Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
Sender Email:
-
HD-Chapter:Data
-
HD-Enabler:Orion
Description
Dear all,
We are completely stuck trying to make use of security enablers. We are
using an orion instance in a cloud lab VM and the public FIWARE IdM
(https://account.lab.fiware.org).
The orion instance works without problems before using the pep-proxy. After
setting up the pep-proxy we are stuck getting an error message trying to
authenticate:
The request includes the Fiware-Service header, and the application is
created in the IdM, with roles and permissions. Probably there should be a
way to match the service and roles or permissions, but we didn’t find the
corresponding documentation.
Regards,
Julio Cano.
galilea_logo
GALILEA SOLUCIONES SLU
Parque Científico Leganés Tecnológico
C/ Margarita Salas, 16 C.P. 28919, Leganés, Madrid (SPAIN)
Tel: <tel:%2B34%2091%20689%2080%2094> +34 91 689 80 94
Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost.
Please, send your messages using the new domain (Fiware-soulfi-coaching@lists.fiware.org) instead of the old one.
_______________________________________________
Fiware-soulfi-coaching mailing list
Fiware-soulfi-coaching@lists.fiware.org
https://lists.fiware.org/listinfo/fiware-soulfi-coaching
[Created via e-mail received from: Julio Cano <jcano@galileasoluciones.com>]
Issue Links
- relates to
-
HELC-1143
FIWARE.Request.Coach.SOUL-FI.pep-proxy and idm
-
- Closed
-
Activity
As far as I understand by the error message, you are using Steelskin PEP implementation with the Keyrock IDM implementation at http://catalogue.fiware.org/enablers/identity-management-keyrock.
Currently (maybe it changes in the future) both pieces are not compatible. If you use Steelskin PEP, you have to use standard Keystone (see https://github.com/telefonicaid/fiware-pep-steelskin/blob/master/keystoneInstallation.md about how both are used together), you cannot use Keyrock. If you use Keyrock, then you have to use Wilma PEP (http://catalogue.fiware.org/enablers/pep-proxy-wilma), you cannot use Steelskin.
In summary:
(Steelskin PEP AND Keystone IDM) XOR (Wilma PEP AND Keyrock IDM)
As far as I understand by the error message, you are using Steelskin PEP implementation with the Keyrock IDM implementation at http://catalogue.fiware.org/enablers/identity-management-keyrock.
Currently (maybe it changes in the future) both pieces are not compatible. If you use Steelskin PEP, you have to use standard Keystone (see https://github.com/telefonicaid/fiware-pep-steelskin/blob/master/keystoneInstallation.md about how both are used together), you cannot use Keyrock. If you use Keyrock, then you have to use Wilma PEP (http://catalogue.fiware.org/enablers/pep-proxy-wilma), you cannot use Steelskin.
In summary:
(Steelskin PEP AND Keystone IDM) XOR (Wilma PEP AND Keyrock IDM)
PD. Sorry for possible double-posting... first time I use the email plugin at JIRA :$
Fermín I think this is a message coming from Orion, could you help? Thanks!