Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
FIWARE Identity Manager Exercises
1. Adding Identity Management and Access Control to your Application - Exercises
Joaquin Salvachúa -Álvaro Alonso
UPM – DIT
Security Chapter. FIWARE
joaquin.salvachua@upm.es, @jsalvachua
aalonsog@dit.upm.es, @larsonalonso
2. Exercises index
• Sec-1. Creating a FIWARE account
• Sec-2. Managing organizations
• Sec-3. Registering an application
• Sec-4. Adding OAuth2 to your application
(based on our Node.js template)
• Sec-5. Adding OAuth2 to your application
(using an OAuth2 library)
• Sec-6. Securing your backend
Authentication
• Sec-7. Securing your backend
Basic Authorization
• Sec-8. Securing your backend
Advanced Authorization
3. Sec-1. Creating a FIWARE account
• Prerequisite
– To have an Internet connection J
• Steps
– Go to https://account.lab.fiware.org
– Click in “Sign Up”
– Fill your data
– Confirm your account from the email confirmation
• Hints
– If you don’t receive the email confirmation… check your
spam
Easy
4. Sec-2. Managing organizations
• Prerequisite
– To have a FIWARE account
• Steps
– Go to https://account.lab.fiware.org
– Sign In
– Create an Organization
– Add members to it
• Hints
– To manage an organization you have to switch to it using
the dropdown in the upper right corner.
Easy
5. Sec-3. Registering an application
• Prerequisite
– To have a FIWARE account
• Steps
– Go to https://account.lab.fiware.org
– Sign In
– Register an application
• Hints
– You have to set:
• URL: the url where your app will run
• Callback URL: the url where Account Portal will redirect your users once
authenticated
Easy
6. Sec-4 (1). Adding OAuth2 to your application
(based on our Node.js template)
• Prerequisites
– To have an application registered in the Account Portal
– To learn how OAuth2 works
• Steps
– Clone our demo example:
• https://github.com/ging/oauth2-example-client
– Follow the instructions in the README
• You will find client_secret and client_id in the application detail:
Easy
8. Sec-5. Adding OAuth2 to your application
(using an OAuth2 library)
• Prerequisite
– To have an application registered in the Account Portal
– To have your own application
• Steps
– Include an OAuth2 library in your app
– Configure it using the OAuth credentials generated in the
Account Portal
– Follow the library instructions to use it
• Hints
– OAuth2 libraries
• http://oauth.net/2/
Medium
9. Sec-6. Securing your backend
Authentication
• Prerequisite
– To have a frontend app using OAuth and FIWARE Account
– To have a REST-based backend service
• Steps
– Clone our PEP-Proxy Wilma
• https://github.com/ging/fi-ware-pep-proxy
– Configure it following the README
• app_host and app_port are the coordinates of your backend REST API
– Now your requests to your backend
• Has to be sent to the proxy
• Has to include “X-Auth-Token” header with the OAuth2 access token
• Hints
– Wilma docs
• http://catalogue.fiware.org/enablers/pep-proxy-wilma
Medium
10. Sec-7. Securing your backend
Basic Authorization
• Prerequisite
– To have a Wilma deployed on top of your backend
• Steps
– Enable the “check_permissions” option in Wilma’s config
– Edit your application in Account Portal
• Create a new role
• Create a new permission with
– HTTP action – GET, POST, PUT, DELETE
– REST resource – the url of your resource
• Assign the role to a user
• Check the request in your App
• Hints
– AuthZForce docs
• http://catalogue.fiware.org/enablers/authorization-pdp-authzforce
Hard
11. Sec-8. Securing your backend
Advanced Authorization
• Prerequisite
– To have a Wilma deployed on top of your backend
• Steps
– Modify Wilma in order to manage XACML Requests
• You can check request params such as body, headers…
– Edit your application in Account Portal
• Create a new role
• Create a new permission with an advanced rule (XACML)
• Assign the role to a user
• Check the request in your App
• Hints
– AuthZForce docs
• http://catalogue.fiware.org/enablers/authorization-pdp-authzforce
– XACML
• https://www.oasis-open.org/committees/xacml/
Hard
12. Adding Identity Management and Access Control to your Application - Exercises
Álvaro Alonso
UPM – DIT
Security Chapter. FIWARE
aalonsog@dit.upm.es, @larsonalonso