AuthZForce安全级别2:基本授权错误“未为应用程序创建AZF域" [英] AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application"

问题描述

我们正在尝试部署安全层(KeyRock，Wilma，AuthZForce)以保护我们的Orion实例.

We are trying to deploy our security layer (KeyRock, Wilma, AuthZForce) to protect our Orion instance.

我们能够使用Keyrock和Wilma进行安全级别1(身份验证)，但是当我们尝试插入AuthZForce来检查动词+资源授权时，我们会收到错误消息:

We are able to have security level 1 (authentication) with Keyrock and Wilma working, but when we try to insert AuthZForce to check the verb+resource authorization we get the error message:

未为应用创建AZF域

AZF domain not created for application

在 PEP代理用户指南，在级别2:基本授权"部分下，声明必须在应用程序中为用户配置角色和权限.我已经按照固件IdM用户上的步骤创建了我的用户并注册了我的应用程序和程序员指南.我还创建了一条附加规则，以完全匹配我要获取的资源，以确保没有路径错误.

In the PEP Proxy User Guide, under "Level 2: Basic Authorization" section, it is stated that we have to configure the roles and permissions for the user in the application. I have created my user and registered my application following the steps on the Fiware IdM User and Programmers Guide. I also created an additional rule to match exactly the resource that I'm trying to GET to guarantee that there is no path mistake.

我还能够按照 AuthZForce-安装和管理指南，但我不知道如何在创建域ID和用户角色时将其绑定.我已经在IdM GUI和文档中进行了搜索，但是找不到如何操作.

I am also able to create domains as stated in the AuthZForce - Installation and Administration Guide but I don't know how to bind the Domain ID with user roles when creating them. I've searched in the IdM GUI and in the documentation but I couldn't find how to do it.

那么，如何在特定域下插入用户/组织/应用程序，然后设置安全级别2?

So, how can I insert users/organizations/applications under a specific domain, and then have the security level 2?

更新:

我的Wima的config.js文件包含以下部分:

My Wima's config.js file has this section:

...
config.azf = {
    enabled: true,
    host: 'authzforce',
    port: 8080,
    path: '/authzforce/domains/',
    custom_policy: undefined
};
...

我的docker-compose.yml文件是:

And my docker-compose.yml file is:

pepwilma:
    image: ging/fiware-pep-proxy
    container_name: test_pepwilma
    hostname: pepwilma
    volumes:
        - ./wilma/config.js:/opt/fiware-pep-proxy/config.js
    links:
        - idm
        - authzforce
    ports:
        - "88:80"
idm:
    image: fiware/idm
    container_name: test_idm
    links:
        - authzforce
    ports:
        - "5000:5000"
        - "8000:8000"
authzforce:
    image: fiware/authzforce-ce-server
    container_name: test_authzforce
    hostname: authzforce
    ports:
      - "8080:8080"

推荐答案

KeyRock或Wilma是否报告错误 AZF域未创建?

Is the error AZF domain not created reported by KeyRock or Wilma?

这篇关于AuthZForce安全级别2:基本授权错误“未为应用程序创建AZF域"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！