PEP and PDP configuration about fiware-pep-proxy HOT 3 CLOSED

I have tried to create a new user and assigned him a new role with a permission inside the test app. Assignment went well since I am able to see it in keystone table role_user_fiware.

After that I have obtained an oauth access token for this new user and tried to access a resource behind PEP with PDP activated. For this new user, I get following error in PEP console:

2016-02-10 18:53:29.871 - INFO: IDM-Client - Checking token with IDM...
2016-02-10 18:53:29.906 - INFO: AZF-Client - Checking auth with AZF...
2016-02-10 18:53:29.906 - INFO: AZF-Client - Checking authorization to roles [] to do GET on and app cdcbdf2e94524524852aea1f6b16d1c4
2016-02-10 18:53:29.934 - ERROR: Root - Error in AZF communication <ns2:error xmlns:ns2="http://authzforce.github.io/rest-api-model/xmlns/authz/4" xmlns:ns3="http://www.w3.org/2005/Atom" xmlns:ns4="http://authzforce.github.io/core/xmlns/pdp/3.6" xmlns:ns5="http://authzforce.github.io/pap-dao-file/xmlns/properties/3.6">Invalid parameters: cvc-complex-type.2.4.b: The content of element 'Attribute' is not complete. One of '{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":AttributeValue}' is expected./ns2:error
express deprecated res.send(status, body): Use res.status(status).send(body) instead controllers/root.js:53:33

And this is the output of PDP hosted in tomcat:

2016-02-10 18:33:09,237|WARN |http-bio-8080-exec-5|org.apache.cxf.jaxrs.provider.AbstractJAXBProvider:689|javax.xml.bind.UnmarshalException

• with linked exception:
  [org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 347; cvc-complex-type.2.4.b: The content of element 'Attribute' is not complete. One of '{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":AttributeValue}' is expected.]
  at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.handleStreamException(UnmarshallerImpl.java:420)
  at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:357)
  at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:327)
  at org.apache.cxf.jaxrs.provider.JAXBElementProvider.unmarshalFromInputStream(JAXBElementProvider.java:291)
  at org.apache.cxf.jaxrs.provider.JAXBElementProvider.doUnmarshal(JAXBElementProvider.java:242)
  at org.apache.cxf.jaxrs.provider.JAXBElementProvider.readFrom(JAXBElementProvider.java:191)
  at org.apache.cxf.jaxrs.utils.JAXRSUtils.readFromMessageBodyReader(JAXRSUtils.java:1337)
  at org.apache.cxf.jaxrs.utils.JAXRSUtils.readFromMessageBody(JAXRSUtils.java:1288)
  at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameter(JAXRSUtils.java:824)
  at org.apache.cxf.jaxrs.utils.JAXRSUtils.processParameters(JAXRSUtils.java:787)
  at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:268)
  at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:271)
  at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:99)
  at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
  at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
  at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
  at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
  at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
  at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
  at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
  at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
  at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
  at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
  at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
  at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
  at org.ow2.authzforce.webapp.ExceptionFilter.doFilter(ExceptionFilter.java:81)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
  at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
  at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
  at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
  at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
  at java.lang.Thread.run(Thread.java:745)
  Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 347; cvc-complex-type.2.4.b: The content of element 'Attribute' is not complete. One of '{"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17":AttributeValue}' is expected.
  at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)
  at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:134)
  at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:396)
  at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327)
  at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:284)
  at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:452)
  at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3230)
  at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.elementLocallyValidComplexType(XMLSchemaValidator.java:3206)
  at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.elementLocallyValidType(XMLSchemaValidator.java:3153)
  at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.processElementContent(XMLSchemaValidator.java:3055)
  at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleEndElement(XMLSchemaValidator.java:2134)
  at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.endElement(XMLSchemaValidator.java:853)
  at com.sun.org.apache.xerces.internal.jaxp.validation.ValidatorHandlerImpl.endElement(ValidatorHandlerImpl.java:584)
  at com.sun.xml.internal.bind.v2.runtime.unmarshaller.ValidatingUnmarshaller.endElement(ValidatingUnmarshaller.java:91)
  at com.sun.xml.internal.bind.v2.runtime.unmarshaller.StAXStreamConnector.handleEndElement(StAXStreamConnector.java:206)
  at com.sun.xml.internal.bind.v2.runtime.unmarshaller.StAXStreamConnector.bridge(StAXStreamConnector.java:170)
  at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:355)
  ... 43 more
  |

I appreciate any help on this since the documentation for integrating PEP and PDP is very scarce.

from fiware-pep-proxy.

Same PEP error here, but using Fiware instance of IdM and AZF.

from fiware-pep-proxy.

It seems you are using a version of AZF that is not currently supported by PEP. Current PEP Proxy version is compatible with AZF v3.x and as you are using path "authzforce-ce/domains" I suppose yiou are using version 4.x or 5.x. We will add compatibility to AZF v5.x during this week. If fact Keyrock is already compatible. In the meantime you can use version 3 of AZF to solve this issue

from fiware-pep-proxy.