Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-6552

FIWARE.Question.Tech.Security.IDM-KeyRock.Fiware KeyRock SCIM API bug: _check_allowed_to_get_and_assign() got an unexpected keyword argument 'userName'

        Details

        • Type: Monitor
        • Status: Closed
        • Priority: Major
        • Resolution: Done
        • Affects Version/s: None
        • Fix Version/s: 2021
        • Component/s: FIWARE-TECH-HELP
        • Labels:

          Description

          Created question in FIWARE Q/A platform on 08-05-2016 at 00:05
          Please, ANSWER this question AT http://stackoverflow.com/questions/37094473/fiware-keyrock-scim-api-bug-check-allowed-to-get-and-assign-got-an-unexpecte

          Question:
          Fiware KeyRock SCIM API bug: _check_allowed_to_get_and_assign() got an unexpected keyword argument 'userName'

          Description:
          We want to use the FIWARE IdM, both Keystone and Horizon. Specifically during sign-up we want to

          create a user
          add that user to an organisation
          authorise the user for an application

          We have installed Keystone and Horizon using the latest KeyRock docker image on the docker hub (https://hub.docker.com/r/fiware/idm/).

          Because the KeyRock web interface creates Cloud organisations, community users in regions like Spain etc i decided to try to use the SCIM API to create and authorize users:

          Note: The SCIM API documents (http://docs.keyrock.apiary.io/#reference/scim-2.0) imply the SCIM calls are on the KeyRock server port, however they are available on the Keystone server port. The SCIM documentation would be clearer if it mentioned http://[keystone server]/v3/OS-SCIM/v2/Users/ instead of http://keyrock/v3/OS-SCIM/v2/Users/

          Lets say we have an application (SCIM consumer) with application_id=app1. This application is created using the Horizon front-end, or using the

          POST /v3/OS-OAUTH2/consumers

          call. I am not aware of a difference between the two ways of creating an application although i have not tried the latter yet. This is a one-time operation, so we used the web interface to create the application and associated role.

          so we have a role for the application = role1

          and we create a user using SCIM

          POST /v3/OS-SCIM/v2/Users/

          that yields user_id=user1

          When i try to authorize him for our application with

          PUT /v3/OS-ROLES/users/user1/applications/app1/roles/role1

          i get the following error:

          {
          "error":

          { "message": "_check_allowed_to_get_and_assign() got an unexpected keyword argument 'userName'", "code": 400, "title": "Bad Request" }

          }

          The next step would be to obtain a resource owner token through KeyRock using

          POST [KeyStone server]/oauth2/token

          But that is moot because of the above error.

          Logging into the KeyRock user interface with user1 gives the error:
          "You are not authorized for any projects." I assume this is because user1 is not authorized for an organisation. user1 is invisible to other users or the admin in the KeyRock user interface so i cannot assign the necessary authorizations.

          Any ideas anyone?
          Which roles does user1 still need to have and how to assign them so that KeyRock is satisfied?

            Activity

              People

              • Assignee:
                aalonsog Alvaro Alonso
                Reporter:
                backlogmanager Backlog Manager
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: