Created question in FIWARE Q/A platform on 27-08-2015 at 13:08
Please, ANSWER this question AT http://stackoverflow.com/questions/32248526/can-anyone-explain-the-usage-of-context-broker-via-pep-proxy

Question:
Can anyone explain the usage of Context Broker via PeP proxy?

Description:
I have installed orion Context Broker and pep proxy on my machine. I am targeting the global instance of keyRock and the AuthZforce to authenticate the context broker.

Here is my config.js:

var config = {};

config.pep_port = 1307;

// Set this var to undefined if you don't want the server to listen on HTTPS
config.https = {
enabled: false,
cert_file: 'cert/cert.crt',
key_file: 'cert/key.key',
port: 443
};

config.account_host = 'https://account.lab.fiware.org';
config.keystone_host = 'cloud.lab.fiware.org';
config.keystone_port = 4731;

config.app_host = 'localhost';
config.app_port = '1026';

config.username = '<my fiware lab username>';
config.password = '<my fiware lab pass>';

// in seconds
config.chache_time = 300;

// if enabled PEP checks permissions with AuthZForce GE.
// only compatible with oauth2 tokens engine
config.azf = {
enabled: false,
host: 'auth.lab.fiware.org',
port: 6019,
path: '/authzforce/domains/d698df7f-ffd4-11e4-a09d-ed06f24e1e78/pdp'
};

// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];

// options: oauth2/keystone
config.tokens_engine = 'oauth2';

config.magic_key = undefined;

module.exports = config;

when I do node server.js
I successfully get:

Starting PEP proxy in port 1307. Keystone authentication ...
Success authenticating PEP proxy. Proxy Auth-token: e2189bdc1a8b4aae9280b0fd5a6ae8a0

following this installation and administration guide I did the following command:

curl --header "X-Auth-Token:e2189bdc1a8b4aae9280b0fd5a6ae8a0" http://localhost:1307

From there I get this message:

[TOKEN] Checking token with IDM...
User access-token not authorized

I am seriously at a loss here and don't know how access context broker via these three intermediaries?

Whose host am I supposed to ask a token from?

I dont know if I am even asking the right questions. The point of all this is to secure an access to context broker.

Edit 1

After setting up the auth-token.sh, I got the following error:

<orionError>
<code>400</code>
<reasonPhrase>Bad Request</reasonPhrase>
<details>service not found</details>
</orionError>

The node server.js reported this:

Starting PEP proxy in port 1307. Keystone authentication ...
Success authenticating PEP proxy. Proxy Auth-token: b90604bc94134c1a81414e97a23196f3

[TOKEN] Checking token with IDM...
[ROOT] Access-token OK. Redirecting to app...

previusly the command: sh auth-token.sh <username> <pass> gave me:

X-Auth-Token for '<my email on fiware lab>': OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc

and then I just curl --header "X-Auth-Token:OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc" http://localhost:1307 which gave me the before mentioned error.