{"id":13506050,"url":"https://github.com/telefonicaid/fiware-keypass","last_synced_at":"2025-04-19T12:09:22.145Z","repository":{"id":20807877,"uuid":"24093359","full_name":"telefonicaid/fiware-keypass","owner":"telefonicaid","description":"Keypass is a multitenant XACML Authorization Server (Access Control) with PAP (Policy Administration Point) and PDP (Policy Decision Point) capabilities used by IoT Platform.","archived":false,"fork":false,"pushed_at":"2025-01-14T12:11:17.000Z","size":448,"stargazers_count":9,"open_issues_count":6,"forks_count":5,"subscribers_count":14,"default_branch":"master","last_synced_at":"2025-01-14T13:25:41.271Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/telefonicaid.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-09-16T09:27:24.000Z","updated_at":"2025-01-14T12:11:20.000Z","dependencies_parsed_at":"2023-12-21T12:11:39.200Z","dependency_job_id":"f57c82a8-f320-48a2-92fe-bdac5432b365","html_url":"https://github.com/telefonicaid/fiware-keypass","commit_stats":null,"previous_names":[],"tags_count":30,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/telefonicaid%2Ffiware-keypass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/telefonicaid%2Ffiware-keypass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/telefonicaid%2Ffiware-keypass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/telefonicaid%2Ffiware-keypass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/telefonicaid","download_url":"https://codeload.github.com/telefonicaid/fiware-keypass/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":235233243,"owners_count":18957066,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T01:00:33.767Z","updated_at":"2025-04-19T12:09:22.139Z","avatar_url":"https://github.com/telefonicaid.png","language":"Java","funding_links":[],"categories":["FIWARE Catalogue"],"sub_categories":["Security"],"readme":"# FIWARE-KeyPass\n\n[![FIWARE Security](https://nexus.lab.fiware.org/static/badges/chapters/security.svg)](https://www.fiware.org/developers/catalogue/)\n[![License: Apache 2.0](https://img.shields.io/github/license/telefonicaid/fiware-keypass.svg)](https://opensource.org/licenses/Apache-2.0)\n\u003cbr/\u003e\n[![Quay badge](https://img.shields.io/badge/quay.io-fiware%2Fkeyspass-grey?logo=red%20hat\u0026labelColor=EE0000)](https://quay.io/repository/fiware/keyspass)\n[![Docker badge](https://img.shields.io/badge/docker-telefonicaiot%2Ffiware--keypass-blue?logo=docker)](https://hub.docker.com/r/telefonicaiot/fiware-keypass/)\n\u003cbr/\u003e\n![Status](https://nexus.lab.fiware.org/static/badges/statuses/incubating.svg)\n\nKeypass is multi-tenant XACML server with PAP (Policy Administration Point) and\nPDP (Policy Decision Point) capabilities.\n\nKeyPass is based mainly on:\n\n* [Balana](https://github.com/wso2/commons/tree/master/balana),\n  a complete implementation of both XACML v2 and v3 specs\n* [Dropwizard](http://dropwizard.io), a framework for developing\n  high-performance, RESTful web services.\n\nIn this README document you will find how to get started with the application and\nbasic concepts. For a more detailed information you can read the following docs:\n\n* [API](API.md)\n* [Installation guide](INSTALL.md)\n* [Troubleshooting](TROUBLESHOOTING.md)\n* [Behaviour Tests](https://github.com/telefonicaid/fiware-keypass/tree/master/src/behavior/README.md)\n* [Performance Tests](https://github.com/telefonicaid/fiware-keypass/tree/master/jmeter-test-plan.jmx)\n* [Docker configuraton](DOCKER.md)\n\n\n# Building\n\nBuilding requires Java 6+ and Maven 3.\n\n```\n$ mvn package\n```\n\nBuilding RPM (needs native `rpmbuild` installed in your box, tested on MacOSX\nand Redhat Linux. May work on other platforms as well):\n\n```\n$ mvn -Prpm package\n```\n\nBuilding ZIP file\n\n```\n$ mvn -Pzip package\n```\n\n# Running\n\n```\n$ java -jar target/keypass-\u003cVERSION\u003e.jar server conf/config.yml\n```\n\n# Migrate from MySQL to PostgreSQL\n\nKeypass versions 1.14.0 and later can be migrated from MySQL to PostgreSQL.\n\n## Prerequisites\n\nDefault auth plugin in MySQL 8 is `caching_sha2_password` which is not supported by pgloader tool needed by this procedure. During this procedure MySQL should use `mysql_native_password` plugin. To achieve that set in `[mysqld]` section add:\n\n    default-authentication-plugin=mysql_native_password\n\nThen restart your MySQL server and execute:\n\n    ALTER USER 'youruser'@'localhost' IDENTIFIED WITH mysql_native_password BY 'yourpassword';\n\n## Procedure\n\n1. Create new Keypass database and user in PostgreSQL:\n```sh\nPGPASSWORD=postgresUser psql -h 172.17.0.1 -p 5432 -U postgresPass \u003c\u003cEOF\nCREATE DATABASE keypassDb;\nCREATE USER keypassUser WITH PASSWORD 'keypassPass';\nGRANT ALL PRIVILEGES ON DATABASE keypassDb TO keypassUser;\nALTER DATABASE keypassDb OWNER TO keypassUser;\nEOF\n```\n\n2. Migrate with [pgloader](https://pgloader.io/) which is commonly available in linux distributions like Debian.\n```sh\npgloader mysql://keypassUser:keypassPass@172.17.0.1:3306/keypassDb postgresql://keypassUser:keypassPass@172.17.0.1:5432/keypassDb\n```\n\n3. Rename policy table to Policy (in camelcase)\n```sh\nPGPASSWORD=postgresUser psql -h 172.17.0.1 -p 5432 -U postgresPass -d keypassDb \u003c\u003cEOF\nALTER TABLE policy RENAME TO \"Policy\";\nEOF\n```\n\n4. Restart Keypass Docker container\n```sh\ndocker restart keypass\n```\n\n\n# Usage\n\n## Create a policy\n\n```\ncurl -i -H \"Accept: application/xml\" -H \"Content-type: application/xml\" \\\n    -H \"Fiware-Service: myTenant\" \\\n    -X POST -d @src/test/resources/es/tid/fiware/iot/ac/xacml/policy01.xml \\\n    http://localhost:8080/pap/v1/subject/role12345\n```\n\nResponse should be something like this:\n\n```\nHTTP/1.1 201 Created\nDate: Mon, 15 Sep 2014 20:02:35 GMT\nLocation: http://localhost:8080/pap/v1/subject/role12345/policy/policy01\nContent-Type: application/xml\nContent-Length: 0\n```\n\n## Retrieve a policy\n\n```\ncurl -i -H \"Fiware-Service: myTenant\" \\\n    http://localhost:8080/pap/v1/subject/role12345/policy/policy01\n```\n\nResponse will be the previously uploaded policy.\n\n## Evaluate XACML request\n\n```\ncurl -i -H \"Accept: application/xml\" -H \"Content-type: application/xml\" \\\n    -H \"Fiware-Service: myTenant\" \\\n    -X POST -d @src/test/resources/es/tid/fiware/iot/ac/xacml/policy01_request01.xml \\\n    http://localhost:8080/pdp/v3\n```\nResponse:\n\n```\nHTTP/1.1 200 OK\nDate: Mon, 15 Sep 2014 20:10:45 GMT\nContent-Type: application/xml\nTransfer-Encoding: chunked\n\n\u003cResponse xmlns=\"urn:oasis:names:tc:xacml:3.0:core:schema:wd-17\"\u003e\u003cResult\u003e\u003cDecision\u003ePermit\u003c/Decision\u003e\u003cStatus\u003e\u003cStatusCode Value=\"urn:oasis:names:tc:xacml:1.0:status:ok\"/\u003e\u003c/Status\u003e\u003c/Result\u003e\u003c/Response\u003e\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftelefonicaid%2Ffiware-keypass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftelefonicaid%2Ffiware-keypass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftelefonicaid%2Ffiware-keypass/lists"}