Details
-
Type: Monitor
-
Status: Closed
-
Priority: Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:
-
HD-Chapter:Data
-
HD-Enabler:Orion
Description
Created question in FIWARE Q/A platform on 27-08-2015 at 13:08
Please, ANSWER this question AT http://stackoverflow.com/questions/32248526/can-anyone-explain-the-usage-of-context-broker-via-pep-proxy
Question:
Can anyone explain the usage of Context Broker via PeP proxy?
Description:
I have installed orion Context Broker and pep proxy on my machine. I am targeting the global instance of keyRock and the AuthZforce to authenticate the context broker.
Here is my config.js:
var config = {};
config.pep_port = 1307;
// Set this var to undefined if you don't want the server to listen on HTTPS
config.https = {
enabled: false,
cert_file: 'cert/cert.crt',
key_file: 'cert/key.key',
port: 443
};
config.account_host = 'https://account.lab.fiware.org';
config.keystone_host = 'cloud.lab.fiware.org';
config.keystone_port = 4731;
config.app_host = 'localhost';
config.app_port = '1026';
config.username = '<my fiware lab username>';
config.password = '<my fiware lab pass>';
// in seconds
config.chache_time = 300;
// if enabled PEP checks permissions with AuthZForce GE.
// only compatible with oauth2 tokens engine
config.azf = {
enabled: false,
host: 'auth.lab.fiware.org',
port: 6019,
path: '/authzforce/domains/d698df7f-ffd4-11e4-a09d-ed06f24e1e78/pdp'
};
// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];
// options: oauth2/keystone
config.tokens_engine = 'oauth2';
config.magic_key = undefined;
module.exports = config;
when I do node server.js
I successfully get:
Starting PEP proxy in port 1307. Keystone authentication ...
Success authenticating PEP proxy. Proxy Auth-token: e2189bdc1a8b4aae9280b0fd5a6ae8a0
following this installation and administration guide I did the following command:
curl --header "X-Auth-Token:e2189bdc1a8b4aae9280b0fd5a6ae8a0" http://localhost:1307
From there I get this message:
[TOKEN] Checking token with IDM...
User access-token not authorized
I am seriously at a loss here and don't know how access context broker via these three intermediaries?
Whose host am I supposed to ask a token from?
I dont know if I am even asking the right questions. The point of all this is to secure an access to context broker.
Edit 1
After setting up the auth-token.sh, I got the following error:
<orionError>
<code>400</code>
<reasonPhrase>Bad Request</reasonPhrase>
<details>service not found</details>
</orionError>
The node server.js reported this:
Starting PEP proxy in port 1307. Keystone authentication ...
Success authenticating PEP proxy. Proxy Auth-token: b90604bc94134c1a81414e97a23196f3
[TOKEN] Checking token with IDM...
[ROOT] Access-token OK. Redirecting to app...
previusly the command: sh auth-token.sh <username> <pass> gave me:
X-Auth-Token for '<my email on fiware lab>': OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc
and then I just curl --header "X-Auth-Token:OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc" http://localhost:1307 which gave me the before mentioned error.
Activity
Field | Original Value | New Value |
---|---|---|
Component/s | FIWARE-TECH-HELP [ 10278 ] |
Status | Open [ 1 ] | In Progress [ 3 ] |
Status | In Progress [ 3 ] | Answered [ 10104 ] |
Resolution | Done [ 10000 ] | |
Status | Answered [ 10104 ] | Closed [ 6 ] |
Assignee | Alvaro Alonso [ aalonsog ] |
Assignee | Alvaro Alonso [ aalonsog ] | Fermín Galán [ fermin ] |
Summary | FIWARE.Question.Lab.Can anyone explain the usage of Context Broker via PeP proxy? | FIWARE.Question.Tech.Data.OrionContextBroker.UsageOfOrionCBViaPepProxy |
HD-Enabler | Orion [ 10875 ] | |
HD-Chapter | Data [ 10838 ] |
Fix Version/s | 2021 [ 12600 ] |
Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
---|---|---|---|---|---|---|---|---|---|
|
2h 59m | 1 | Backlog Manager | 30/Sep/15 9:04 AM | |||||
|
3h | 1 | Backlog Manager | 30/Sep/15 12:04 PM | |||||
|
20h 59m | 1 | Backlog Manager | 01/Oct/15 9:04 AM |
2015-09-30 06:05|CREATED monitor | # answers= 2, accepted answer= True