Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
Hi,
A user is having problems creating users in IdM at his own installation.
Here it is his report:
"Hello, we have already configured the interface in our VM in Azure to
configure domains, projects, tenants and users. Surprisingly, it seems that
the only thing we are not authorized to do is to create users (we can list
projects, users, domains, and also we can creat projects and domains, but
not users). We are using the right token (set in keystone.conf file), which
is ADMIN. However, we always obtain the 401 error code. Next, you will
include two different examples that show what I am explaining:
Listing available services:
$ curl -s -H "X-Auth-Token: ADMIN" http://localhost:5000/v3/services |
python -mjson.tool
(Result)
{
"links": {
"next": null,
"previous": null,
"self": "http://localhost:5000/v3/services"
},
"services": [ {
"description": "Keystone Identity Service",
"enabled": true,
"id": "c616c6adf2b4423b923a8468d9e85732",
"links": {
"self": "http://localhost:5000/v3/services/c616c6adf2b4423b923a8468d9e85732
"
},
"name": "keystone",
"type": "identity"
}, {
"description": "Nova Compute Service",
"enabled": true,
"id": "7b60cfe09f7d49afa02f734fc84934b6",
"links": {
"self": "http://localhost:5000/v3/services/7b60cfe09f7d49afa02f734fc84934b6
"
},
"name": "nova",
"type": "compute"
}, {
"description": "Nova Volume Service",
"enabled": true,
"id": "e4189f8330c0482588b467758ec95463",
"links": {
"self": "http://localhost:5000/v3/services/e4189f8330c0482588b467758ec95463
"
},
"name": "volume",
"type": "volume"
}, {
"description": "Glance Image Service",
"enabled": true,
"id": "1511a60e49e649d8ad373c38432d2713",
"links": {
"self": "http://localhost:5000/v3/services/1511a60e49e649d8ad373c38432d2713
"
},
"name": "glance",
"type": "image"
}, {
"description": "EC2 Compatibility Layer",
"enabled": true,
"id": "d59d06c35c0e467296f824bd9cf0c60d",
"links": {
"self": "http://localhost:5000/v3/services/d59d06c35c0e467296f824bd9cf0c60d
"
},
"name": "ec2",
"type": "ec2"
}, {
"description": "Swift Service",
"enabled": true,
"id": "00ff54e48a5f44c08d429e966b1708dd",
"links": {
"self": "http://localhost:5000/v3/services/00ff54e48a5f44c08d429e966b1708dd
"
},
"name": "swift",
"type": "object-store"
}, {
"description": "Keystone Identity Service",
"enabled": true,
"id": "86307cd7e65945999d26d32638a6938d",
"links": {
"self": "http://localhost:5000/v3/services/86307cd7e65945999d26d32638a6938d
"
},
"name": "keystone",
"type": "identity"
}, {
"description": "Nova Compute Service",
"enabled": true,
"id": "e2d06525c4a142d49880e29473820ea1",
"links": {
"self": "http://localhost:5000/v3/services/e2d06525c4a142d49880e29473820ea1
"
},
"name": "nova",
"type": "compute"
}, {
"description": "Nova Volume Service",
"enabled": true,
"id": "95ce0b84a744434587eefc785d59a953",
"links": {
"self": "http://localhost:5000/v3/services/95ce0b84a744434587eefc785d59a953
"
},
"name": "volume",
"type": "volume"
}, {
"description": "Glance Image Service",
"enabled": true,
"id": "7d467aa043ac4155a1b85d47b67aa57c",
"links": {
"self": "http://localhost:5000/v3/services/7d467aa043ac4155a1b85d47b67aa57c
"
},
"name": "glance",
"type": "image"
}, {
"description": "EC2 Compatibility Layer",
"enabled": true,
"id": "abcc23b82ad443399113ee0ccdc4e294",
"links": {
"self": "http://localhost:5000/v3/services/abcc23b82ad443399113ee0ccdc4e294
"
},
"name": "ec2",
"type": "ec2"
}, {
"description": "Swift Service",
"enabled": true,
"id": "02380146e1dd473da4cccb50711f5bc6",
"links": {
"self": "http://localhost:5000/v3/services/02380146e1dd473da4cccb50711f5bc6
"
},
"name": "swift",
"type": "object-store"
}, {
"description": "Keystone Identity Service",
"enabled": true,
"id": "ab412463256343f39d9927009c9d08e5",
"links": {
"self": "http://localhost:5000/v3/services/ab412463256343f39d9927009c9d08e5
"
},
"name": "keystone",
"type": "identity"
}, {
"description": "Nova Compute Service",
"enabled": true,
"id": "ed90f5ad998f45999f4054fd42c3ca89",
"links": {
"self": "http://localhost:5000/v3/services/ed90f5ad998f45999f4054fd42c3ca89
"
},
"name": "nova",
"type": "compute"
}, {
"description": "Nova Volume Service",
"enabled": true,
"id": "f043f6f0f2624ad3910fc6dfe21ee5ea",
"links": {
"self": "http://localhost:5000/v3/services/f043f6f0f2624ad3910fc6dfe21ee5ea
"
},
"name": "volume",
"type": "volume"
}, {
"description": "Glance Image Service",
"enabled": true,
"id": "491a0d39939d4008907e817809d0531f",
"links": {
"self": "http://localhost:5000/v3/services/491a0d39939d4008907e817809d0531f
"
},
"name": "glance",
"type": "image"
}, {
"description": "EC2 Compatibility Layer",
"enabled": true,
"id": "83f11e61c04e40f19a212a8a32ec3a85",
"links": {
"self": "http://localhost:5000/v3/services/83f11e61c04e40f19a212a8a32ec3a85
"
},
"name": "ec2",
"type": "ec2"
}, {
"description": "Swift Service",
"enabled": true,
"id": "a76efd7ca9b94b1aa1dbe8ce3f512a48",
"links": {
"self": "http://localhost:5000/v3/services/a76efd7ca9b94b1aa1dbe8ce3f512a48
"
},
"name": "swift",
"type": "object-store"
}, {
"description": "Keystone Identity Service",
"enabled": true,
"id": "7b9077d889a241b5b357d506ed5e2a41",
"links": {
"self": "http://localhost:5000/v3/services/7b9077d889a241b5b357d506ed5e2a41
"
},
"name": "keystone",
"type": "identity"
}, {
"description": "Nova Compute Service",
"enabled": true,
"id": "30cf29dc402047f692edc986824eb2ea",
"links": {
"self": "http://localhost:5000/v3/services/30cf29dc402047f692edc986824eb2ea
"
},
"name": "nova",
"type": "compute"
}, {
"description": "Nova Volume Service",
"enabled": true,
"id": "8236439e01d44710b26f42bcc10f341c",
"links": {
"self": "http://localhost:5000/v3/services/8236439e01d44710b26f42bcc10f341c
"
},
"name": "volume",
"type": "volume"
}, {
"description": "Glance Image Service",
"enabled": true,
"id": "ab2ab71802b7410cbda00a131eeb306d",
"links": {
"self": "http://localhost:5000/v3/services/ab2ab71802b7410cbda00a131eeb306d
"
},
"name": "glance",
"type": "image"
}, {
"description": "EC2 Compatibility Layer",
"enabled": true,
"id": "9e4577b7a2ad419fb638c5d19c1dc819",
"links": {
"self": "http://localhost:5000/v3/services/9e4577b7a2ad419fb638c5d19c1dc819
"
},
"name": "ec2",
"type": "ec2"
}, {
"description": "Swift Service",
"enabled": true,
"id": "3792c3a48bac41a290625b384e297c44",
"links": {
"self": "http://localhost:5000/v3/services/3792c3a48bac41a290625b384e297c44
"
},
"name": "swift",
"type": "object-store"
}
]
}
As another example, when I create a domain, I obtain the following result:
(COMMAND)
$curl -s -H "X-Auth-Token: ADMIN" -H "Content-Type: application/json" -d '{
"domain": { "name": "DomainExample"}}' http://localhost:5000/v3/domains |
python -mjson.tool
(RESULT)
{
"domain": {
"enabled": true,
"id": "f7edf157e05448198cb5d2dbb07bf800",
"links": {
"self": "http://localhost:5000/v3/domains/f7edf157e05448198cb5d2dbb07bf800"
},
"name": "DomainExample"
}
}
BUT-- when I try to create a new user, this is what happens:
(COMMAND)
$ curl -s -H "X-Auth-Token: ADMIN" -H "Content-Type: application/json" -d
'{"user": {"name": "newuser", "password": "changeme"}}'
http://localhost:5000/v3/users | python -mjson.tool
(RESULT)
{
"error": {
"code": 401,
"message": "The request you have made requires authentication.",
"title": "Unauthorized"
}
}
WHAT COULD BE THE REASON, given that I am using the right token??? Do I
need to give further authentication credentials??"
Thanks in advance.
Kr, Xavier Carol.
_______________________________________________
Fiware-creatifi-coaching mailing list
Fiware-creatifi-coaching@lists.fi-ware.org
https://lists.fi-ware.org/listinfo/fiware-creatifi-coaching
[Created via e-mail received from: Xavier Carol Rossell <xavier.carol@i2cat.net>]
Issue Links
- clones
-
HELC-817
FIWARE.Request.Coach.CreatiFI.General Support #327 KeyRock IdM
-
- Closed
-
Activity
- All
- Comments
- History
- Activity
- Transitions