fiware identity manager exercises
TRANSCRIPT
Adding Identity Management and Access Control to your Application - Exercises Joaquin Salvachúa -Álvaro Alonso UPM – DIT Security Chapter. FIWARE [email protected], @jsalvachua [email protected], @larsonalonso
Exercises index
• Sec-1. Creating a FIWARE account • Sec-2. Managing organizations • Sec-3. Registering an application
• Sec-4. Adding OAuth2 to your application (based on our Node.js template)
• Sec-5. Adding OAuth2 to your application (using an OAuth2 library)
• Sec-6. Securing your backend Authentication
• Sec-7. Securing your backend Basic Authorization
• Sec-8. Securing your backend Advanced Authorization
Sec-1. Creating a FIWARE account
• Prerequisite – To have an Internet connection J
• Steps – Go to https://account.lab.fiware.org – Click in “Sign Up” – Fill your data – Confirm your account from the email confirmation
• Hints – If you don’t receive the email confirmation… check your
spam
Easy
Sec-2. Managing organizations
• Prerequisite – To have a FIWARE account
• Steps – Go to https://account.lab.fiware.org – Sign In – Create an Organization – Add members to it
• Hints – To manage an organization you have to switch to it using
the dropdown in the upper right corner.
Easy
Sec-3. Registering an application
• Prerequisite – To have a FIWARE account
• Steps – Go to https://account.lab.fiware.org – Sign In – Register an application
• Hints – You have to set:
• URL: the url where your app will run • Callback URL: the url where Account Portal will redirect your users once
authenticated
Easy
Sec-4 (1). Adding OAuth2 to your application (based on our Node.js template)
• Prerequisites – To have an application registered in the Account Portal – To learn how OAuth2 works
• Steps – Clone our demo example:
• https://github.com/ging/oauth2-example-client – Follow the instructions in the README
• You will find client_secret and client_id in the application detail:
Easy
Sec-4 (2). Adding OAuth2 to your application (based on our Node.js template)
• Hints – Learn about OAuth2:
• http://oauth.net/2/ – FIWARE Account flows:
• http://es.slideshare.net/alvaroalonsogonzalez/id-m-andac – FIWARE Account OAuth2 docs
• https://github.com/ging/fi-ware-idm/wiki/Using-the-FI-LAB-instance – Advanced courses:
• http://edu.fi-ware.org/course/view.php?id=79 • http://edu.fi-ware.org/course/view.php?id=63
Easy
Sec-5. Adding OAuth2 to your application (using an OAuth2 library)
• Prerequisite – To have an application registered in the Account Portal – To have your own application
• Steps – Include an OAuth2 library in your app – Configure it using the OAuth credentials generated in the
Account Portal – Follow the library instructions to use it
• Hints – OAuth2 libraries
• http://oauth.net/2/
Medium
Sec-6. Securing your backend Authentication
• Prerequisite – To have a frontend app using OAuth and FIWARE Account – To have a REST-based backend service
• Steps – Clone our PEP-Proxy Wilma
• https://github.com/ging/fi-ware-pep-proxy
– Configure it following the README • app_host and app_port are the coordinates of your backend REST API
– Now your requests to your backend • Has to be sent to the proxy • Has to include “X-Auth-Token” header with the OAuth2 access token
• Hints – Wilma docs
• http://catalogue.fiware.org/enablers/pep-proxy-wilma
Medium
Sec-7. Securing your backend Basic Authorization
• Prerequisite – To have a Wilma deployed on top of your backend
• Steps – Enable the “check_permissions” option in Wilma’s config – Edit your application in Account Portal
• Create a new role • Create a new permission with
– HTTP action – GET, POST, PUT, DELETE – REST resource – the url of your resource
• Assign the role to a user • Check the request in your App
• Hints – AuthZForce docs
• http://catalogue.fiware.org/enablers/authorization-pdp-authzforce
Hard
Sec-8. Securing your backend Advanced Authorization
• Prerequisite – To have a Wilma deployed on top of your backend
• Steps – Modify Wilma in order to manage XACML Requests
• You can check request params such as body, headers…
– Edit your application in Account Portal • Create a new role • Create a new permission with an advanced rule (XACML) • Assign the role to a user • Check the request in your App
• Hints – AuthZForce docs
• http://catalogue.fiware.org/enablers/authorization-pdp-authzforce
– XACML • https://www.oasis-open.org/committees/xacml/
Hard
Adding Identity Management and Access Control to your Application - Exercises Álvaro Alonso UPM – DIT Security Chapter. FIWARE [email protected], @larsonalonso