Fiware - How to integrate Keyrock IdM, Wilma PEP Proxy and Orion Context Broker?
I read all the documentation of Keyrock and Wilma and I watched all the videos in the FIWARE Academy, but I still do not get success in this integration. I am searching for
-
Regarding Orion, it depends on the interface to be secured, either the service API (i.e. the listening REST server that Orion runs typically at port 1026), the notification API or both:
- Regarding service API:
- Authentication & authorization: it can be implemented through PEP. The following documentation introduces two PEP alternative implementations. However, note that PEP doesn't work standalone, as it also needs the IDM and Access Control to work. I understand that @Alvaro can explain this topic in detail (with regards to Wilma PEP). It is out of my knowledge.
- Encryption: it can be implemented by a proxy acting as HTTPS-to-HTTP
bridge (e.g. ngnix) or by Orion itself using the
-httpsCLI parameter (which works in combination with-keyand-cert). This section of the documentation elaborates on it.
- Regarding notification API:
- Authentication & authorization: the current implementation of
custom notifications (see "Custom notifications" section in the NGSIv2 specification) allows you to include custom HTTP headers that
could be used for authentication (e.g. the
X-Auth-Tokenheader needed by a PEP instance protecting your endpoint). Note that this is currently done in an static way, i.e. Orion is not able to interact directly with IDM/AccessControl to set theX-Auth-Tokenvalue dynamically after expiration, etc. However, it would be possible to develop a process able to do this and set the proper header (if you are interested in this I'd recommend to check "How to add a custom header in outgoing notifications with Orion?" post). - Encryption: it can be implemented relaying in Rush component. This section of the documentation elaborates on it.
- Authentication & authorization: the current implementation of
custom notifications (see "Custom notifications" section in the NGSIv2 specification) allows you to include custom HTTP headers that
could be used for authentication (e.g. the
UPDATE: since verion 1.7.0, Orion implements native HTTPS notifications (i.e. without needing Rush).
- Regarding service API:
加载中...
- 热议问题