Details
-
Type: extRequest
-
Status: Closed
-
Priority: Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
Sender Email:
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
Hello
Sorry to bother you again by reopening this issue but I did not manage to understand the fix in the comment:
https://jira.fi-ware.org:8443/browse/HELP-3041?focusedCommentId=22672&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-22672
- "please use the Keystone API directly to cloud.lab.fiware.org:4730."
I tried to change the endpoints with every api calls I know but I still obtain an empty result or a 401/404 error:
> curl -k 'https://cloud.lab.fiware.org/keystone/v2.0/tenants' -H 'X-Auth-Token: wzU2HD08xSH4ODzapoW8L062EnfYNy'
> {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
> curl -k 'http://cloud.lab.fiware.org:4730/keystone/v2.0/tenants' -H 'X-Auth-Token: wzU2HD08xSH4ODzapoW8L062EnfYNy'
> {"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
> curl -k 'http://cloud.lab.fiware.org:4730/v2.0/tenants' -H 'X-Auth-Token: wzU2HD08xSH4ODzapoW8L062EnfYNy'
> {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
> curl -X GET 'https://account.lab.fiware.org/user?access_token=wzU2HD08xSH4ODzapoW8L062EnfYNy'
>
> curl -X GET 'http://cloud.lab.fiware.org:4730/user?access_token=wzU2HD08xSH4ODzapoW8L062EnfYNy'
> {"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
> curl -k -X GET 'https://cloud.lab.fiware.org/keystone/v3/authorized_organizations/wzU2HD08xSH4ODzapoW8L062EnfYNy'
>
> curl -X GET 'http://cloud.lab.fiware.org:4730/keystone/v3/authorized_organizations/wzU2HD08xSH4ODzapoW8L062EnfYNy'
> {"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
> curl -X GET 'http://cloud.lab.fiware.org:4730/v3/authorized_organizations/wzU2HD08xSH4ODzapoW8L062EnfYNy'
>
Thanks
Geoffroy
[@@ THALES GROUP INTERNAL @@]
From: CHOLLON Geoffroy
Sent: mardi 19 mai 2015 18:03
To: 'fiware-lab-help@lists.fi-ware.org'
Subject: [Idm / Keystone] Unable to retrieve the Tenant information
Hello
I am trying to convert an Idm token to a Keystone token. To do so I need the OpenStack tenant Id.
Due to the upgrade my previous api call (GET on https://cloud.lab.fiware.org/keystone/v2.0/tenants with the Idm token) seems obsolete.
So I tried use the call described in the KeyRock documentation: https://account.lab.fiware.org/user?access_token=xxxxxxxxxx .
But my problem is that my request does return a partial result:
> curl -k -X GET https://account.lab.fiware.org/user?access_token=CtoNc8gdMmeWsrPAE6bYy4NfYbPBOj
> {"organizations": [], "displayName": "Mario L___-___s", "roles": [
], "app_id": "1d75df2ec0c1478db98a3c8db3169d63", "email":
> "mario.l_______s@t_______p.com<mario.l_______s@t________p.com>", "id": "mario-l__-___s"}
The 'organizations' field is empty when I use this call with a token bound to my Idm application. (As a side not, if I "steal" and use the idm token of the cloud portal I obtain with this call a populated list with the data I require .)
So is there an another way to retrieve an user tenant id by using the Idm token ?. Or should I somehow change my application in the Idm ?.
Thanks
Geoffroy
[@@ THALES GROUP INTERNAL @@]
_______________________________________________
Fiware-lab-help mailing list
Fiware-lab-help@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-lab-help
[Created via e-mail received from: CHOLLON Geoffroy <geoffroy.chollon@thalesgroup.com>]
Issue Links
- relates to
-
HELP-3041 FIWARE.Request.Tech.Security.IDM-KeyRock.UnableretrievetheTenantinformation
- Closed
Activity
- All
- Comments
- History
- Activity
- Transitions
Hi,
if you want to use Keystone API:
http://cloud.lab.fiware.org:4730/v2.0/tenants
If you are getting a 401 error is because the token you are using is not correctly created.
You can also use the version 3 of the API (http://developer.openstack.org/api-ref-identity-v3.html)
If you want to use oauth2 API:
https://account.lab.fiware.org/user?access_token=wzU2HD08xSH4ODzapoW8L062EnfYNy
If you are getting an empty set of organizations is because your user has not roles in that application inside any organization
BR