fiware-idm icon indicating copy to clipboard operation
fiware-idm copied to clipboard
verified publisher icon ging

Creating permission that accept variables

Open ghost opened this issue 7 years ago • 8 comments

Hello,

I have issues when i want to create permission in fiware-idm that will accept variables, i am using fiware-idm version 6.2 (latest version wont connect to atuhzforce).

Example permission v2/entities/{entityId} is there some syntax i could use to specify that entityId is variable and it is not set value.

Or any other example similar to this will result in not authorized, and will stop me from reaching orion service.

I open issue here but this could be maybe due to pep-proxy and way how it reads URL etc. If that is case i will reopen it in pep repository. Any suggestion would help thanks.

ghost avatar Jul 09 '18 07:07 ghost

@IgorDespot i'm working in fiware idm,pep and authzforce i have a repository where you can check how i install the latest versions of those GE with and without docker but in spanish...

you can check it at: Here.

and read the new documentation of Authzforce Here.

joansrios avatar Jul 10 '18 06:07 joansrios

@RiosQ Thanks for your response i am going to check it out and try to run it.

ghost avatar Jul 10 '18 06:07 ghost

@IgorDespot i tried with Auth 8.0.1 and with the latest versions doesn't work, then i continue using the 5.4.1

joansrios avatar Jul 10 '18 12:07 joansrios

What is strange for me is that i have IDM 6.2 and that version works fine with Auth 8.0.1, but latest idm not.

ghost avatar Jul 10 '18 13:07 ghost

i tried changing the docker image version on my docker-compose file but for an unknowed reason always the decision is 'Permit', then the GE lose his purpose

joansrios avatar Jul 10 '18 13:07 joansrios

Have u try using idm6.2/pep6.2 and latest version of atuhzforce. That is working fine for me no issues.

ghost avatar Jul 11 '18 13:07 ghost

I read a lot of documentation and tried many combinations to generate permissions with a dynamic resource,but it fail. The permissions are stored in the database directly as a text.

permission

if the Authforce doesn,t have a template to recognize a global permission for a group of resources like, /user/{{ whatever }} or to a dinamyc resource like your example, that lack would limit the GE potential.

It's not appropriate to mention them out of the blue, but @aalonsog or @apozohue10 could help us with this question, cause can't find a clear example or a discussion that specify if it is possible without a XACML rule

joansrios avatar Jul 12 '18 03:07 joansrios

Hey @RiosQ have u try implementing some xcaml policies with dynamic resource, i was looking in that direction but it is messy to figure out how to do it.

ghost avatar Jul 31 '18 07:07 ghost