[HELP-14088] [fiware-stackoverflow] Error validating token. Proxy not authorized in keystone. Keystone authentication - JIRA

Details

Type: Monitor
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 2021
Component/s: FIWARE-TECH-HELP
Labels:
- fiware
- fiware-wilma

Source URL:
https://stackoverflow.com/questions/50175061/error-validating-token-proxy-not-authorized-in-keystone-keystone-authenticatio
HD-Enabler:
KeyRock

Description

Created question in FIWARE Q/A platform on 04-05-2018 at 14:05
Please, ANSWER this question AT https://stackoverflow.com/questions/50175061/error-validating-token-proxy-not-authorized-in-keystone-keystone-authenticatio

Question:
Error validating token. Proxy not authorized in keystone. Keystone authentication

Description:
I was trying to incorporate IDM (Docker) latest, and pep-proxy (git example running with node server).

When I started pep-proxy, everything was working as intended.
I've got the following messages:

INFO: Server - Starting PEP proxy in port 80. IdM authentication...
Server - Success authenticating PEP proxy. Proxy Auth-token: d9badf48-16fa-423d-884c-a3e155578791

Now a problem happens. When I enter the wrong token I get this error.

ERROR: IDM-Client - Error validating token.
Proxy not authorized in keystone. Keystone authentication ...
ERROR: Server - Caught exception:
SyntaxError: Unexpected token u in JSON at position 0

As far as I understand I am expecting some return like invalid token, etc.. instead I get this error in pep-proxy and my curl command show->(52) Empty reply from server.

My config.json of pep-proxy:

var config = {};

// Used only if https is disabled
config.pep_port = 80;

// Set this var to undefined if you don't want the server to listen on HTTPS
config.https =

{ enabled: false, cert_file: 'cert/cert.crt', key_file: 'cert/key.key', port: 443 }

;

config.idm =

{ host: 'localhost', port: 3000, ssl: false }

config.app =

{ host: 'www.google.es', port: '80', ssl: false // Use true if the app server listens in https }

// Credentials obtained when registering PEP Proxy in app_id in Account Portal
config.pep =

{ app_id: 'xxxxxx', username: 'xxxxxx', password: 'xxxxxx', trusted_apps : [] }

// in seconds
config.cache_time = 300;

// if enabled PEP checks permissions with AuthZForce GE.
// only compatible with oauth2 tokens engine
//
// you can use custom policy checks by including programatic scripts
// in policies folder. An script template is included there
config.azf =

{ enabled: true, protocol: 'http', host: 'localhost', port: 8080, custom_policy: undefined // use undefined to default policy checks (HTTP verb + path). }

;

// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];

config.magic_key = 'undefined';

module.exports = config;

IDM logs:

fiware-idm_1 | GET
/user?access_token=7cb25729577c2e01dc337314dcd912ec981dc49b 401 4.445 ms - 116

fiware-idm_1 | Executing (default): SELECT email, 'user' as Source FROM
user WHERE email='pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c'
fiware-idm_1 | UNION ALL
fiware-idm_1 | SELECT id, 'pep_proxy' as Source FROM
pep_proxy WHERE id='pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c';
fiware-idm_1 | Executing (default): SELECT `id`, `password`,
`oauth_client_id` FROM `pep_proxy` AS `PepProxy` WHERE `PepProxy`.`id` =
'pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c';
fiware-idm_1 | Executing (default): INSERT INTO `auth_token`
(`access_token`,`expires`,`valid`,`pep_proxy_id`) VALUES ('a0d54a6f-
8461-4000-bb80-5fb60193bcb4','2018-05-04
11:45:21',true,'pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c');
fiware-idm_1 | POST /v3/auth/tokens 201 13.733 ms - 74

Activity

Ascending order - Click to sort in descending order

Backlog Manager created issue - 04/May/18 3:05 PM

Hide

Permalink

Backlog Manager added a comment - 04/May/18 3:05 PM

2018-05-04 15:05|CREATED monitor | # answers= 0, accepted answer= False

Show

Backlog Manager added a comment - 04/May/18 3:05 PM 2018-05-04 15:05|CREATED monitor | # answers= 0, accepted answer= False

Backlog Manager made changes - 04/May/18 3:05 PM

Field	Original Value	New Value
Component/s		FIWARE-TECH-HELP [ 10278 ]

Veronika Vlnkova made changes - 04/May/18 4:13 PM

Assignee

Alvaro Alonso [ aalonsog ]

Alvaro Alonso made changes - 08/May/18 11:25 AM

Status

Open [ 1 ]

In Progress [ 3 ]

Alvaro Alonso made changes - 08/May/18 11:26 AM

Status

In Progress [ 3 ]

Answered [ 10104 ]

Alvaro Alonso made changes - 08/May/18 11:26 AM

Resolution		Done [ 10000 ]
Status	Answered [ 10104 ]	Closed [ 6 ]

Fernando Lopez made changes - 12/Sep/18 9:26 AM

HD-Enabler		KeyRock [ 10889 ]
Description	Created question in FIWARE Q/A platform on 04-05-2018 at 14:05 {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/50175061/error-validating-token-proxy-not-authorized-in-keystone-keystone-authenticatio +Question:+ Error validating token. Proxy not authorized in keystone. Keystone authentication +Description:+ I was trying to incorporate IDM (Docker) latest, and pep-proxy (git example running with node server). When I started pep-proxy, everything was working as intended. I've got the following messages: INFO: Server - Starting PEP proxy in port 80. IdM authentication... Server - Success authenticating PEP proxy. Proxy Auth-token: d9badf48-16fa-423d-884c-a3e155578791 Now a problem happens. When I enter the wrong token I get this error. ERROR: IDM-Client - Error validating token. Proxy not authorized in keystone. Keystone authentication ... ERROR: Server - Caught exception: SyntaxError: Unexpected token u in JSON at position 0 As far as I understand I am expecting some return like invalid token, etc.. instead I get this error in pep-proxy and my curl command show->(52) Empty reply from server. My config.json of pep-proxy: var config = {}; // Used only if https is disabled config.pep_port = 80; // Set this var to undefined if you don't want the server to listen on HTTPS config.https = { enabled: false, cert_file: 'cert/cert.crt', key_file: 'cert/key.key', port: 443 }; config.idm = { host: 'localhost', port: 3000, ssl: false } config.app = { host: 'www.google.es', port: '80', ssl: false // Use true if the app server listens in https } // Credentials obtained when registering PEP Proxy in app_id in Account Portal config.pep = { app_id: 'xxxxxx', username: 'xxxxxx', password: 'xxxxxx', trusted_apps : [] } // in seconds config.cache_time = 300; // if enabled PEP checks permissions with AuthZForce GE. // only compatible with oauth2 tokens engine // // you can use custom policy checks by including programatic scripts // in policies folder. An script template is included there config.azf = { enabled: true, protocol: 'http', host: 'localhost', port: 8080, custom_policy: undefined // use undefined to default policy checks (HTTP verb + path). }; // list of paths that will not check authentication/authorization // example: ['/public/*', '/static/css/'] config.public_paths = []; config.magic_key = 'undefined'; module.exports = config; IDM logs: fiware-idm_1 \| GET /user?access_token=7cb25729577c2e01dc337314dcd912ec981dc49b 401 4.445 ms - 116 fiware-idm_1 \| Executing (default): SELECT email, 'user' as Source FROM user WHERE email='pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c' fiware-idm_1 \| UNION ALL fiware-idm_1 \| SELECT id, 'pep_proxy' as Source FROM pep_proxy WHERE id='pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c'; fiware-idm_1 \| Executing (default): SELECT `id`, `password`, `oauth_client_id` FROM `pep_proxy` AS `PepProxy` WHERE `PepProxy`.`id` = 'pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c'; fiware-idm_1 \| Executing (default): INSERT INTO `auth_token` (`access_token`,`expires`,`valid`,`pep_proxy_id`) VALUES ('a0d54a6f- 8461-4000-bb80-5fb60193bcb4','2018-05-04 11:45:21',true,'pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c'); fiware-idm_1 \| POST /v3/auth/tokens 201 13.733 ms - 74	Created question in FIWARE Q/A platform on 04-05-2018 at 14:05 {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/50175061/error-validating-token-proxy-not-authorized-in-keystone-keystone-authenticatio +Question:+ Error validating token. Proxy not authorized in keystone. Keystone authentication +Description:+ I was trying to incorporate IDM (Docker) latest, and pep-proxy (git example running with node server). When I started pep-proxy, everything was working as intended. I've got the following messages: INFO: Server - Starting PEP proxy in port 80. IdM authentication... Server - Success authenticating PEP proxy. Proxy Auth-token: d9badf48-16fa-423d-884c-a3e155578791 Now a problem happens. When I enter the wrong token I get this error. ERROR: IDM-Client - Error validating token. Proxy not authorized in keystone. Keystone authentication ... ERROR: Server - Caught exception: SyntaxError: Unexpected token u in JSON at position 0 As far as I understand I am expecting some return like invalid token, etc.. instead I get this error in pep-proxy and my curl command show->(52) Empty reply from server. My config.json of pep-proxy: var config = {}; // Used only if https is disabled config.pep_port = 80; // Set this var to undefined if you don't want the server to listen on HTTPS config.https = { enabled: false, cert_file: 'cert/cert.crt', key_file: 'cert/key.key', port: 443 }; config.idm = { host: 'localhost', port: 3000, ssl: false } config.app = { host: 'www.google.es', port: '80', ssl: false // Use true if the app server listens in https } // Credentials obtained when registering PEP Proxy in app_id in Account Portal config.pep = { app_id: 'xxxxxx', username: 'xxxxxx', password: 'xxxxxx', trusted_apps : [] } // in seconds config.cache_time = 300; // if enabled PEP checks permissions with AuthZForce GE. // only compatible with oauth2 tokens engine // // you can use custom policy checks by including programatic scripts // in policies folder. An script template is included there config.azf = { enabled: true, protocol: 'http', host: 'localhost', port: 8080, custom_policy: undefined // use undefined to default policy checks (HTTP verb + path). }; // list of paths that will not check authentication/authorization // example: ['/public/*', '/static/css/'] config.public_paths = []; config.magic_key = 'undefined'; module.exports = config; IDM logs: fiware-idm_1 \| GET /user?access_token=7cb25729577c2e01dc337314dcd912ec981dc49b 401 4.445 ms - 116 fiware-idm_1 \| Executing (default): SELECT email, 'user' as Source FROM user WHERE email='pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c' fiware-idm_1 \| UNION ALL fiware-idm_1 \| SELECT id, 'pep_proxy' as Source FROM pep_proxy WHERE id='pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c'; fiware-idm_1 \| Executing (default): SELECT `id`, `password`, `oauth_client_id` FROM `pep_proxy` AS `PepProxy` WHERE `PepProxy`.`id` = 'pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c'; fiware-idm_1 \| Executing (default): INSERT INTO `auth_token` (`access_token`,`expires`,`valid`,`pep_proxy_id`) VALUES ('a0d54a6f- 8461-4000-bb80-5fb60193bcb4','2018-05-04 11:45:21',true,'pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c'); fiware-idm_1 \| POST /v3/auth/tokens 201 13.733 ms - 74

Fernando Lopez made changes - 27/May/21 10:56 AM

Fix Version/s

2021 [ 12600 ]

Transition

Time In Source Status

Execution Times

Last Executer

Last Execution Date

Open

In Progress

3d 20h 20m

Alvaro Alonso

08/May/18 11:25 AM

In Progress

Answered

Alvaro Alonso

08/May/18 11:26 AM

Answered

Closed

Alvaro Alonso

08/May/18 11:26 AM

People

Assignee:

Alvaro Alonso

Reporter:

Backlog Manager

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

04/May/18 3:05 PM

Updated:

27/May/21 10:56 AM

Resolved:

08/May/18 11:26 AM

Agile

View on Board