stackoom
  简体   繁体   中英

“AZF domain not created for application” AuthZforce

 原文  2016-11-09 17:51:55       fiware/ authz/ pdp/ authzforce

Question

I have an application that uses the KeyRock, PEP, PDP(AuthZForce).

The security level 1 (authentication) with Keyrock and PEP are working, but when we try to use AuthZForce to check the authorization, I get the error message: 

AZF domain not created for application

I have my user and my application that I created following the steps on the Fiware IdM User and Programmers Guide.

I am also able to create domains as stated in the AuthZForce - Installation and Administration Guide but I don't know how to bind the Domain ID with user roles when creating them.

So, how can I insert users/organizations/applications under a specific domain, and then have the security level 2?

My config.js file: 

config.azf = {
    enabled: true,
    host: '192.168.99.100',
    port: 8080,
    path: '/authzforce/domains/',
    custom_policy: undefined  
};

And my docker-compose.yml file is: 

authzforce:
    image: fiware/authzforce-ce-server:release-5.4.1
    hostname: authzforce
    container_name: authzforce
    ports:
      - "8080:8080"

keyrock:
    image: fiware/idm:v5.4.0
    hostname: keyrock
    container_name: keyrock 
    ports:
        - "5000:5000"
        - "8000:8000" 

pepproxy:
    build: Docker/fiware-pep-proxy
    hostname: pepproxy
    container_name: pepproxy
    ports:
        - 80:80
    links:
        - authzforce
        - keyrock

This question is the same that AuthZForce Security Level 2: Basic Authorization error "AZF domain not created for application" , but I get the same error, and my keyrock version is v5.4.0.

2 answers

solution1
 2 ACCPTED  2016-12-09 13:54:21

我更改了AuthZForce GE配置: http ://fiware-idm.readthedocs.io/en/latest/admin_guide.html#authzforce-ge-configuration

solution2
 1  2017-03-14 22:25:13

After reviewing the horizon source code I found that function "policyset_update" in openstack_dashboard/fiware_api/access_control_ge.py returns inmediatly if ACCESS_CONTROL_MAGIC_KEY is None (the default configuration) or an empty string,so the communication with AuthZForce never takes place. Despite this parameter is optional when you don't have AuthZForce behind a PEP Proxy, you have to enter some text to avoid this error.

In your case, your string 'undefined' did the work. In fact, as result, a 'X-Auth-Token: undefined' is generated, but ignored when horizon communicates directly with AuthZForce.

Related topic: Fiware AuthZForce error: "AZF domain not created for application"

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Fiware AuthZForce error: “AZF domain not created for application” AuthZForce Security Level 2: Basic Authorization error “AZF domain not created for application” Problems creating a domain in Fiware AuthZforce Authorization Server Can I change the 'app_azf_domain' in access token provided by Horizon? FIWARE AuthZForce 5.4.1 is not installing Authzforce does not store policies? AuthZForce FIWARE in Cosmos AuthzForce failed update policies AuthZforce use without fiware enablers What does the magic key do in Wilma and AZF?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM