PEP Proxy - Wilma
Wilma is a PEP Proxy - it can be combined with other security components such as Keyrock and Authzforce to enforce access control to your backend applications. This means that only permitted users will be able to access your Generic Enablers or REST services. Identity Management allows you to manage specific permissions and policies to resources allowing different access levels for your users.
This project is part of FIWARE. For more information check the FIWARE Catalogue entry for Security.
Content
Install
-
Software requirements:
- nodejs >= v8.x.x
- npm >= 5.x.x
Note: Both can be installed from Node.js
- Clone Proxy repository:
git clone https://github.com/ging/fiware-pep-proxy.git
- Install the dependencies:
cd fiware-pep-proxy/
npm install
- Duplicate config.template in
config.js
and configure app host there.
config.app_host = 'www.google.es'; // Hostname to forward authenticated requests
config.app_port = '80'; // Port where the HTTP server is running
- Start proxy server
sudo npm start
Docker
We also provide a Docker image and two version of the Dockerfile
to facilitate you building this GE.
- Here you will find the
Dockerfile
used in the automated build and the documentation explaining how to use it. - In Docker Hub you will find the public image.
A hacker's Dockerfile-sample
file is also available in the root of the GitHub repository which can be used to build
Docker images against a local codebase - It can be modified to suit your needs and allows you to create local images
based on your own codebase if you want to make changes by yourself.
API
Requests to proxy should be made with a special HTTP Header: X-Auth-Token
. This header contains the OAuth access token
obtained from FIWARE IDM GE.
Example of requests:
GET / HTTP/1.1
Host: proxy_host
Authorization: Bearer z2zXk...ANOXvZrmvxvSg
GET / HTTP/1.1
Host: proxy_host
X-Auth-Token:z2zXk...ANOXvZrmvxvSg
To test the proxy you can generate this request running the following command:
curl --header "X-Auth-Token: z2zXk...ANOXvZrmvxvSg" http://proxy_host
or
curl --header "Authorization: Bearer z2zXk...ANOXvZrmvxvSg" http://proxy_host
Once authenticated, the forwarded request will include additional HTTP headers with user info:
X-Nick-Name: nickname of the user in IdM
X-Display-Name: display name of user in IdM
X-Roles: roles of the user in IdM
X-Organizations: organizations in IdM
Tests
For performing a basic end-to-end test, you have to follow the next steps. A detailed description about how to run tests can be found here.
Requests to proxy should be made with a special HTTP Header: X-Auth-Token. This header contains the OAuth access token obtained from FIWARE IDM GE.
Example of request:
Example of requests:
GET / HTTP/1.1
Host: proxy_host
Authorization: Bearer z2zXk...ANOXvZrmvxvSg
GET / HTTP/1.1
Host: proxy_host
X-Auth-Token:z2zXk...ANOXvZrmvxvSg
To test the proxy you can generate this request running the following command:
curl --header "X-Auth-Token: z2zXk...ANOXvZrmvxvSg" http://proxy_host
or
curl --header "Authorization: Bearer z2zXk...ANOXvZrmvxvSg" http://proxy_host
Once authenticated, the forwarded request will include additional HTTP headers with user info:
X-Nick-Name: nickname of the user in IdM
X-Display-Name: display name of user in IdM
X-Roles: roles of the user in IdM
X-Organizations: organizations in IdM