Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-7485

FIWARE.Request.Tech.Security.PEP-Proxy.Fiware Orion Context Broker - can not get token

        Details

        • Type: extRequest
        • Status: Closed
        • Priority: Major
        • Resolution: Done
        • Fix Version/s: 2021
        • Component/s: FIWARE-TECH-HELP
        • Labels:
          None

          Description

          Good morning,

          I have two issues concerning Fiware Orion:

          First:

          I am following the Fiware context broker introduction to get a token from
          the Orion public instance as described in:
          https://fiware-orion.readthedocs.io/en/develop/quick_start_guide/index.html.
          <https://fiware-orion.readthedocs.io/en/develop/quick_start_guide/index.html>

          <https://fiware-orion.readthedocs.io/en/develop/quick_start_guide/index.html>

          1. wget --no-check-certificate
            https://raw.githubusercontent.com/fgalan/oauth2-example-orion-client/master/token_script.sh
          2. bash token_script.sh

          Last week I downloaded the script, executed it, and after specifying my
          Fiware-Lab credentials I got the needed token. This week, however, when I
          run the script, I receive an empty response.

          Second:

          If I were to use one of my personal Orion Instances in Fiware Cloud, how is
          the authentication manages? Do I need to install an IDM or is it already
          configured to do so?

          If you could give me an insight on what I should do, I would really
          appreciate it.

          Oihane

          Since January 1st, old domains won't be supported and messages sent to any domain different to @lists.fiware.org will be lost.
          Please, send your messages using the new domain (Fiware-tech-help@lists.fiware.org) instead of the old one.
          _______________________________________________
          Fiware-tech-help mailing list
          Fiware-tech-help@lists.fiware.org
          https://lists.fiware.org/listinfo/fiware-tech-help
          [Created via e-mail received from: Oihane Kamara Esteban <oihane.esteban@deusto.es>]

            Activity

            Descending order - Click to sort in ascending order
            Transition Time In Source Status Execution Times Last Executer Last Execution Date
            Open Open In Progress In Progress
            		1d 6h 37m 1 Fermín Galán 14/Oct/16 4:29 PM
            In Progress In Progress Answered Answered
            		10d 18h 27m 1 Alvaro Alonso 25/Oct/16 10:57 AM
            Answered Answered Closed Closed
            		1s 1 Alvaro Alonso 25/Oct/16 10:57 AM
            fla Fernando Lopez made changes -
            Fix Version/s 2021 [ 12600 ]
            backlogmanager Backlog Manager made changes -
            Summary [Fiware-tech-help] Fiware Orion Context Broker - can not get token FIWARE.Request.Tech.Security.PEP-Proxy.Fiware Orion Context Broker - can not get token
            HD-Chapter Security [ 10841 ]
            HD-Node Unknown [ 10852 ]
            aalonsog Alvaro Alonso made changes -
            Resolution Done [ 10000 ]
            Status Answered [ 10104 ] Closed [ 6 ]
            aalonsog Alvaro Alonso made changes -
            Status In Progress [ 3 ] Answered [ 10104 ]
            Hide
            Permalink
            aalonsog Alvaro Alonso added a comment -

            AS Fermín has explained you can deploy a Wilma PEP Proxy instance on top of your CB instance to protect the API. And you can configure it to validate the requests with the central FIWARE Lab IdM instance. You can see details about how this work in the Wilma documentation and courses (https://catalogue.fiware.org/enablers/pep-proxy-wilma)

            Show
            aalonsog Alvaro Alonso added a comment - AS Fermín has explained you can deploy a Wilma PEP Proxy instance on top of your CB instance to protect the API. And you can configure it to validate the requests with the central FIWARE Lab IdM instance. You can see details about how this work in the Wilma documentation and courses ( https://catalogue.fiware.org/enablers/pep-proxy-wilma )
            mev Manuel Escriche made changes -
            HD-Chapter Security [ 10841 ]
            backlogmanager Backlog Manager made changes -
            Assignee Alvaro Alonso [ aalonsog ]
            backlogmanager Backlog Manager made changes -
            HD-Chapter Data [ 10838 ] Security [ 10841 ]
            mev Manuel Escriche made changes -
            Assignee Manuel Escriche [ mev ]
            mev Manuel Escriche made changes -
            HD-Enabler Orion [ 10875 ] Wilma [ 10890 ]
            Hide
            Permalink
            fermin Fermín Galán added a comment - - edited

            Manuel, I have assigned the issue to you in the hope you can assign in sequence to the experts in the security chapter regarding the second question (see my last comment). Thanks!

            Show
            fermin Fermín Galán added a comment - - edited Manuel, I have assigned the issue to you in the hope you can assign in sequence to the experts in the security chapter regarding the second question (see my last comment). Thanks!
            fermin Fermín Galán made changes -
            Assignee Fermín Galán [ fermin ] Manuel Escriche [ mev ]
            fermin Fermín Galán made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            Hide
            Permalink
            fermin Fermín Galán added a comment -

            Regarding first question, please have a look to this ticket: https://jira.fiware.org/browse/HELP-7484. The cause is probably the same and now it should work again.

            Regarding the second question, you would typically install a PEP proxy to protect your Orion API instance. Then, that PEP proxy be connected either 1) the global IDM and Access Control componentes associated to the FIWARE Lab cloud, 2) your own private instances of IDM and Access Control. However, I'm not an expert in the FIWARE security framework so I'll tell the people in charge of JIRA that assign the ticket to some expert in that area.

            Show
            fermin Fermín Galán added a comment - Regarding first question, please have a look to this ticket: https://jira.fiware.org/browse/HELP-7484 . The cause is probably the same and now it should work again. Regarding the second question, you would typically install a PEP proxy to protect your Orion API instance. Then, that PEP proxy be connected either 1) the global IDM and Access Control componentes associated to the FIWARE Lab cloud, 2) your own private instances of IDM and Access Control. However, I'm not an expert in the FIWARE security framework so I'll tell the people in charge of JIRA that assign the ticket to some expert in that area.
            backlogmanager Backlog Manager made changes -
            Assignee Fermín Galán [ fermin ]
            backlogmanager Backlog Manager made changes -
            HD-Chapter Unknown [ 10845 ] Data [ 10838 ]
            mev Manuel Escriche made changes -
            HD-Enabler Unknown [ 10910 ] Orion [ 10875 ]
            backlogmanager Backlog Manager made changes -
            HD-Enabler Unknown [ 10910 ]
            HD-Chapter Unknown [ 10845 ]
            HD-Node Unknown [ 10852 ]
            backlogmanager Backlog Manager made changes -
            Field Original Value New Value
            Component/s FIWARE-TECH-HELP [ 10278 ]
            fw.ext.user FW External User created issue -

              People

              • Assignee:
                aalonsog Alvaro Alonso
                Reporter:
                fw.ext.user FW External User
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: