Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:
-
HD-Enabler:KeyRock
Description
Created question in FIWARE Q/A platform on 06-12-2019 at 15:12
Please, ANSWER this question AT https://stackoverflow.com/questions/59215410/how-to-provision-a-dockerized-secure-iot-agent-with-keyrock
Question:
How to provision a Dockerized secure IoT Agent with Keyrock?
Description:
I'm failing to find this information within the existing documentation - either permanent or non-permanent tokens.
Using Keyrock 7.8, Ultralight 1.11.0 (though any current agent will do)
The following Docker parameters are set:
- IOTA_AUTH_ENABLED=true
- IOTA_AUTH_TYPE=oauth2
- IOTA_AUTH_HEADER=Authorization
- IOTA_AUTH_HOST=keyrock
- IOTA_AUTH_PORT=3000
- IOTA_AUTH_URL=http://keyrock:3000
- IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp
- - IOTA_AUTH_PERMANENT_TOKEN=true
The default Docker configuration is used in the image, so no provisioning group types are created.
I am able to provision a trusted group as shown:
curl -X POST \
http://iot-agent:4041/iot/services \
-H 'fiware-service: openiot' \
-H 'fiware-servicepath: /' \
-d '{
"services": [
]
}'
Question 1 - how do I generate the trust token within Keyrock.
When I provision the device
curl -X POST \
http://iot-agent:4041/iot/devices \
-H 'Content-Type: application/json' \
-H 'fiware-service: openiot' \
-H 'fiware-servicepath: /' \
-d '{
"devices": [
{
"device_id": "motion001",
"entity_name": "urn:ngsi-ld:Motion:001",
"entity_type": "Motion",
"timezone": "Europe/Berlin",
"attributes": [
],
"static_attributes": [
]
}
]
}
'
I receive the following error in the IoT Agent:
{ "name": "SECURITY_INFORMATION_MISSING", "message": "Some security information was missing for device type:Motion" }And the following in the Keyrock logs:
Fri, 06 Dec 2019 14:13:52 GMT idm:oauth2-model_oauth_server ------getClient------
Executing (default): SELECT `id`, `redirect_uri`, `token_types`, `jwt_secret`, `scope`, `grant_type` FROM `oauth_client` AS `OauthClient` WHERE `OauthClient`.`id` = 'tutorial-dckr-site-0000-xpresswebapp' AND `OauthClient`.`secret` = 'tutorial-lcal-host-0000-clientsecret';
Fri, 06 Dec 2019 14:13:52 GMT idm:oauth_controller Error { invalid_client: Invalid client: client is invalid
Question 2: What additional information needs to be supplied?
Activity
2019-12-13 18:06|UPDATED status: transition Answer| # answers= 1, accepted answer= False
2019-12-13 21:06|UPDATED status: transition Answered| # answers= 1, accepted answer= False
2019-12-14 00:06|UPDATED status: transition Finish| # answers= 1, accepted answer= True
2019-12-06 18:06|CREATED monitor | # answers= 0, accepted answer= False