Skip to content

Support for proxy functions within OAuth2-based authentication schemas. Also implements PEP functions within an XACML-based access control schema.

License

Notifications You must be signed in to change notification settings

ging/fiware-pep-proxy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PEP Proxy - Wilma

FIWARE Security License: MIT Docker badge Support badge
Documentation badge CI Coverage Status Status CII Best Practices

Wilma is a PEP Proxy - it can be combined with other security components such as Keyrock and Authzforce to enforce access control to your backend applications. This means that only permitted users will be able to access your Generic Enablers or REST services. Identity Management allows you to manage specific permissions and policies to resources allowing different access levels for your users.

This project is part of FIWARE. For more information check the FIWARE Catalogue entry for Security.

📚 Documentation 🎓 Academy quay.io 🎯 Roadmap

Content

Install

  • Software requirements:

    • nodejs >= v8.x.x
    • npm >= 5.x.x

Note: Both can be installed from Node.js

  • Clone Proxy repository:
git clone https://github.com/ging/fiware-pep-proxy.git
  • Install the dependencies:
cd fiware-pep-proxy/
npm install
  • Duplicate config.template in config.js and configure app host there.
config.app_host = 'www.google.es'; // Hostname to forward authenticated requests
config.app_port = '80'; // Port where the HTTP server is running
  • Start proxy server
sudo npm start

ATTENTION!!!

There is an existing security exploit in all versions older than 2.15 of Log4J. Although not using this software currently, the older 7.x.x versions of PEP-Proxy used to use Log4j for logging. Prior to the release 8.0.0, older versions of this software were affected by this exploit as well. Logging was updated to use Debug and Morgan in March 2021. We released a new version 8.0.0 on dockerhub. Also latest is updated already. If still using 7.x.x please update as soon as possible.

Docker

We also provide a Docker image to facilitate you the building of this GE.

  • Here you will find the Dockerfile and the documentation explaining how to use it.
  • In Docker Hub you will find the public image.

API

Requests to proxy should be made with a special HTTP Header: X-Auth-Token. This header contains the OAuth access token obtained from FIWARE IDM GE.

Example of requests:

GET / HTTP/1.1
Host: proxy_host
Authorization: Bearer z2zXk...ANOXvZrmvxvSg
GET / HTTP/1.1
Host: proxy_host
X-Auth-Token:z2zXk...ANOXvZrmvxvSg

To test the proxy you can generate this request running the following command:

curl --header "X-Auth-Token: z2zXk...ANOXvZrmvxvSg" http://proxy_host

or

curl --header "Authorization: Bearer z2zXk...ANOXvZrmvxvSg" http://proxy_host

Once authenticated, the forwarded request will include additional HTTP headers with user info:

X-Nick-Name: nickname of the user in IdM
X-Display-Name: display name of user in IdM
X-Roles: roles of the user in IdM
X-Organizations: organizations in IdM

Tests

For performing a basic end-to-end test, you have to follow the next steps. A detailed description about how to run tests can be found here.

Requests to proxy should be made with a special HTTP Header: X-Auth-Token. This header contains the OAuth access token obtained from FIWARE IDM GE.

Example of requests:

GET / HTTP/1.1
Host: proxy_host
Authorization: Bearer z2zXk...ANOXvZrmvxvSg
GET / HTTP/1.1
Host: proxy_host
X-Auth-Token:z2zXk...ANOXvZrmvxvSg

To test the proxy you can generate this request running the following command:

curl --header "X-Auth-Token: z2zXk...ANOXvZrmvxvSg" http://proxy_host

or

curl --header "Authorization: Bearer z2zXk...ANOXvZrmvxvSg" http://proxy_host

Once authenticated, the forwarded request will include additional HTTP headers with user info:

 X-Nick-Name: nickname of the user in IdM
 X-Display-Name: display name of user in IdM
 X-Roles: roles of the user in IdM
 X-Organizations: organizations in IdM

Advanced Documentation

Quality Assurance

This project is part of FIWARE and has been rated as follows:

  • Version Tested:
  • Documentation:
  • Responsiveness:
  • FIWARE Testing:

License

Wilma PEP Proxy is licensed under the MIT License.

© 2018 - 2023 Universidad Politécnica de Madrid.