stackoom
  简体   繁体   中英

Fiware: Setting up AuthZForce with idm and pep proxy

 原文  2015-11-12 16:27:14       proxy/ fiware

Question

I have configured PEP proxy GE and IDM GE, and now Basic authentication works great. Now i want to set up Level 2:Basic authorization system with http verb and resource path checking, and for that i need AuthZForce GE. I installed AuthZForce on same server as IDM, created default domain on authZforce with id 562285a1-8950-11e5-980f-6bf3c4dac98a and configured pep proxy config.js file 

config.pep_port = 80;
config.account_host = 'https://192.168.4.180';

config.keystone_host = '192.168.4.180';
config.keystone_port = 5000;

config.app_host = 'localhost';
config.app_port = '8000';

config.azf = {
enabled: true,
host: '192.168.4.180',
port: 8080,
path: '/authzforce/domains/562285a1-8950-11e5-980f-6bf3c4dac98a/pdp'
};

And now when i try to access to some page via curl: 

sudo curl -H "X-Auth-Token: vPTru5ikuyLcxf6ujV23V3l4GFNpF5" http://localhost/home/login/

I get this error in the client: 

Error in AZF communication

And this error on pep proxy: 

2015-11-12 17:09:13.040  - INFO: IDM-Client - Checking token with IDM...
2015-11-12 17:09:13.086  - INFO: AZF-Client - Checking auth with AZF...
2015-11-12 17:09:13.087  - INFO: AZF-Client - Checking authorization to roles [ '4806909eb4b646c7a1f11ad9f9ed53ed',
  '09dc1bdba42c48de9e15e88816284cbc',
  '5786623590bc4f3ab01c61733a13ee6d',
  'e3fe52a0c6c34fe395bb087f42d1cc72',
  '44151592f3814929a59d1c1e7022a0bb' ] to do  GET  on  home/login/
 and app  aea8f4a70b87422cb48068db9f0c6aea
2015-11-12 17:09:13.117  - ERROR: Root - Error in AZF communication  
Error: 139773139036032:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:
unknown protocol:s23_clnt.c:795:

PEP Proxy is running on port 80 and IDM is running on 443 port.

What could be a problem? Should all these services be delivered via https or is that irrelevant?

1 answers

solution1
 0  2016-11-14 11:29:27

If you use the latest version of the PEP proxy, v5.4 as of now, you can work around this issue by disabling https for the connection to AuthzForce in the config.js file: you set the config.azf.protocol to http instead of https : 

config.azf = {
    enabled: true,
    protocol: 'http',
    host: '192.168.4.180',
    port: 8080,
    custom_policy: undefined 
};

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to properly configure IoT sensors in order to gain authentication and authorization using IdM Keyrock and Wilma PEP Proxy Setting up a proxy server Setting up an Apache Proxy with Authentication setting up a ColdFusion proxy for XMLHttpRequests Setting up proxy with ftp with Python Setting up proxy for HTTP client Setting up a cookie via proxy Setting up proxy server on iPhone Setting up Proxy with Python3 Setting up proxy with selenium / python
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM