Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-16405

[fiware-stackoverflow] How to provision a Dockerized secure IoT Agent with Keyrock?

        Details

          Description

          Created question in FIWARE Q/A platform on 06-12-2019 at 15:12
          Please, ANSWER this question AT https://stackoverflow.com/questions/59215410/how-to-provision-a-dockerized-secure-iot-agent-with-keyrock

          Question:
          How to provision a Dockerized secure IoT Agent with Keyrock?

          Description:
          I'm failing to find this information within the existing documentation - either permanent or non-permanent tokens.

          Using Keyrock 7.8, Ultralight 1.11.0 (though any current agent will do)

          The following Docker parameters are set:

          • IOTA_AUTH_ENABLED=true
          • IOTA_AUTH_TYPE=oauth2
          • IOTA_AUTH_HEADER=Authorization
          • IOTA_AUTH_HOST=keyrock
          • IOTA_AUTH_PORT=3000
          • IOTA_AUTH_URL=http://keyrock:3000
          • IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp
          1. - IOTA_AUTH_PERMANENT_TOKEN=true

          The default Docker configuration is used in the image, so no provisioning group types are created.

          I am able to provision a trusted group as shown:

          curl -X POST \
          http://iot-agent:4041/iot/services \
          -H 'fiware-service: openiot' \
          -H 'fiware-servicepath: /' \
          -d '{
          "services": [

          { "apikey": "4jggokgpepnvsb2uv4s40d59ov", "cbroker": "http://orion:1026", "entity_type": "Motion", "resource": "/iot/d", "trust": "<motn-auth-token>" }

          ]
          }'

          Question 1 - how do I generate the trust token within Keyrock.

          When I provision the device

          curl -X POST \
          http://iot-agent:4041/iot/devices \
          -H 'Content-Type: application/json' \
          -H 'fiware-service: openiot' \
          -H 'fiware-servicepath: /' \
          -d '{
          "devices": [
          {
          "device_id": "motion001",
          "entity_name": "urn:ngsi-ld:Motion:001",
          "entity_type": "Motion",
          "timezone": "Europe/Berlin",
          "attributes": [

          { "object_id": "c", "name":"count", "type":"Integer"}

          ],
          "static_attributes": [

          {"name":"refStore", "type": "Relationship","value": "urn:ngsi-ld:Store:001"}

          ]
          }
          ]
          }
          '

          I receive the following error in the IoT Agent:

          { "name": "SECURITY_INFORMATION_MISSING", "message": "Some security information was missing for device type:Motion" }

          And the following in the Keyrock logs:

          Fri, 06 Dec 2019 14:13:52 GMT idm:oauth2-model_oauth_server ------getClient------
          Executing (default): SELECT `id`, `redirect_uri`, `token_types`, `jwt_secret`, `scope`, `grant_type` FROM `oauth_client` AS `OauthClient` WHERE `OauthClient`.`id` = 'tutorial-dckr-site-0000-xpresswebapp' AND `OauthClient`.`secret` = 'tutorial-lcal-host-0000-clientsecret';
          Fri, 06 Dec 2019 14:13:52 GMT idm:oauth_controller Error { invalid_client: Invalid client: client is invalid

          Question 2: What additional information needs to be supplied?

            Activity

              People

              • Assignee:
                aalonsog Alvaro Alonso
                Reporter:
                backlogmanager Backlog Manager
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: