Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
Sender Email:
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
-
HD-Node:Unknown
Description
Hello,
I am new to FIWARE and I am using KeyRock - Identity Management. I have only
Keystone and Horizon installed. I have configured Keystone on a VM which I
access through ssh. I can run commands on keystone such as create/delete
groups, users etc. using 'curl'. Now, I am trying to do the same using the
browser after installing Horizon. I run Horizon at 0.0.0.0:8000 and access
the server via 'http://[public IP]:8000' in chrome. I get the following
error in browser:
A server error occurred. Please contact the administrator.
In the Keystone ssh, I get the following:
2017-01-02 22:45:25.597 4731 WARNING keystone.common.wsgi [-] Authorization
failed. The request you have made requires authentication. from 127.0.0.1
2017-01-02 22:45:25.603 4731 INFO eventlet.wsgi.server [-] 127.0.0.1 - -
[02/Jan/2017 22:45:25] "POST /v3/auth/tokens HTTP/1.1" 401 331 0.061225
In the Horizon ssh console, I get the following error:
UserWarning: Module novaclient.v1_1 is deprecated (taken as a basis for
novaclient.v2). The preferable way to get client class or object you can
find in novaclient.client module.
WARNING:py.warnings:UserWarning: Module novaclient.v1_1 is deprecated (taken
as a basis for novaclient.v2). The preferable way to get client class or
object you can find in novaclient.client module.
RemovedInDjango18Warning: XViewMiddleware has been moved to
django.contrib.admindocs.middleware.
WARNING:py.warnings:RemovedInDjango18Warning: XViewMiddleware has been moved
to django.contrib.admindocs.middleware.
DEBUG:idm_logger:Creating a new internal keystoneclient connection to
http://0.0.0.0:5000/v3.
Recoverable error: Unable to establish connection to
http://0.0.0.0:5000/v3/auth/tokens
Traceback (most recent call last):
File "/usr/lib/python2.7/wsgiref/handlers.py", line 85, in run
self.result = application(self.environ, self.start_response)
File
"/horizon/.venv/local/lib/python2.7/site-packages/django/contrib/staticfiles
/handlers.py", line 64, in _call_
return self.application(environ, start_response)
File
"/horizon/.venv/local/lib/python2.7/site-packages/django/core/handlers/wsgi.
py", line 168, in _call_
self.load_middleware()
File
"/horizon/.venv/local/lib/python2.7/site-packages/django/core/handlers/base.
py", line 46, in load_middleware
mw_instance = mw_class()
File
"/horizon/.venv/local/lib/python2.7/site-packages/django/middleware/locale.p
y", line 23, in _init_
for url_pattern in get_resolver(None).url_patterns:
File
"/horizon/.venv/local/lib/python2.7/site-packages/django/core/urlresolvers.p
y", line 367, in url_patterns
patterns = getattr(self.urlconf_module, "urlpatterns",
self.urlconf_module)
File
"/horizon/.venv/local/lib/python2.7/site-packages/django/core/urlresolvers.p
y", line 361, in urlconf_module
self._urlconf_module = import_module(self.urlconf_name)
File "/usr/lib/python2.7/importlib/_init_.py", line 37, in import_module
_import_(name)
File "/horizon/openstack_dashboard/urls.py", line 36, in <module>
from openstack_dashboard.dashboards.idm_admin.user_accounts \
File
"/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/views.py",
line 28, in <module>
from openstack_dashboard.dashboards.idm_admin.user_accounts \
File
"/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/forms.py",
line 195, in <module>
class UpdateAccountForm(forms.SelfHandlingForm, UserAccountsLogicMixin):
File
"/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/forms.py",
line 202, in UpdateAccountForm
choices=get_account_choices())
File
"/horizon/openstack_dashboard/dashboards/idm_admin/user_accounts/forms.py",
line 172, in get_account_choices
use_idm_account=True),
File "/horizon/openstack_dashboard/fiware_api/keystone.py", line 1022, in
get_basic_role
request, basic, lambda req, n:
internal_keystoneclient(req).roles.find(name=n), pickle_props=['name'])
File "/horizon/openstack_dashboard/fiware_api/keystone.py", line 997, in
_get_element_and_cache
exceptions.handle(request)
File "/horizon/horizon/exceptions.py", line 324, in handle
messages.error(request, message or log_entry)
File "/horizon/horizon/messages.py", line 83, in error
fail_silently=fail_silently)
File "/horizon/horizon/messages.py", line 41, in add_message
if not horizon_message_already_queued(request, message):
File "/horizon/horizon/messages.py", line 28, in
horizon_message_already_queued
if request.is_ajax():
AttributeError: 'NoneType' object has no attribute 'is_ajax'
[02/Jan/2017 21:53:04] "GET / HTTP/1.1" 500 59
Please tell me what am I doing wrong. As I am new to this so my
understanding about its functionality is quite limited.
__________________________________________________________________________________________
You can get more information about our cookies and privacy policies on the following links:
- http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/FIWARE_Privacy_Policy
- http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Cookies_Policy_FIWARE
Fiware-tech-help mailing list
Fiware-tech-help@lists.fiware.org
https://lists.fiware.org/listinfo/fiware-tech-help
[Created via e-mail received from: Chaudhary Umair Nadeem <umair.nadeem@rwth-aachen.de>]
Activity
Comment by umair.nadeem@rwth-aachen.de :
Thank you very much for your input. Yes, this was solved by changing the password for IDM_USER_CREDENTIALS in the local_settings.py file. Horizon is now connected with the Keystone. However after creating a user and trying to log in to Horizon portal, I get the error "Session expired" on Horizon portal. Horizon log shows:
Login successful for user "umair".
[10/Jan/2017 13:35:14] "POST /auth/login/ HTTP/1.1" 302 0
DEBUG:idm_logger:Session expired for user nadeem
[10/Jan/2017 13:35:14] "GET / HTTP/1.1" 302 0
Logging out user "umair".
Could not delete token.
How have you created the user?
You have to register users using the web interface.
BR
Comment by umair.nadeem@rwth-aachen.de :
Yes I have created the users both from the web interface and directly by curl. I also assigned the roles to the users by using PUT /v3/projects/
{project_id}/users/
{user_id}/roles/
{role_id}. Before assigning the roles, I was getting "Invalid username or password" error on web portal. Now, I am getting "Session expired" error. It seems to me that the user is immediately logged out after logging in as the horizon log shows. Here's what the Keystone log is showing:
2017-01-10 14:33:18.524 3668 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [10/Jan/2017 14:33:18] "GET /v3/ HTTP/1.1" 200 484 0.002046
2017-01-10 14:33:18.528 3671 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [10/Jan/2017 14:33:18] "POST /v3/auth/tokens HTTP/1.1" 201 1264 0.174392
2017-01-10 14:33:18.540 3668 WARNING keystone.common.wsgi [-] Two Factor Authentication is not enabled for user nadeem.
2017-01-10 14:33:18.548 3668 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [10/Jan/2017 14:33:18] "HEAD /v3/OS-TWO-FACTOR/two_factor_auth?user_name=umair&domain_name=Default HTTP/1.1" 404 160 0.022038
2017-01-10 14:33:18.679 3671 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [10/Jan/2017 14:33:18] "POST /v3/auth/tokens HTTP/1.1" 201 1231 0.134914
2017-01-10 14:33:18.681 3668 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [10/Jan/2017 14:33:18] "GET /v3/ HTTP/1.1" 200 484 0.002052
2017-01-10 14:33:18.704 3668 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [10/Jan/2017 14:33:18] "GET /v3/users/nadeem/projects HTTP/1.1" 200 529 0.020829
2017-01-10 14:33:18.774 3671 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [10/Jan/2017 14:33:18] "POST /v3/auth/tokens HTTP/1.1" 201 1266 0.072974
2017-01-10 14:33:19.229 3668 WARNING keystone.common.wsgi [-] You are not authorized to perform the requested action: identity:revoke_token
2017-01-10 14:33:19.232 3668 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [10/Jan/2017 14:33:19] "DELETE /v3/auth/tokens HTTP/1.1" 403 298 0.012384
Hi, you don't have to assign roles. If you create the user via the registration mechanism in the web site everything should work. Horizon performs the needed actions in Keystone to create the user. Then you have to activate the account using the activation URL (sent via email or printed in the console if you have not configured the mail server)
Comment by umair.nadeem@rwth-aachen.de :
Thank you. I have tried your solution and copied the link from to console to the browser. I get a blank screen with just "Activation key invalid" written on it. The user is not able to log in. It still gives "Invalid user name or password." error. This is the link that I received:
https://account.lab.fiware.org/activate/?activation_key=db6c856e46844027870aaedfd33a9d9b&user=dirk
I have checked the list of users in my Keystone server (http://localhost:5000/v3/users) using curl and admin access, and it shows that the user "dirk" is created but "enabled" value is set to false. Is there a possibility to activate the user from there?
Also, besides the portal registration, could you please tell me if there is another way to create the user? Maybe directly through the Keystone server using curl?
Your help is greatly appreciated. Thank you very much.
Comment by umair.nadeem@rwth-aachen.de :
I figured it out. I was using the wrong link. It should be the public IP address of my Keystone server instead of "account.lab.fiware.org" in the activation link. I can now log in. How can I change the activation link that is generated, so that the correct activation link (with public IP of my Keystone server instead of "account.lab.fiware.org") is sent to the email address and on console?
Still I would request you to answer my previous question too. Is there a way to create and activate the user directly through the Keystone server by using Curl and admin level access?
Great!!
To change the activation link URL you have to modify the config parameter [EMAIL_URL](https://github.com/ging/horizon/blob/master/openstack_dashboard/local/local_settings.py.example#L124).
Regarding the manual activation of an account, there is no an admin API to do so. You would have to manually activate it using the activation link generated when signing up.
Hi, this problem usually occurs when Horizon is not correctly connected to Keystone. Please, check Keystone configuration in Horizon config file:
https://github.com/ging/horizon/blob/master/openstack_dashboard/local/local_settings.py.example
You can find the configuration instructions in
http://fiware-idm.readthedocs.io/en/latest/admin_guide.html#configuration