“未为应用程序创建AZF域” AuthZforce
[英]“AZF domain not created for application” AuthZforce
问题描述
I have an application that uses the KeyRock, PEP, PDP(AuthZForce). 
我有一个使用KeyRock,PEP,PDP(AuthZForce)的应用程序。
The security level 1 (authentication) with Keyrock and PEP are working, but when we try to use AuthZForce to check the authorization, I get the error message: 使用Keyrock和PEP的安全级别1(身份验证)正在工作,但是当我们尝试使用AuthZForce来检查授权时,我收到了错误消息:
AZF domain not created for application
I have my user and my application that I created following the steps on the Fiware IdM User and Programmers Guide. 我有按照《 Fiware IdM用户和程序员指南》中的步骤创建的用户和应用程序。
I am also able to create domains as stated in the AuthZForce - Installation and Administration Guide but I don't know how to bind the Domain ID with user roles when creating them. 我还能够按照AuthZForce-安装和管理指南中的说明创建域,但是在创建域ID时,我不知道如何将其与用户角色绑定。
So, how can I insert users/organizations/applications under a specific domain, and then have the security level 2? 那么,如何在特定域下插入用户/组织/应用程序,然后设置安全级别2?
My config.js file: 我的config.js文件:
config.azf = {
enabled: true,
host: '192.168.99.100',
port: 8080,
path: '/authzforce/domains/',
custom_policy: undefined
};
And my docker-compose.yml file is: 我的docker-compose.yml文件是:
authzforce:
image: fiware/authzforce-ce-server:release-5.4.1
hostname: authzforce
container_name: authzforce
ports:
- "8080:8080"
keyrock:
image: fiware/idm:v5.4.0
hostname: keyrock
container_name: keyrock
ports:
- "5000:5000"
- "8000:8000"
pepproxy:
build: Docker/fiware-pep-proxy
hostname: pepproxy
container_name: pepproxy
ports:
- 80:80
links:
- authzforce
- keyrock
This question is the same that AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application" , but I get the same error, and my keyrock version is v5.4.0. 这个问题与AuthZForce安全级别2:基本授权错误“未为应用程序创建AZF域”相同,但是我遇到相同的错误,并且我的keyrock版本是v5.4.0。
2 个解决方案
解决方案1
2 已采纳 2016-12-09 13:54:21
我更改了AuthZForce GE配置: http ://fiware-idm.readthedocs.io/en/latest/admin_guide.html#authzforce-ge-configuration
解决方案2
1 2017-03-14 22:25:13
After reviewing the horizon source code I found that function "policyset_update" in openstack_dashboard/fiware_api/access_control_ge.py returns inmediatly if ACCESS_CONTROL_MAGIC_KEY is None (the default configuration) or an empty string,so the communication with AuthZForce never takes place. 查看地平线源代码后,我发现如果ACCESS_CONTROL_MAGIC_KEY为None(默认配置)或为空字符串,则openstack_dashboard / fiware_api / access_control_ge.py中的函数“ policyset_update”会立即返回,因此从未与AuthZForce进行通信。 Despite this parameter is optional when you don't have AuthZForce behind a PEP Proxy, you have to enter some text to avoid this error. 尽管在没有PEP代理后面的AuthZForce时此参数是可选的,但您必须输入一些文本以避免此错误。
In your case, your string 'undefined' did the work. 在您的情况下,您的字符串“未定义”完成了工作。 In fact, as result, a 'X-Auth-Token: undefined' is generated, but ignored when horizon communicates directly with AuthZForce. 实际上,结果是生成了“ X-Auth-Token:未定义”,但在Horizon与AuthZForce直接通信时被忽略。
Related topic: Fiware AuthZForce error: "AZF domain not created for application" 相关主题: Fiware AuthZForce错误:“未为应用程序创建AZF域”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.