Problems creating a domain in Fiware AuthZforce Authorization Server

Question

I'm developing an authentication/authorization scheme, based on Oauth 2.0, using the Fiware Enablers: Keyrock IdM, Wilma Proxy and AuthZforce authorizaton server.

I installed and configured Keyrock and Wilma and they work fine together.

On the same machine I installed AuthZForce. Java OpenJDK 1.7.0_91 and Tomcat 7 are installed on Ubuntu 14.04 on this machine.

I followed the installation guide and installed AuthZforce with gdebi, but I can't actually create a domain with the curl command found in the guide:

curl --verbose --trace-ascii - --request POST \ --header "Content-Type: application/xml;charset=UTF-8" --data '<?xml version="1.0" encoding="UTF-8"?><taz:domainProperties xmlns:taz="http://authzforce.github.io/rest-api-model/xmlns/authz/4"> <name>MyDomain</name><description>This is my domain.</description></taz:domainProperties>' --header "Accept: application/xml" http://${MYSERVERHOST}:${MYPORT}/authzforce-ce/domains

I got the following error:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns2:error xmlns:ns2="http://authzforce.github.io/rest-api-model/xmlns/authz/4" xmlns:ns3="http://www.w3.org/2005/Atom" xmlns:ns4="http://authzforce.github.io/core/xmlns/pdp/3.6" xmlns:ns5="http://authzforce.github.io/pap-dao-file/xmlns/properties/3.6"><message>Invalid parameters: cvc-complex-type.2.4.a: Invalid content starting with "name". Invalid content was found starting with element "name". An element "{description, rootPolicyRef}" is expected.</message></ns2:error>

It seems to be an xml validation error. I tried to access the AuthZforce API but the link in the the programmer's guide gives a 404 error.

Can anyone suggest how to fix this issue?

Thanks in advance. ~

Answer 1

I realized my initial answer was rejected, so I'll try to provide a better one. In the meantime, new AuthzForce releases have come out, so I give you here a working example for the latest AuthzForce v5.4.1. (Please upgrade if necessary.) For simplicity, let's write the XML payload into a file domainProperties.xml and reuse it in the curl command:

$ cat domainProperties.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<domainProperties xmlns="http://authzforce.github.io/rest-api-model/xmlns/authz/5" externalId="myOwnId">
   <description>This is my domain</description>
</domainProperties>

The externalId is optional and you can set it to any alias you want to use to use for the new domain.

The curl command goes:

$ curl --verbose --request "POST" --header "Content-Type: application/xml;charset=UTF-8" --data @domainProperties.xml --header "Accept: application/xml" http://localhost:8080/authzforce-ce/domains

Replace localhost if your hostname and 8080 with the server port if necessary. The response should give a link to the new domain resource with the new domain ID:

...
< HTTP/1.1 200 OK
< Server: Authorization System
< Date: Mon, 04 Aug 2016 13:00:12 GMT
< Content-Type: application/xml
< Transfer-Encoding: chunked
<
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<link xmlns="http://www.w3.org/2005/Atom" rel="item" href="h_D23LsDEeWFwqVFFMDLTQ" title="h_D23LsDEeWFwqVFFMDLTQ"/>

More info in the installation guide.

You can also use the externalId to get back the domain info:

$ curl --verbose --request "GET" --header "Accept: application/xml" http://localhost:8080/authzforce-ce/domains?externalId=myOwnId 

More info in the user guide.