https://github.com/telefonicaid/fiware-keypass

Keypass is a multitenant XACML Authorization Server (Access Control) with PAP (Policy Administration Point) and PDP (Policy Decision Point) capabilities used by IoT Platform.
https://github.com/telefonicaid/fiware-keypass

Last synced: about 1 month ago
JSON representation

Keypass is a multitenant XACML Authorization Server (Access Control) with PAP (Policy Administration Point) and PDP (Policy Decision Point) capabilities used by IoT Platform.

• Host: GitHub
• URL: https://github.com/telefonicaid/fiware-keypass
• Owner: telefonicaid
• License: apache-2.0
• Created: 2014-09-16T09:27:24.000Z (over 10 years ago)
• Default Branch: master
• Last Pushed: 2025-01-14T12:11:17.000Z (5 months ago)
• Last Synced: 2025-01-14T13:25:41.271Z (5 months ago)
• Language: Java
• Homepage:
• Size: 438 KB
• Stars: 9
• Watchers: 14
• Forks: 5
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • Changelog: ChangeLog

Awesome Lists containing this project

• awesome - Telefónica Keypass - An XACML Authorization Server with PAP and PDP endpoints for securing IoT Platforms. (FIWARE Catalogue / Security)

README

        
# FIWARE-KeyPass

[![FIWARE Security](https://nexus.lab.fiware.org/static/badges/chapters/security.svg)](https://www.fiware.org/developers/catalogue/)

[![License: Apache 2.0](https://img.shields.io/github/license/telefonicaid/fiware-keypass.svg)](https://opensource.org/licenses/Apache-2.0)




[![Quay badge](https://img.shields.io/badge/quay.io-fiware%2Fkeyspass-grey?logo=red%20hat&labelColor=EE0000)](https://quay.io/repository/fiware/keyspass)

[![Docker badge](https://img.shields.io/badge/docker-telefonicaiot%2Ffiware--keypass-blue?logo=docker)](https://hub.docker.com/r/telefonicaiot/fiware-keypass/)




![Status](https://nexus.lab.fiware.org/static/badges/statuses/incubating.svg)

Keypass is multi-tenant XACML server with PAP (Policy Administration Point) and

PDP (Policy Decision Point) capabilities.

KeyPass is based mainly on:

* [Balana](https://github.com/wso2/commons/tree/master/balana),

  a complete implementation of both XACML v2 and v3 specs

* [Dropwizard](http://dropwizard.io), a framework for developing

  high-performance, RESTful web services.

In this README document you will find how to get started with the application and

basic concepts. For a more detailed information you can read the following docs:

* [API](API.md)

* [Installation guide](INSTALL.md)

* [Troubleshooting](TROUBLESHOOTING.md)

* [Behaviour Tests](https://github.com/telefonicaid/fiware-keypass/tree/master/src/behavior/README.md)

* [Performance Tests](https://github.com/telefonicaid/fiware-keypass/tree/master/jmeter-test-plan.jmx)

* [Docker configuraton](DOCKER.md)

# Building

Building requires Java 6+ and Maven 3.

```

$ mvn package

```

Building RPM (needs native `rpmbuild` installed in your box, tested on MacOSX

and Redhat Linux. May work on other platforms as well):

```

$ mvn -Prpm package

```

Building ZIP file

```

$ mvn -Pzip package

```

# Running

```

$ java -jar target/keypass-.jar server conf/config.yml

```

# Migrate from MySQL to PostgreSQL

Keypass versions 1.14.0 and later can be migrated from MySQL to PostgreSQL.

## Prerequisites

Default auth plugin in MySQL 8 is `caching_sha2_password` which is not supported by pgloader tool needed by this procedure. During this procedure MySQL should use `mysql_native_password` plugin. To achieve that set in `[mysqld]` section add:

    default-authentication-plugin=mysql_native_password

Then restart your MySQL server and execute:

    ALTER USER 'youruser'@'localhost' IDENTIFIED WITH mysql_native_password BY 'yourpassword';

## Procedure

1. Create new Keypass database and user in PostgreSQL:

```sh

PGPASSWORD=postgresUser psql -h 172.17.0.1 -p 5432 -U postgresPass <Permit

```