware/authzforce-ce-server
    container_name: test_authzforce
    hostname: authzforce
    ports:
      - "8080:8080"

Hi @mgiesel, I have the same problem. Have you figured something out yet? — Matjaž Tercelj, Apr 18 '16 at 07:21
Nothing yet, @Tjazo. But when I get some answer I'll post it here so anyone with the same problem can solve it. — mrgiesel, Apr 18 '16 at 11:16
did the latest update fix your problem? I still get the error. — Matjaž Tercelj, Apr 21 '16 at 14:23
I'll test it next week. As soon I have done it I update the info here. — mrgiesel, Apr 22 '16 at 12:39
@Tjazo, still same error here. I'm using Docker to implement keyrock and atz in my machine. Do you know where their code is? Maybe looking there we can figure out how to solve this. — mrgiesel, Apr 27 '16 at 14:39
Yes the update fixed my problem. But I had to update the permissions for my app in Keyrock. I am using the lab instance of keyrock and atz though. I think the KR code is here https://github.com/ging/fiware-idm Not sure where the code for ATZ is. — Matjaž Tercelj, Apr 28 '16 at 08:45
I tried to use your setup (lab instance of keyrock and azf) and now I get a different error in wilma's log: "ERROR: Server - Caught exception: Error: There are errors in your xml file: syntax error". — mrgiesel, Apr 29 '16 at 10:27
If you are using lab instance of KR and AZF then this should be in your config: `config.account_host = 'https://account.lab.fiware.org'; config.keystone_host = 'cloud.lab.fiware.org'; config.keystone_port = 4731; config.azf = { enabled: true, host: 'auth.lab.fiware.org', port: 6019, path: '/authzforce/domains/', custom_policy: undefined };` For your local setup I'm not sure. Depending on the version of AZF try using `path: '/authzforce-ce/domains/' ` — Matjaž Tercelj, May 04 '16 at 13:04
A possible solution can be found here: https://stackoverflow.com/questions/42714175/fiware-authzforce-error-azf-domain-not-created-for-application/42797490#42797490 — Daniel Rodriguez, Mar 15 '17 at 11:26

score 0 · Answer 1 · answered Apr 18 '16 at 08:44

0

Is the error AZF domain not created reported by KeyRock or Wilma?

answered Apr 18 '16 at 08:44

cdan

3,470
13
27

Error is reported by Wilma – Matjaž Tercelj Apr 18 '16 at 09:58
2

Hi, it seems there is a bug related with azf domains management in Keyrock. We are going to check it and fix ASAP – Álvaro Alonso Apr 18 '16 at 11:19
1

I'ce check it and the bug is already fixed but not deployed yet in FIWARE Lab. It will be included in the next deployment (on Thursday) – Álvaro Alonso Apr 19 '16 at 06:34
1

@ÁlvaroAlonso I keep getting the same error even after the update has been deployed. – Matjaž Tercelj Apr 21 '16 at 14:21
@ÁlvaroAlonso I also still get the same error. Could you point out what is the source code you've changed? And how can we fix it? – mrgiesel Apr 27 '16 at 14:36
Could you upgrade Keyrock v5.4.0, PEP Proxy v5.4 and AuthzForce 5.4.1? – cdan Nov 14 '16 at 11:47

AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application"

1 Answers1

Linked