Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:
-
HD-Enabler:KeyRock
Description
Created question in FIWARE Q/A platform on 06-12-2019 at 15:12
Please, ANSWER this question AT https://stackoverflow.com/questions/59215410/how-to-provision-a-dockerized-secure-iot-agent-with-keyrock
Question:
How to provision a Dockerized secure IoT Agent with Keyrock?
Description:
I'm failing to find this information within the existing documentation - either permanent or non-permanent tokens.
Using Keyrock 7.8, Ultralight 1.11.0 (though any current agent will do)
The following Docker parameters are set:
- IOTA_AUTH_ENABLED=true
- IOTA_AUTH_TYPE=oauth2
- IOTA_AUTH_HEADER=Authorization
- IOTA_AUTH_HOST=keyrock
- IOTA_AUTH_PORT=3000
- IOTA_AUTH_URL=http://keyrock:3000
- IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp
- - IOTA_AUTH_PERMANENT_TOKEN=true
The default Docker configuration is used in the image, so no provisioning group types are created.
I am able to provision a trusted group as shown:
curl -X POST \
http://iot-agent:4041/iot/services \
-H 'fiware-service: openiot' \
-H 'fiware-servicepath: /' \
-d '{
"services": [
]
}'
Question 1 - how do I generate the trust token within Keyrock.
When I provision the device
curl -X POST \
http://iot-agent:4041/iot/devices \
-H 'Content-Type: application/json' \
-H 'fiware-service: openiot' \
-H 'fiware-servicepath: /' \
-d '{
"devices": [
{
"device_id": "motion001",
"entity_name": "urn:ngsi-ld:Motion:001",
"entity_type": "Motion",
"timezone": "Europe/Berlin",
"attributes": [
],
"static_attributes": [
]
}
]
}
'
I receive the following error in the IoT Agent:
{ "name": "SECURITY_INFORMATION_MISSING", "message": "Some security information was missing for device type:Motion" }And the following in the Keyrock logs:
Fri, 06 Dec 2019 14:13:52 GMT idm:oauth2-model_oauth_server ------getClient------
Executing (default): SELECT `id`, `redirect_uri`, `token_types`, `jwt_secret`, `scope`, `grant_type` FROM `oauth_client` AS `OauthClient` WHERE `OauthClient`.`id` = 'tutorial-dckr-site-0000-xpresswebapp' AND `OauthClient`.`secret` = 'tutorial-lcal-host-0000-clientsecret';
Fri, 06 Dec 2019 14:13:52 GMT idm:oauth_controller Error { invalid_client: Invalid client: client is invalid
Question 2: What additional information needs to be supplied?
Activity
| Field | Original Value | New Value |
|---|---|---|
| Component/s | FIWARE-TECH-HELP [ 10278 ] |
| Assignee | Alvaro Alonso [ aalonsog ] |
| HD-Enabler | KeyRock [ 10889 ] | |
| Description |
Created question in FIWARE Q/A platform on 06-12-2019 at 15:12 {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/59215410/how-to-provision-a-dockerized-secure-iot-agent-with-keyrock +Question:+ How to provision a Dockerized secure IoT Agent with Keyrock? +Description:+ I'm failing to find this information within the existing documentation - either permanent or non-permanent tokens. Using Keyrock 7.8, Ultralight 1.11.0 (though any current agent will do) The following Docker parameters are set: - IOTA_AUTH_ENABLED=true - IOTA_AUTH_TYPE=oauth2 - IOTA_AUTH_HEADER=Authorization - IOTA_AUTH_HOST=keyrock - IOTA_AUTH_PORT=3000 - IOTA_AUTH_URL=http://keyrock:3000 - IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp # - IOTA_AUTH_PERMANENT_TOKEN=true The default Docker configuration is used in the image, so no provisioning group types are created. I am able to provision a trusted group as shown: curl -X POST \ http://iot-agent:4041/iot/services \ -H 'fiware-service: openiot' \ -H 'fiware-servicepath: /' \ -d '{ "services": [ { "apikey": "4jggokgpepnvsb2uv4s40d59ov", "cbroker": "http://orion:1026", "entity_type": "Motion", "resource": "/iot/d", "trust": "<motn-auth-token>" } ] }' Question 1 - how do I generate the trust token within Keyrock. When I provision the device curl -X POST \ http://iot-agent:4041/iot/devices \ -H 'Content-Type: application/json' \ -H 'fiware-service: openiot' \ -H 'fiware-servicepath: /' \ -d '{ "devices": [ { "device_id": "motion001", "entity_name": "urn:ngsi-ld:Motion:001", "entity_type": "Motion", "timezone": "Europe/Berlin", "attributes": [ { "object_id": "c", "name":"count", "type":"Integer"} ], "static_attributes": [ {"name":"refStore", "type": "Relationship","value": "urn:ngsi-ld:Store:001"} ] } ] } ' I receive the following error in the IoT Agent: { "name": "SECURITY_INFORMATION_MISSING", "message": "Some security information was missing for device type:Motion" } And the following in the Keyrock logs: Fri, 06 Dec 2019 14:13:52 GMT idm:oauth2-model_oauth_server -------getClient------- Executing (default): SELECT `id`, `redirect_uri`, `token_types`, `jwt_secret`, `scope`, `grant_type` FROM `oauth_client` AS `OauthClient` WHERE `OauthClient`.`id` = 'tutorial-dckr-site-0000-xpresswebapp' AND `OauthClient`.`secret` = 'tutorial-lcal-host-0000-clientsecret'; Fri, 06 Dec 2019 14:13:52 GMT idm:oauth_controller Error { invalid_client: Invalid client: client is invalid Question 2: What additional information needs to be supplied? |
Created question in FIWARE Q/A platform on 06-12-2019 at 15:12
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/59215410/how-to-provision-a-dockerized-secure-iot-agent-with-keyrock +Question:+ How to provision a Dockerized secure IoT Agent with Keyrock? +Description:+ I'm failing to find this information within the existing documentation - either permanent or non-permanent tokens. Using Keyrock 7.8, Ultralight 1.11.0 (though any current agent will do) The following Docker parameters are set: - IOTA_AUTH_ENABLED=true - IOTA_AUTH_TYPE=oauth2 - IOTA_AUTH_HEADER=Authorization - IOTA_AUTH_HOST=keyrock - IOTA_AUTH_PORT=3000 - IOTA_AUTH_URL=http://keyrock:3000 - IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp # - IOTA_AUTH_PERMANENT_TOKEN=true The default Docker configuration is used in the image, so no provisioning group types are created. I am able to provision a trusted group as shown: curl -X POST \ http://iot-agent:4041/iot/services \ -H 'fiware-service: openiot' \ -H 'fiware-servicepath: /' \ -d '{ "services": [ { "apikey": "4jggokgpepnvsb2uv4s40d59ov", "cbroker": "http://orion:1026", "entity_type": "Motion", "resource": "/iot/d", "trust": "<motn-auth-token>" } ] }' Question 1 - how do I generate the trust token within Keyrock. When I provision the device curl -X POST \ http://iot-agent:4041/iot/devices \ -H 'Content-Type: application/json' \ -H 'fiware-service: openiot' \ -H 'fiware-servicepath: /' \ -d '{ "devices": [ { "device_id": "motion001", "entity_name": "urn:ngsi-ld:Motion:001", "entity_type": "Motion", "timezone": "Europe/Berlin", "attributes": [ { "object_id": "c", "name":"count", "type":"Integer"} ], "static_attributes": [ {"name":"refStore", "type": "Relationship","value": "urn:ngsi-ld:Store:001"} ] } ] } ' I receive the following error in the IoT Agent: { "name": "SECURITY_INFORMATION_MISSING", "message": "Some security information was missing for device type:Motion" } And the following in the Keyrock logs: Fri, 06 Dec 2019 14:13:52 GMT idm:oauth2-model_oauth_server -------getClient------- Executing (default): SELECT `id`, `redirect_uri`, `token_types`, `jwt_secret`, `scope`, `grant_type` FROM `oauth_client` AS `OauthClient` WHERE `OauthClient`.`id` = 'tutorial-dckr-site-0000-xpresswebapp' AND `OauthClient`.`secret` = 'tutorial-lcal-host-0000-clientsecret'; Fri, 06 Dec 2019 14:13:52 GMT idm:oauth_controller Error { invalid_client: Invalid client: client is invalid Question 2: What additional information needs to be supplied? |
| Status | Open [ 1 ] | In Progress [ 3 ] |
2019-12-13 18:06|UPDATED status: transition Answer| # answers= 1, accepted answer= False
| Status | In Progress [ 3 ] | Answered [ 10104 ] |
2019-12-13 21:06|UPDATED status: transition Answered| # answers= 1, accepted answer= False
| Resolution | Done [ 10000 ] | |
| Status | Answered [ 10104 ] | Closed [ 6 ] |
2019-12-14 00:06|UPDATED status: transition Finish| # answers= 1, accepted answer= True
| Fix Version/s | 2021 [ 12600 ] |
| Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
|---|---|---|---|---|---|---|---|---|---|
|
6d 23h 59m | 1 | Backlog Manager | 13/Dec/19 6:06 PM | |||||
|
3h | 1 | Backlog Manager | 13/Dec/19 9:06 PM | |||||
|
2h 59m | 1 | Backlog Manager | 14/Dec/19 12:06 AM |
2019-12-06 18:06|CREATED monitor | # answers= 0, accepted answer= False