ging / fiware-idm

OAuth 2.0-based authentication of users and devices, user profile management, Single Sign-On (SSO) and Identity Federation across multiple administration domains.
https://keyrock-fiware.github.io
MIT License
37 stars 81 forks source link

Unable to use JWT token generated from Fiware Keyrock #293

Open DacaK opened 2 years ago

DacaK commented 2 years ago

For the Fiware security layer Keyrock version 8.0.0, Wilma version 8.0.0 and Authzforce version release-10.0.0 are configured. Keyrock generates a Bearer token that works properly for Orion authorization. But, the problem comes if I use a JWT token instead. I generate a JWT token by adding the scope option in the request:

POST /oauth2/token HTTP/1.1 Host: localhost:3005 Authorization: Basic MTlmMjdiZGMtMTM1My00MTY5LTkxN2ItZTI1NTVjNDYwYzUyOjU4YWIxZTFjLTBkYjktNDBmZi1hMmUyLTJjZTYyNjNlNjI1Yg== Content-Type: application/x-www-form-urlencoded grant_type=password&username=username1&password=password1&scope=jwt

When I try to access Orion through Wilma using the below request, Wilma reports the error "AZF domain not created for application 19f27bdc-1353-4169-917b-e2555c460c52":
GET /version HTTP/1.1 Host: localhost:1022 Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdhbml...TgxODQzfQ.O_UgX-Jl_ng0r--uDSr8dk1AeCnJAJPS3qn6VXurhxQ

Moreover, in Keyrock GUI for the application all Grant Types are selected. And, for Token types "JWT token" is selected. Also in Wilma configuration property for JWT Secret is added (PEP_TOKEN_SECRET=5e39ee34ad881b01). I removed a few times az_domain from authzforce table in MySQL database and recreated it by adding new roles/permissions from the Keyrock GUI, but that new domain didn't solve the problem either.

I hope someone can help me. Thanks in advance.

danijelakrstic commented 2 years ago

Hi! Is there any news? Can someone answer me? Here you can see what other versions I tried: https://github.com/authzforce/fiware/issues/23