Uploaded image for project: 'Help-Coaches-Desk'
  1. Help-Coaches-Desk
  2. HELC-1288

FIWARE.Request.Coach.CEED-Tech.Kuan intelligence query

    Details

    • Type: extRequest
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Component/s: CEED-Tech
    • Labels:
      None

      Description

      Hi,

      The following is a message received from the Kuan Intelligence team regarding AuthZForce and KeyRock, to be forwarded to the GE owners.

      Best regards,
      Marco

      Marco Terrinoni
      Consoft Sistemi s.p.a.
      BU Application
      Via Pio VII 127 - 10127 - Torino
      Tel (+39) 011 3161571
      Fax (+39) 011 3161583
      _______________________________________________

      Da: Yan Zhang yan.zhang@kuaninc.com
      Inviato: lunedì 29 febbraio 2016 10:30
      A: consoft-fiwarecoach@consoft.it
      Cc: Xibo Wang <paulop5288@gmail.com>; Dmitry Moskalets <dimazaur@gmail.com>; Jiajie Li <jiajie.li@kuaninc.com>; Kenneth Ma <kenneth.ma@kuaninc.com>
      Oggetto: Kuan intelligence query

      Dear FIWARE coach,

      Thanks a lot for your time today! Just now I queried you two questions about AuthZForce and KeyRock, and hoping to have your further description of answers. Following contents are the questions:

      1. In the process of the integration of AuthZForce and our system, we deployed the functionalities of policy decision on our system. The question is if there are further functionalities or application on securing web application?

      2. Another question is for keyrock, thanks for your mentioning that there wouldn't any dependency between KeyRock and AuthZForce. Our developer have met some problem in run time and also proposed some advice for installation that if the addition of two commands should be allowed:

      >sudo apt-get update
      >sudo apt-get install git

      Also, the forwarded query message from our develop team is attached in the following content. Looking forward to your reply, many thanks!

      Best regards
      Yan Zhang

      Hello!
      I'm from Kuan Intelligence team.
      We have a trouble with running KeyRock server.
      Followed by documentation http://fiware-idm.readthedocs.org/en/latest/admin_guide.html but finally got some errors.
      Could you please give an advice about it?
      Many thanks.

      [28/Feb/2016 20:15:18] "GET / HTTP/1.1" 500 59
      DEBUG:idm_logger:Creating a new internal keystoneclient connection to http://127.0.0.1:5000/v3.
      Unauthorized: The request you have made requires authentication. (HTTP 401)
      Traceback (most recent call last):
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 776, in _get_element_and_cache
      role = function(request, role)
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 801, in <lambda>
      request, basic, lambda req, n: internal_keystoneclient(req).roles.find(name=n))
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 63, in internal_keystoneclient
      cache.set(CACHE_CLIENT, keystoneclient.session.get_token(), INTERNAL_CLIENT_CACHE_TIME)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/session.py", line 610, in get_token
      return (self.get_auth_headers(auth) or {}).get('X-Auth-Token')
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/session.py", line 589, in get_auth_ headers
      return auth.get_headers(self, **kwargs)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/auth/base.py", line 114, in get_hea ders
      token = self.get_token(session)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/auth/identity/base.py", line 104, i n get_token
      return self.get_access(session).auth_token
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/auth/identity/base.py", line 144, i n get_access
      self.auth_ref = self.get_auth_ref(session)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/auth/identity/v3.py", line 127, in get_auth_ref
      authenticated=False, log=False, **rkwargs)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/session.py", line 488, in post
      return self.request(url, 'POST', **kwargs)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/utils.py", line 318, in inner
      return func(*args, **kwargs)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/session.py", line 389, in request
      raise exceptions.from_response(resp, method, url)
      Unauthorized: The request you have made requires authentication. (HTTP 401)
      Traceback (most recent call last):
      File "/usr/lib/python2.7/wsgiref/handlers.py", line 85, in run
      self.result = application(self.environ, self.start_response)
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/contrib/staticfiles/handlers.py", l ine 67, in _call_
      return self.application(environ, start_response)
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 187, i n _call_
      self.load_middleware()
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 47, in load_middleware
      mw_instance = mw_class()
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/middleware/locale.py", line 24, in _init_
      for url_pattern in get_resolver(None).url_patterns:
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/core/urlresolvers.py", line 365, in url_patterns
      patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/core/urlresolvers.py", line 360, in urlconf_module
      self._urlconf_module = import_module(self.urlconf_name)
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/utils/importlib.py", line 40, in im port_module
      _import_(name)
      File "/home/ubuntu/horizon/openstack_dashboard/urls.py", line 36, in <module>
      from openstack_dashboard.dashboards.idm_admin.user_accounts \
      File "/home/ubuntu/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/views.py", line 28, in <mod ule>
      from openstack_dashboard.dashboards.idm_admin.user_accounts \
      File "/home/ubuntu/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/forms.py", line 195, in <mo dule>
      class UpdateAccountForm(forms.SelfHandlingForm, UserAccountsLogicMixin):
      File "/home/ubuntu/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/forms.py", line 202, in Upd ateAccountForm
      choices=get_account_choices())
      File "/home/ubuntu/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/forms.py", line 172, in get _account_choices
      use_idm_account=True),
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 801, in get_basic_role
      request, basic, lambda req, n: internal_keystoneclient(req).roles.find(name=n))
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 780, in _get_element_and_cache
      exceptions.handle(request)
      File "/home/ubuntu/horizon/horizon/exceptions.py", line 291, in handle
      messages.error(request, message or fallback)
      File "/home/ubuntu/horizon/horizon/messages.py", line 83, in error
      fail_silently=fail_silently)
      File "/home/ubuntu/horizon/horizon/messages.py", line 41, in add_message
      if not horizon_message_already_queued(request, message):
      File "/home/ubuntu/horizon/horizon/messages.py", line 28, in horizon_message_already_queued
      if request.is_ajax():
      AttributeError: 'NoneType' object has no attribute 'is_ajax'
      DEBUG:idm_logger:Creating a new internal keystoneclient connection to http://127.0.0.1:5000/v3.
      Unauthorized: The request you have made requires authentication. (HTTP 401)
      Traceback (most recent call last):
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 776, in _get_element_and_cache
      role = function(request, role)
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 801, in <lambda>
      request, basic, lambda req, n: internal_keystoneclient(req).roles.find(name=n))
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 63, in internal_keystoneclient
      cache.set(CACHE_CLIENT, keystoneclient.session.get_token(), INTERNAL_CLIENT_CACHE_TIME)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/session.py", line 610, in get_token
      return (self.get_auth_headers(auth) or {}).get('X-Auth-Token')
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/session.py", line 589, in get_auth_ headers
      return auth.get_headers(self, **kwargs)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/auth/base.py", line 114, in get_hea ders
      token = self.get_token(session)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/auth/identity/base.py", line 104, i n get_token
      return self.get_access(session).auth_token
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/auth/identity/base.py", line 144, i n get_access
      self.auth_ref = self.get_auth_ref(session)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/auth/identity/v3.py", line 127, in get_auth_ref
      authenticated=False, log=False, **rkwargs)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/session.py", line 488, in post
      return self.request(url, 'POST', **kwargs)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/utils.py", line 318, in inner
      return func(*args, **kwargs)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/session.py", line 389, in request
      raise exceptions.from_response(resp, method, url)
      Unauthorized: The request you have made requires authentication. (HTTP 401)
      Traceback (most recent call last):
      File "/usr/lib/python2.7/wsgiref/handlers.py", line 85, in run
      self.result = application(self.environ, self.start_response)
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/contrib/staticfiles/handlers.py", l ine 67, in _call_
      return self.application(environ, start_response)
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 187, i n _call_
      self.load_middleware()
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 47, in load_middleware
      mw_instance = mw_class()
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/middleware/locale.py", line 24, in _init_
      for url_pattern in get_resolver(None).url_patterns:
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/core/urlresolvers.py", line 365, in url_patterns
      patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/core/urlresolvers.py", line 360, in urlconf_module
      self._urlconf_module = import_module(self.urlconf_name)
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/utils/importlib.py", line 40, in im port_module
      _import_(name)
      File "/home/ubuntu/horizon/openstack_dashboard/urls.py", line 36, in <module>
      from openstack_dashboard.dashboards.idm_admin.user_accounts \
      File "/home/ubuntu/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/views.py", line 28, in <mod ule>
      from openstack_dashboard.dashboards.idm_admin.user_accounts \
      File "/home/ubuntu/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/forms.py", line 195, in <mo dule>
      class UpdateAccountForm(forms.SelfHandlingForm, UserAccountsLogicMixin):
      File "/home/ubuntu/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/forms.py", line 202, in Upd ateAccountForm
      choices=get_account_choices())
      File "/home/ubuntu/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/forms.py", line 172, in get _account_choices
      use_idm_account=True),
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 801, in get_basic_role
      request, basic, lambda req, n: internal_keystoneclient(req).roles.find(name=n))
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 780, in _get_element_and_cache
      exceptions.handle(request)
      File "/home/ubuntu/horizon/horizon/exceptions.py", line 291, in handle
      messages.error(request, message or fallback)
      File "/home/ubuntu/horizon/horizon/messages.py", line 83, in error
      fail_silently=fail_silently)
      File "/home/ubuntu/horizon/horizon/messages.py", line 41, in add_message
      if not horizon_message_already_queued(request, message):
      File "/home/ubuntu/horizon/horizon/messages.py", line 28, in horizon_message_already_queued
      if request.is_ajax():
      AttributeError: 'NoneType' object has no attribute 'is_ajax'
      DEBUG:idm_logger:Creating a new internal keystoneclient connection to http://127.0.0.1:5000/v3.
      Unauthorized: The request you have made requires authentication. (HTTP 401)
      Traceback (most recent call last):
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 776, in _get_element_and_cache
      role = function(request, role)
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 801, in <lambda>
      request, basic, lambda req, n: internal_keystoneclient(req).roles.find(name=n))
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 63, in internal_keystoneclient
      cache.set(CACHE_CLIENT, keystoneclient.session.get_token(), INTERNAL_CLIENT_CACHE_TIME)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/session.py", line 610, in get_token
      return (self.get_auth_headers(auth) or {}).get('X-Auth-Token')
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/session.py", line 589, in get_auth_headers
      return auth.get_headers(self, **kwargs)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/auth/base.py", line 114, in get_headers
      token = self.get_token(session)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/auth/identity/base.py", line 104, in get_token
      return self.get_access(session).auth_token
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/auth/identity/base.py", line 144, in get_access
      self.auth_ref = self.get_auth_ref(session)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/auth/identity/v3.py", line 127, in get_auth_ref
      authenticated=False, log=False, **rkwargs)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/session.py", line 488, in post
      return self.request(url, 'POST', **kwargs)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/utils.py", line 318, in inner
      return func(*args, **kwargs)
      File "/home/ubuntu/horizon/.venv/src/python-keystoneclient/keystoneclient/session.py", line 389, in request
      raise exceptions.from_response(resp, method, url)
      Unauthorized: The request you have made requires authentication. (HTTP 401)
      Traceback (most recent call last):
      File "/usr/lib/python2.7/wsgiref/handlers.py", line 85, in run
      self.result = application(self.environ, self.start_response)
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/contrib/staticfiles/handlers.py", line 67, in _call_
      return self.application(environ, start_response)
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 187, in _call_
      self.load_middleware()
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 47, in load_middleware
      mw_instance = mw_class()
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/middleware/locale.py", line 24, in _init_
      for url_pattern in get_resolver(None).url_patterns:
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/core/urlresolvers.py", line 365, in url_patterns
      patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/core/urlresolvers.py", line 360, in urlconf_module
      self._urlconf_module = import_module(self.urlconf_name)
      File "/home/ubuntu/horizon/.venv/local/lib/python2.7/site-packages/django/utils/importlib.py", line 40, in import_module
      _import_(name)
      File "/home/ubuntu/horizon/openstack_dashboard/urls.py", line 36, in <module>
      from openstack_dashboard.dashboards.idm_admin.user_accounts \
      File "/home/ubuntu/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/views.py", line 28, in <module>
      from openstack_dashboard.dashboards.idm_admin.user_accounts \
      File "/home/ubuntu/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/forms.py", line 195, in <module>
      class UpdateAccountForm(forms.SelfHandlingForm, UserAccountsLogicMixin):
      File "/home/ubuntu/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/forms.py", line 202, in UpdateAccountForm
      choices=get_account_choices())
      File "/home/ubuntu/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/forms.py", line 172, in get_account_choices
      use_idm_account=True),
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 801, in get_basic_role
      request, basic, lambda req, n: internal_keystoneclient(req).roles.find(name=n))
      File "/home/ubuntu/horizon/openstack_dashboard/fiware_api/keystone.py", line 780, in _get_element_and_cache
      exceptions.handle(request)
      File "/home/ubuntu/horizon/horizon/exceptions.py", line 291, in handle
      messages.error(request, message or fallback)
      File "/home/ubuntu/horizon/horizon/messages.py", line 83, in error
      fail_silently=fail_silently)
      File "/home/ubuntu/horizon/horizon/messages.py", line 41, in add_message
      if not horizon_message_already_queued(request, message):
      File "/home/ubuntu/horizon/horizon/messages.py", line 28, in horizon_message_already_queued
      if request.is_ajax():
      AttributeError: 'NoneType' object has no attribute 'is_ajax'


      Regards,
      Dmitry Moskalets

      -----------------------------------------
      Mr Yan Zhang
      Chief Technology Officer

      Kuan Intelligence Ltd
      75 Whitechapel Road,
      London, E1 1DU.

      Tel: 020 7426 0365
      https://mailfoogae.appspot.com/t?sender=aeWFuLnpoYW5nQGt1YW5pbmMuY29t&type=zerocontent&guid=1b391e0f-6a93-4fae-87fc-ae5db9b9f63e

      Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost.
      Please, send your messages using the new domain (Fiware-ceedtech-coaching@lists.fiware.org) instead of the old one.
      _______________________________________________
      Fiware-ceedtech-coaching mailing list
      Fiware-ceedtech-coaching@lists.fiware.org
      https://lists.fiware.org/listinfo/fiware-ceedtech-coaching

        Issue Links

          Activity

          Hide
          consoft_coach Marco Terrinoni added a comment -

          Reporter directly contacted by email, sending back the answers provided in HELP-6015.

          Show
          consoft_coach Marco Terrinoni added a comment - Reporter directly contacted by email, sending back the answers provided in HELP-6015 .
          Hide
          consoft_coach Marco Terrinoni added a comment -

          Email sent to the reporter (01/03/2016 - 11:49):

          Good morning Yan,

          A first answer to your question came out just this morning by the contact point for AuthZForce; here you are:

          OK, the first question is:
          In the process of the integration of AuthZForce and our system, we deployed the functionalities of policy decision on our system. The question is if there are further functionalities or application on securing web application?
          Not sure the question is about Authzforce actually. Are you asking whether there is any other features/applications (like Generic Enablers I assume) in FIWARE Security Chapter - besides AuthZForce or KeyRock - that can help secure web applications ?
          In this case, there is the PEP Proxy which plays the role of the PEP and reverse proxy in front of your web applications, i.e. it intercepts requests and connects to KeyRock and Authzforce to validate access token and authorize access to the application respectively.

          Show
          consoft_coach Marco Terrinoni added a comment - Email sent to the reporter (01/03/2016 - 11:49): Good morning Yan, A first answer to your question came out just this morning by the contact point for AuthZForce; here you are: OK, the first question is: In the process of the integration of AuthZForce and our system, we deployed the functionalities of policy decision on our system. The question is if there are further functionalities or application on securing web application? Not sure the question is about Authzforce actually. Are you asking whether there is any other features/applications (like Generic Enablers I assume) in FIWARE Security Chapter - besides AuthZForce or KeyRock - that can help secure web applications ? In this case, there is the PEP Proxy which plays the role of the PEP and reverse proxy in front of your web applications, i.e. it intercepts requests and connects to KeyRock and Authzforce to validate access token and authorize access to the application respectively.

            People

            • Assignee:
              consoft_coach Marco Terrinoni
              Reporter:
              fw.ext.user FW External User
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: