Details
-
Type: extRequest
-
Status: Closed
-
Priority: Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
Labels:None
-
Sender Email:
-
HD-Chapter:Security
-
HD-Enabler:Wilma
Description
Hello,
I am using Fiware's PEP proxy with the Keyrock. After installing the PEP
Proxy, I configured my config.js as:
config.account_host = '0.0.0.0:8000'
config.keystone_host = '0.0.0.0'
config.keystone_port = '5000'
config. app_host = 'www.google.com'
config.app_port = 80
As written in the guide and shown in tutorial videos, I have registered an
application on Horizon portal and received the username
'pep-proxy-65275fc866074e04bbd22ab05ac9f971' and its password. I have
entered these values in the config.username and config.password fields.
However, whenever I start the PEP proxy server with this command 'sudo node
server.js', I get the following error on PEP proxy server:
2017-01-25 12:51:19.671 - INFO: Server - Starting PEP proxy in port 80.
Keystone authentication ...
2017-01-25 12:51:19.971 - ERROR: Server - Error in keystone communication
{"error": {"message": "object of type 'NoneType' has no len()", "code":
400, "title": "Bad Request"}}
I read on stackoverflow that PEP proxy server requests a domain-scoped
token from keystone. I have tried requesting a domain-scoped token directly
from keystone by using the username
'pep-proxy-65275fc866074e04bbd22ab05ac9f971'
and its password. I get this error on keystone server:
2017-01-25 13:04:12.321 3864 ERROR keystone.auth.plugins.password [-] Could
not find user: pep-proxy-65275fc866074e04bbd22ab05ac9f971
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password Traceback
(most recent call last):
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password File
"/keystone/keystone/auth/plugins/password.py", line 101, in
_validate_and_normalize_auth_data
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password
user_name, domain_ref['id'])
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password File
"/keystone/keystone/identity/core.py", line 202, in wrapper
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password
return f(self, *args, **kwargs)
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password File
"/keystone/keystone/identity/core.py", line 213, in wrapper
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password
return f(self, *args, **kwargs)
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password File
"/keystone/keystone/identity/core.py", line 603, in get_user_by_name
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password ref =
driver.get_user_by_name(user_name, domain_id)
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password File
"/keystone/keystone/identity/backends/sql.py", line 173, in get_user_by_name
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password raise
exception.UserNotFound(user_id=user_name)
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password
UserNotFound: Could not find user:
pep-proxy-65275fc866074e04bbd22ab05ac9f971
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password
2017-01-25 13:04:12.322 3864 WARNING keystone.common.wsgi [-] Authorization
failed. The request you have made requires authentication. from
134.61.92.200
2017-01-25 13:04:12.323 3864 INFO eventlet.wsgi.server [-] 134.61.92.200 -
- [25/Jan/2017 13:04:12] "POST /v3/auth/tokens HTTP/1.1" 401 313 0.010872
The same error occurs when I try to request an unscoped token. It says that
the user could not be found. However, when I list all the users using
/v3/users, the user with name 'pep-proxy-65275fc866074e04bbd22ab05ac9f971'
appears on the list and is enabled. Am I missing something? How can I start
the proxy server with the given username and password?
[Created via e-mail received from: Fatima Toor <toor.fatima23@gmail.com>]
Could you try with this request?
curl -i \
{ "id": "default" }-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "pep_proxy_user",
"domain":
,
"password": "pep_proxy_pass"
}
}
}
}
}' \
http://keystone_host:keystone_port/v3/auth/tokens ; echo