I have being working for some weeks with the IdM Keyrock, Wilma PEP Proxy and AuthZForce in the context of Fiware Platform, in order to develop an IoT application.
I had success in protecting the Orion Context Broker APIs using Wilma PEP Proxy and now is the turn to protect IoT-UL APIs in order to secure "southbound" APIs.
I thought about using a similar strategy to that followed with the Orion Context Broker. In this case each sensor has an OAUth2 token and putting a PEP Proxy in front of the IoT-UL APIs I would be able to authenticate and authorize every request to them.
Then I noticed that into the Keyrock interface, there is a section inside my Application tab where I can register IoT Sensors so I registered a few IoT sensors. Then I realized that I could not assign roles to this users (because internally they are users) and I could neither login using keyrock interface. So I Could not assign roles and neither generate OAuth2 tokens.
What am I missing? Perhaps authentication and authorization is not yet available for IoT sensors. In that case I thought about using regular users to represent IoT sensors but I think that is overkill. Any help with this would be very usefull.
you can create tokens for devices usingResource Owner Password Credentials Grant. Roles assignment is not ready yet. So you can just check authentication. This will be available in the next release.