Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-7485

FIWARE.Request.Tech.Security.PEP-Proxy.Fiware Orion Context Broker - can not get token

        Details

        • Type: extRequest
        • Status: Closed
        • Priority: Major
        • Resolution: Done
        • Fix Version/s: 2021
        • Component/s: FIWARE-TECH-HELP
        • Labels:
          None

          Description

          Good morning,

          I have two issues concerning Fiware Orion:

          First:

          I am following the Fiware context broker introduction to get a token from
          the Orion public instance as described in:
          https://fiware-orion.readthedocs.io/en/develop/quick_start_guide/index.html.
          <https://fiware-orion.readthedocs.io/en/develop/quick_start_guide/index.html>

          <https://fiware-orion.readthedocs.io/en/develop/quick_start_guide/index.html>

          1. wget --no-check-certificate
            https://raw.githubusercontent.com/fgalan/oauth2-example-orion-client/master/token_script.sh
          2. bash token_script.sh

          Last week I downloaded the script, executed it, and after specifying my
          Fiware-Lab credentials I got the needed token. This week, however, when I
          run the script, I receive an empty response.

          Second:

          If I were to use one of my personal Orion Instances in Fiware Cloud, how is
          the authentication manages? Do I need to install an IDM or is it already
          configured to do so?

          If you could give me an insight on what I should do, I would really
          appreciate it.

          Oihane

          Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost.
          Please, send your messages using the new domain (Fiware-tech-help@lists.fiware.org) instead of the old one.
          _______________________________________________
          Fiware-tech-help mailing list
          Fiware-tech-help@lists.fiware.org
          https://lists.fiware.org/listinfo/fiware-tech-help
          [Created via e-mail received from: Oihane Kamara Esteban <oihane.esteban@deusto.es>]

            Activity

            Ascending order - Click to sort in descending order
            Hide
            Permalink
            fermin Fermín Galán added a comment -

            Regarding first question, please have a look to this ticket: https://jira.fiware.org/browse/HELP-7484. The cause is probably the same and now it should work again.

            Regarding the second question, you would typically install a PEP proxy to protect your Orion API instance. Then, that PEP proxy be connected either 1) the global IDM and Access Control componentes associated to the FIWARE Lab cloud, 2) your own private instances of IDM and Access Control. However, I'm not an expert in the FIWARE security framework so I'll tell the people in charge of JIRA that assign the ticket to some expert in that area.

            Show
            fermin Fermín Galán added a comment - Regarding first question, please have a look to this ticket: https://jira.fiware.org/browse/HELP-7484 . The cause is probably the same and now it should work again. Regarding the second question, you would typically install a PEP proxy to protect your Orion API instance. Then, that PEP proxy be connected either 1) the global IDM and Access Control componentes associated to the FIWARE Lab cloud, 2) your own private instances of IDM and Access Control. However, I'm not an expert in the FIWARE security framework so I'll tell the people in charge of JIRA that assign the ticket to some expert in that area.
            Hide
            Permalink
            fermin Fermín Galán added a comment - - edited

            Manuel, I have assigned the issue to you in the hope you can assign in sequence to the experts in the security chapter regarding the second question (see my last comment). Thanks!

            Show
            fermin Fermín Galán added a comment - - edited Manuel, I have assigned the issue to you in the hope you can assign in sequence to the experts in the security chapter regarding the second question (see my last comment). Thanks!
            Hide
            Permalink
            aalonsog Alvaro Alonso added a comment -

            AS Fermín has explained you can deploy a Wilma PEP Proxy instance on top of your CB instance to protect the API. And you can configure it to validate the requests with the central FIWARE Lab IdM instance. You can see details about how this work in the Wilma documentation and courses (https://catalogue.fiware.org/enablers/pep-proxy-wilma)

            Show
            aalonsog Alvaro Alonso added a comment - AS Fermín has explained you can deploy a Wilma PEP Proxy instance on top of your CB instance to protect the API. And you can configure it to validate the requests with the central FIWARE Lab IdM instance. You can see details about how this work in the Wilma documentation and courses ( https://catalogue.fiware.org/enablers/pep-proxy-wilma )

              People

              • Assignee:
                aalonsog Alvaro Alonso
                Reporter:
                fw.ext.user FW External User
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: