Skip to content

Latest commit

 

History

History

BaSyxSecured

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
aas
aas
 
 
basyx
basyx
 
 
keycloak
keycloak
 
 
.env
.env
 
 
README.md
README.md
 
 
docker-compose.yaml
docker-compose.yaml
 
 
login.png
login.png
 
 
logout.png
logout.png
 
 
users.png
users.png
 
 

README.md

BaSyx Secure Setup

All BaSyx components support role-based access control by using Keycloak as identity provider. Access rules are defined based on roles. Roles are defined in the Keycloak server.

To start the secure setup execute the following command

docker-compose up -d

This will start the BaSyx components and the Keycloak server. The Keycloak server can be found at http://localhost:9097. There you can login as admin with username admin and password keycloak-admin. BaSyx Realm User Overview

The example comes with an already configured realm BaSyx and a user john.doe with password johndoe. This user has the admin role and can access all BaSyx components and all information about each component.

The entry point for accessing the Asset Administration Shells and their Submodels is the AAS Web UI running at http://localhost:3000. After opening the page you will be redirected to the Keycloak login page. Use the credentials of user john.doe to log in. Login to BaSyx using Keycloak

From there you can access the AAS and Submodels of the BaSyx components. The UI shows the login status in the top right corner. To end your session click on the logout button in the top right corner. Logout button in the AAS UI

There are several other user accounts available, each with different roles. You can use them to test the different levels of access. The password for these users is their username without the dots. You can find them in the Users tab of the BaSyx realm in Keycloak.

Upload AAS Environment files (AASX/JSON/XML) with RBAC

This secured example also demonstrates the secured upload of AAS Environment files with a specific role basyx-uploader. To upload an AAS Environment file using the AAS GUI, please login using below account:

  • username: basyx.uploader
  • password: basyxuploader

After logging in, use the upload icon to upload the AAS Environment files.

Note: For uploading an AAS Environment file (AASX/JSON/XML), there should be defined rules for the creation, updation, and reading. As AAS Environment combines all repositories, aas-environment-rbac-rules should have rules for CREATE, UPDATE, and READ for targetInformation aas, submodel, and concept-descriptions. The reason is that while uploading the AAS Env files, it interacts with all the repositories and if any appropriate rule is missing then it throws the exception. This is also documented in here.