Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-5912

FIWARE.Request.Lab.OAuth2 authentication issue and httpfs

        Details

        • Type: extRequest
        • Status: Closed
        • Priority: Major
        • Resolution: Done
        • Fix Version/s: 2021
        • Component/s: FIWARE-LAB-HELP
        • Labels:
          None

          Description

          Hello,

          I'm working in a INCENSe project where the aim is to run Big Data analysis on a set of customer data. The data should be handled in a protected manner. As far as I've understood, the httpfs server on cosmos.lab.fiware.org:14000 supports OAuth2 authentication, so so far things look good. However, there's an issue with the SSL certificate for the Cosmos Tokens Generator on cosmos.lab.fiware.org:13000. The server uses a self-signed certificate, making it impossible to verify the server's identity. Is this really true? If there's no way to verify the OAuth2 server's identity, the authentication is open to man-in-the-middle-attack, and thus not suitable for secure data.

          Second question: does the https server on cosmos.lab.fiware.org:14000 support https transport?

          Regards,
          Kimmo Surakka

          Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost.
          Please, send your messages using the new domain (Fiware-lab-help@lists.fiware.org) instead of the old one.
          _______________________________________________
          Fiware-lab-help mailing list
          Fiware-lab-help@lists.fiware.org
          https://lists.fiware.org/listinfo/fiware-lab-help
          [Created via e-mail received from: Kimmo Surakka <Kimmo.Surakka@fourdeg.com>]

            Activity

            Hide
            Permalink
            fw.ext.user FW External User added a comment -

            Hi Kimmo,

            Yes, the certificate for the Cosmos Token Generator server is self-signed.
            I¹m aware it should be signed by some CA, nevertheless, AFAIK, there is no
            CA at FIWARE Lab. Anyway, such a server is just a wrapper for the Identity
            Manager, the ³official² endpoint for OAuth2 stuff.

            Regarding https in the WebHDFS/HttpFS interface, it could be enabled, but
            the problem would be the same: the certificate for this interface would be
            self-signed as well.

            In any case, I¹ll ask Identity Manager people.

            Regards,
            Francisco

            El 18/2/16 10:17, "Manuel Escriche (JIRA)" <jira-help-desk@fi-ware.org>

            ________________________________

            Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

            The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

            Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
            Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost.
            Please, send your messages using the new domain (Fiware-lab-help@lists.fiware.org) instead of the old one.
            _______________________________________________
            Fiware-lab-help mailing list
            Fiware-lab-help@lists.fiware.org
            https://lists.fiware.org/listinfo/fiware-lab-help

            Show
            fw.ext.user FW External User added a comment - Hi Kimmo, Yes, the certificate for the Cosmos Token Generator server is self-signed. I¹m aware it should be signed by some CA, nevertheless, AFAIK, there is no CA at FIWARE Lab. Anyway, such a server is just a wrapper for the Identity Manager, the ³official² endpoint for OAuth2 stuff. Regarding https in the WebHDFS/HttpFS interface, it could be enabled, but the problem would be the same: the certificate for this interface would be self-signed as well. In any case, I¹ll ask Identity Manager people. Regards, Francisco El 18/2/16 10:17, "Manuel Escriche (JIRA)" <jira-help-desk@fi-ware.org> ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost. Please, send your messages using the new domain (Fiware-lab-help@lists.fiware.org) instead of the old one. _______________________________________________ Fiware-lab-help mailing list Fiware-lab-help@lists.fiware.org https://lists.fiware.org/listinfo/fiware-lab-help

              People

              • Assignee:
                frb Francisco Romero
                Reporter:
                fw.ext.user FW External User
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: