问题的摘要:如何让FIWARE IdM Keyrock和FIWARE Authzforce正确设置AZF域,从而不会收到“未为应用程序XYZ创建非AZF域”响应?
我正在尝试使用FIWARE Orion,FIWARE PepProxy Wilma,FIWARE IdM Keyrock和FIWARE Authzforce正确配置服务器。
我到达了前三个组件可以正常工作并相互交互的地步,但是现在我尝试插入自动处理,并且出现以下错误:
AZF domain not created for application
。
我已经尝试了以下链接中提供的所有解决方案,但没有一个起作用:
在下面,您可以找到重现我的方案的说明:
使用Docker容器安装Orion
/home/fiware-orion-docker
)。docker-compose.yml
的新文件,其内容如下: mongo:
image: mongo:3.4
command: --nojournal
orion:
image: fiware/orion
links:
- mongo
ports:
- "1026:1026"
command: -dbhost mongo -logLevel DEBUG
dns:
- 208.67.222.222
- 208.67.220.220
支付注意2(source):来自docker容器的连接被路由到(iptables)FORWARD链中,需要对其进行配置以允许通过它的连接。默认设置是丢弃连接。因此,如果您使用防火墙,则必须对其进行更改:
sudo nano /etc/default/ufw
DEFAULT_FORWARD_POLICY="ACCEPT"
sudo ufw reload
sudo docker-compose up -d
。1026
上监听。curl localhost:1026/version
安装FIWARE IdM Keyrock(用于通过Orion Context Broker进行身份验证):
https://github.com/ging/fiware-idm
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu artful stable"
)nano docker-compose.yml
version: "3.5"
services:
keyrock:
image: fiware/idm:7.6.0
container_name: fiware-keyrock
hostname: keyrock
networks:
default:
ipv4_address: 172.18.1.5
depends_on:
- mysql-db
ports:
- "3000:3000"
environment:
- DEBUG=idm:*
- IDM_DB_HOST=mysql-db
- IDM_HOST=http://localhost:3000
- IDM_PORT=3000
# Development use only
# Use Docker Secrets for Sensitive Data
- IDM_DB_PASS=secret
- IDM_DB_USER=root
- IDM_ADMIN_USER=admin
- IDM_ADMIN_EMAIL=admin@test.com
- IDM_ADMIN_PASS=1234
mysql-db:
restart: always
image: mysql:5.7
hostname: mysql-db
container_name: db-mysql
expose:
- "3306"
ports:
- "3306:3306"
networks:
default:
ipv4_address: 172.18.1.6
environment:
# Development use only
# Use Docker Secrets for Sensitive Data
- "MYSQL_ROOT_PASSWORD=secret"
- "MYSQL_ROOT_HOST=172.18.1.5"
volumes:
- mysql-db:/var/lib/mysql
networks:
default:
ipam:
config:
- subnet: 172.18.1.0/24
volumes:
mysql-db: ~
sudo docker-compose up -d
(这将自动下载两个图像并运行IdM Keyrock服务。(-d用于在后台运行))。 admin@test.com
1234
Name: Orion Idm
Description: Orion Idm
URL: http://localhost
Callback URL: http://localhost
Grant Type: Authorization Code, Implicit, Resource Owner Password, Client Credentials, Refresh Token
Provider: newuser
安装FIWARE Authzforce
sudo docker pull authzforce/server:latest
(撰写本文时为8.1.0)sudo docker run -d -p 8085:8080 --name authzforce_server authzforce/server
安装FIWARE PEP代理Wilma(用于为Orion启用https和身份验证):
var config = {};
// Used only if https is disabled
config.pep_port = 5056;
config.https = undefined
config.idm = {
host: 'localhost',
port: 3000,
ssl: false
}
config.app = {
host: 'localhost',
port: '1026',
ssl: false // Use true if the app server listens in https
}
config.response_type = 'code';
// Credentials obtained when registering PEP Proxy in app_id in Account Portal
config.pep = {
app_id: '91180bc9-43e8-4c14-ad45-0bb117e42e63',
username: 'pep_proxy_dad356d2-dasa-4f95-a9hf-9ab06tccf929',
password: 'pep_proxy_a33667ec-57y1-498k-85aa-ef77ue5f6234',
trusted_apps : []
}
// in seconds
config.cache_time = 300;
// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];
config.magic_key = undefined;
module.exports = config;
config.authorization = {
enabled: true,
pdp: 'authzforce', // idm|authzforce
azf: {
protocol: 'http',
host: 'localhost',
port: 8085,
custom_policy: undefined, // use undefined to default policy checks (HTTP verb + path).
}
}
npm install
sudo node server
创建用户角色:
重新连接到IdM http://localhost:3000
:
Manage rules
+
按钮
+
按钮
现在使用PostMan获取令牌:
access_token
尝试使用以下参数通过http://localhost:5056/version连接到Orion:
您将获得以下响应:
AZF domain not created for application 91180bc9-43e8-4c14-ad45-0bb117e42e63
答案 0 :(得分:1)
您似乎在本地设置上存在时间问题。更具体地说,看来在PEP代理超时之前,您计算机上docker-compose
的时间不是在等待Keyrock可用。
有多种策略可以解决这些问题,例如在启动入口点添加等待,在restart:true
内添加docker-compose
来修改基础架构或使用某些第三方脚本。在答案here中可以找到很好的策略列表。