0

I'm trying to put to work the IDM+AuthZForce+PEP-Proxy-Wilma to secure the Orion context broker, but I'm having a bit of trouble, nothing works, all is up and running, but there's no autentication and no security.

I changed all the configuration files and nothing changed. I tried to populate the database (mongoDB or PostgreSQL) and nothing changed, too. All services are running in a docker-compose instance. Anyonce already has deployed this successfully?

Kalle Richter
  • 8,008
  • 26
  • 77
  • 177
Naff16
  • 83
  • 1
  • 9

1 Answers1

0

I think you can get some help reading the following question/answers:

Fiware - How to integrate Keyrock IdM, Wilma PEP Proxy and Orion Context Broker?

I already configured Orion+Keyrock+Wilma. Here is the link for a simple tutorial on how to integrate them.

The AuthZForce is still mysterious for me. Recently I asked the following question about it:

FIWARE AuthZForce 5.4.1 is not installing

If you continue with some doubt related to Orion+Keyrock+Wilma, say it and perhaps I can help you.

I hope the suggested link can be useful for you.

cdan
  • 3,470
  • 13
  • 27
Dalton Cézane
  • 3,672
  • 2
  • 35
  • 60
  • Thanks for the answer. Did you run it on docker-compose environment? – Naff16 Jul 11 '17 at 09:14
  • No. I run Orion on a VM and Keyrock and Wilma in the same docker container (I configured a docker container with the Keyrock image and inside it I configured the Wilma). My Orion instance runs in the port 1026 (default) and Keyrock runs with ports 8000 (horizon) and 5000 (keystone). Wilma is configured to receive requests at port 80 and redirects to Orion. – Dalton Cézane Jul 11 '17 at 16:32
  • I have the same configuration. But i try to send some request to PEP and nothing is happening, im starting the PEP with success, generating tokens and still no protection. Im having doubts too in the database population from Keystone, how do i do that? and how keystone knows wich database to use? I started now this part about the security, but im having really a lot o problems. – Naff16 Jul 11 '17 at 16:39
  • Did you create the app in the keyrock horizon? How is your wilma configuration? – Dalton Cézane Jul 11 '17 at 16:42
  • Can you post your config.js from pep-proxy-wilma? Thanks – Naff16 Jul 11 '17 at 16:45
  • Yes, i created it. keyrock:8000 - idm/idm - URL: http://localhost - Calback: http://localhost/login. This are the fields of the app. Config.js: `config.account_host = 'keyrock'; config.keystone_host = 'keyrock'; config.keystone_port = 8000; config.app_host = 'orion'; config.app_port = '1026'; config.username = 'idm'; config.password = 'idm'; config.azf = { enabled: true, protocol: 'http', host: 'authzforce', port: 8080, //path: '/authzforce/domains/', custom_policy: undefined // use undefined to default policy checks (HTTP verb + path). };` – Naff16 Jul 11 '17 at 16:53
  • I'm finishing a tutorial in which I explain better how to make these components working together, without AzF, because, as I told, it is still not working for me. As soon as I finish, I edit the answer and put the link for it. – Dalton Cézane Jul 11 '17 at 17:02
  • That would be amazing :) – Naff16 Jul 11 '17 at 17:04
  • I edited the answer with the link for the tutorial. I hope it can help you. Give me some feedback about it. – Dalton Cézane Jul 11 '17 at 20:40
  • It's working now :) Thanks. Your document have all the points we need to work with PEP and Keyrock, but i think you should tell in PEP-Proxy topic where do you install it, because you dont mention that you are installing it inside the idm container, only a few steps later :) One more question, you only work with idm/idm? or you provided more users/roles? – Naff16 Jul 12 '17 at 11:13
  • I'm glad you got it! Yes, I did not mention the PEP was installed at IdM container, because someone can install on another VM, container or even in the local host... =) What really matter is to know the address (IP) of the PEP instance. If my answer helped to solve your problem, please mark it as the answer. – Dalton Cézane Jul 12 '17 at 17:55
  • Marked. Im going to repeat myself, did you only work with idm/idm? or you provided more users/roles? – Naff16 Jul 12 '17 at 22:10
  • I forgot to answer this last question... But it is better if you open another question for this. This is suggested by FIWARE developers, in other to separate the doubts and stay easy to find information about some problems. I already created another users. When you open the question, we talk there. – Dalton Cézane Jul 13 '17 at 04:06