I just started experiment with Authzforce Fiware following the docs. I made some RBAC scenarios following the examples given, using the RESTful interface provided.
What I would like to know, is whether any User Interface to manage the Policy Administration part (create, edit, delete policies etc.) exists.
According to this
Authzforce itself does not offer a UI, and is not concerned with generation and management of XACML policies - it assumes that each it receives has already been generated by another component. Full-blown XACML editors are available, but the limited editor within Keyrock is usually sufficient for most access control scenarios.
not any built-in UI solution does exist inside Authzforce and proposes as a solution Keyrock as so as proposed here.
Have I got that right? Could anyone provide me with any guidelines concerning the way I could possibly integrate Keyrock with the existing Authzforce PAP so that I could manage my policies from it's editor?
Thanks in advance.
In order to integrate Keyrock with AuthzForce, check FIWARE-IDM (Keyrock) installation & administration guide > Configuration > Authorization section. You have to change Keyrock's config file, esp:
config.authorization = {
level: "advanced", // basic|advanced
authzforce: {
enabled: true,
host: "localhost",
port: 8080
}
};
Change the host/port to the ones of your AuthzForce Server instance.
You can do the same with Keyrock environment variables (look for 'AuthzForce' on the page).
Then check FIWARE tutorials > Identity Management > Administrating XACML Rules > Update an XACML permission to see how to edit XACML policy. Basically, you define permissions per role for your application(s). Each permission is turned into a XACML Rule, and the set of permissions into a XACML Policy.