fiware-pep-proxy icon indicating copy to clipboard operation
fiware-pep-proxy copied to clipboard

Published 20 hours ago verified publisher icon ging

InvalidAuthenticationToken while trying to access Orion-LD

Open emiliocimino opened this issue 1 year ago • 1 comments

Dear all,

I would like to understand what is not working in the overall system I set up. The idea is just protecting Orion-LD with a pep-proxy, without the use of specific portals and apps. I will provide a series of screenshots, from the docker-compose configuration to all logs.

Let me premise that the idea of the configuration is to provide the minimum set of components necessary to allow users to GET/PATCH some of the ORION resources, such as "entities" and "subscriptions" based on a role assigned to a user. To achieve this, I made a docker-compose with orion, keyrock and wilma.

  • The first doubt starts here: do I need level 2 (basic authorization) or a level 3 (ABAC authorization) to achieve this? Because it seems quite confusing. From what I understood, to achieve User+HTTP Verb+Resource access it is sufficient a basic authorization, however from others tutorial it seems I need to set up ABAC.

To cut through the bull, I added AuthZforce to the docker compose. The configuration is the following one: image image image image

All components set up correctly, so I am sure they started correctly. The first thing I did is opening the keyrock GUI and create an user, an application, a role and two permissions: image with authorized users: image with role: image and permissions: image image Once set up everything, I noticed that AuthZForce created successfully its policy in a folder.

Then I opened postman, trying to follow different routes for accessing orion. I premise that I'm now showing the administrator user, however the same problem happened with the newly-created user. The basic flow: image image image Not working, however with this token I am able to query keyrock APIs (i.e obtaining information) about pep-proxy of the app, roles, permissions, etc: image

Oauth2 flow: image image Not working, neither for searching pep-proxy info: image

Then, the following screenshots are about docker logs:

  • Keyrock: creation of an oauth2 token + test access resource image
  • Wilma: authorizing user image
  • AuthZForce: Doing nothing after starting image

From what I understood, the PEP proxy is not working properly, for some reason. Any clue? I hope I described well the problem, if you think this should be an issue of other repositories, please, feel free to move it. Thanks everyone.

emiliocimino avatar Oct 03 '23 09:10 emiliocimino

Hey @emiliocimino

I am facing the same issue. Were you able to solve this?

SandeepKundalwal avatar Jul 17 '24 12:07 SandeepKundalwal