Authzforce - Existing GUI for policy administration (PAP)

2
votes

I just started experiment with Authzforce Fiware following the docs. I made some RBAC scenarios following the examples given, using the RESTful interface provided.

What I would like to know, is whether any User Interface to manage the Policy Administration part (create, edit, delete policies etc.) exists.

According to this

Authzforce itself does not offer a UI, and is not concerned with generation and management of XACML policies - it assumes that each it receives has already been generated by another component. Full-blown XACML editors are available, but the limited editor within Keyrock is usually sufficient for most access control scenarios.

not any built-in UI solution does exist inside Authzforce and proposes as a solution Keyrock as so as proposed here.

Have I got that right? Could anyone provide me with any guidelines concerning the way I could possibly integrate Keyrock with the existing Authzforce PAP so that I could manage my policies from it's editor?

Thanks in advance.

1
fiwarexacmlabacauthzforcefiware-keyrock
You could use the Eclipse plugin for ALFA - it generates XACML files which you could easily push to AuthzFotce - David Brossard
Hi @DavidBrossard first of all thank you for your time, the solution you propose seems really interesting but if my understanding is correct targets only on the policy creation part as an intermediate tool, besides that I am looking for a way to give to programming-unaware people the ability to manage the policy administration point through a UI in a foremost way (create, edit, delete policies), is there anything you know but that? - NickAth

1 Answers

1
votes

In order to integrate Keyrock with AuthzForce, check FIWARE-IDM (Keyrock) installation & administration guide > Configuration > Authorization section. You have to change Keyrock's config file, esp:

config.authorization = {
    level: "advanced", // basic|advanced
    authzforce: {
        enabled: true,
        host: "localhost",
        port: 8080
    }
};

Change the host/port to the ones of your AuthzForce Server instance.

You can do the same with Keyrock environment variables (look for 'AuthzForce' on the page).

Then check FIWARE tutorials > Identity Management > Administrating XACML Rules > Update an XACML permission to see how to edit XACML policy. Basically, you define permissions per role for your application(s). Each permission is turned into a XACML Rule, and the set of permissions into a XACML Policy.