Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
Created question in FIWARE Q/A platform on 09-03-2016 at 09:03
Please, ANSWER this question AT https://ask.fiware.org/question/419/idm-keystone-authentication-error-for-both-wilma-and-steelkin/
Question:
IdM, Keystone authentication error for both (wilma and steelkin)
Description:
Hi All,
We have deployed our own Keyrock IDM instance and try to configure a PEP-Proxy as layer os security in front of a Context Broker+Cygnus instance. but we can not perform any operation with any of both PEP-Proxies: Wilma or Steelskin. We can manage users, obtain and validate tokens (using the keystone API as reference), but for any other operation we always get an error:
Using pepProxy steelkin, we got:
Status Code: 500
Response:
{
"name": "PEPPROXYAUTHENTICATION_REJECTED",
"message": "Proxy authentication was rejected with code: 401"
}
with this configuration (reelevant fields only):
// Protected Resource configuration
config.resource = {
original:
,
proxy:
};
// Access Control configuration
config.access = {
disable: true,
protocol: 'http',
host: '192.168.1.101',
port: 4002,
path: '/pdp/v3'
}
// User identity configuration
config.authentication = {
checkHeaders: false,
module: 'keystone',
user: 'pepproxyc2*', //generated by KeyRock IDM
password: '31', //generated by KeyRock IDM
domainName: 'default',
retries: 3,
cacheTTLs:
,
options:
};
// Security configuration
config.ssl = {
active: false,
keyFile: '',
certFile: ''
}
config.logLevel = 'DEBUG';
// List of component middlewares
config.middlewares = {
require: 'lib/plugins/orionPlugin',
functions: [
'extractCBAction'
]
};
config.dieOnRedirectError = false;
config.componentName = 'orion';
config.resourceNamePrefix = 'fiware:';
config.bypass = false;
config.bypassRoleId = '';
Keyrock:
domain: default
service: keystone
/v3/auth/tokens
Using wilma proxy, we get :
2016-03-08 17:08:19.361 - INFO: IDM-Client - Checking token with IDM...
2016-03-08 17:08:19.365 - ERROR: Server - Caught exception: SyntaxError: Unexpected token E
with this config.js file (reelevant fields only):
config.pep_port = 10000;
config.https = undefined;
config.accounthost = 'http://192.168.1.101:8000'; //KeyRock IDM - horizon instance.
config.keystonehost = 'http://192.168.1.101'; //KeyRock IDM - keystone instance.
config.keystone_port = 4002;
config.apphost = 'http://192.168.1.102';
config.appport = '4000';
config.app_ssl = false;
config.username = 'pepproxy5e'; //generated by KeyRock IDM
config.password = 'ce'; //generated by KeyRock IDM
config.azf = {
enabled: false,
host: 'auth.lab.fiware.org',
port: 6019,
path: '/authzforce/domains/',
custompolicy: undefined // use undefined to default policy checks (HTTP verb + path).
};
config.publicpaths = ['/login', '/signup'];
All GEs are deployed in our local machines and perform well individually.
Best regards
Gustavo
Activity
| Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
|---|---|---|---|---|---|---|---|---|---|
|
3d 22h 3m | 1 | Alvaro Alonso | 14/Mar/16 9:06 AM | |||||
|
1s | 1 | Alvaro Alonso | 14/Mar/16 9:06 AM | |||||
|
1s | 1 | Alvaro Alonso | 14/Mar/16 9:06 AM |
