[HELP-8178] PEP_PROXY Server - Error in keystone communication - JIRA

Details

Type: extRequest
Status: Closed
Priority: Major
Resolution: Done
Fix Version/s: 2021
Component/s: FIWARE-TECH-HELP
Labels:
None

Sender Email:
toor.fatima23@gmail.com
HD-Chapter:
Security
HD-Enabler:
Wilma

Description

Hello,

I am using Fiware's PEP proxy with the Keyrock. After installing the PEP
Proxy, I configured my config.js as:

config.account_host = '0.0.0.0:8000'

config.keystone_host = '0.0.0.0'
config.keystone_port = '5000'

config. app_host = 'www.google.com'
config.app_port = 80

As written in the guide and shown in tutorial videos, I have registered an
application on Horizon portal and received the username
'pep-proxy-65275fc866074e04bbd22ab05ac9f971' and its password. I have
entered these values in the config.username and config.password fields.
However, whenever I start the PEP proxy server with this command 'sudo node
server.js', I get the following error on PEP proxy server:

2017-01-25 12:51:19.671 - INFO: Server - Starting PEP proxy in port 80.
Keystone authentication ...
2017-01-25 12:51:19.971 - ERROR: Server - Error in keystone communication
{"error": {"message": "object of type 'NoneType' has no len()", "code":
400, "title": "Bad Request"}}

I read on stackoverflow that PEP proxy server requests a domain-scoped
token from keystone. I have tried requesting a domain-scoped token directly
from keystone by using the username
'pep-proxy-65275fc866074e04bbd22ab05ac9f971'
and its password. I get this error on keystone server:

2017-01-25 13:04:12.321 3864 ERROR keystone.auth.plugins.password [-] Could
not find user: pep-proxy-65275fc866074e04bbd22ab05ac9f971
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password Traceback
(most recent call last):
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password File
"/keystone/keystone/auth/plugins/password.py", line 101, in
_validate_and_normalize_auth_data
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password
user_name, domain_ref['id'])
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password File
"/keystone/keystone/identity/core.py", line 202, in wrapper
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password
return f(self, *args, **kwargs)
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password File
"/keystone/keystone/identity/core.py", line 213, in wrapper
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password
return f(self, *args, **kwargs)
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password File
"/keystone/keystone/identity/core.py", line 603, in get_user_by_name
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password ref =
driver.get_user_by_name(user_name, domain_id)
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password File
"/keystone/keystone/identity/backends/sql.py", line 173, in get_user_by_name
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password raise
exception.UserNotFound(user_id=user_name)
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password
UserNotFound: Could not find user:
pep-proxy-65275fc866074e04bbd22ab05ac9f971
2017-01-25 13:04:12.321 3864 TRACE keystone.auth.plugins.password
2017-01-25 13:04:12.322 3864 WARNING keystone.common.wsgi [-] Authorization
failed. The request you have made requires authentication. from
134.61.92.200
2017-01-25 13:04:12.323 3864 INFO eventlet.wsgi.server [-] 134.61.92.200 -

[25/Jan/2017 13:04:12] "POST /v3/auth/tokens HTTP/1.1" 401 313 0.010872

The same error occurs when I try to request an unscoped token. It says that
the user could not be found. However, when I list all the users using
/v3/users, the user with name 'pep-proxy-65275fc866074e04bbd22ab05ac9f971'
appears on the list and is enabled. Am I missing something? How can I start
the proxy server with the given username and password?

[Created via e-mail received from: Fatima Toor <toor.fatima23@gmail.com>]

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Alvaro Alonso added a comment - 01/Feb/17 2:35 PM

Could you try with this request?

curl -i \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "pep_proxy_user",
"domain":

{ "id": "default" }

,
"password": "pep_proxy_pass"
}
}
}
}
}' \
http://keystone_host:keystone_port/v3/auth/tokens ; echo

Show

Alvaro Alonso added a comment - 01/Feb/17 2:35 PM Could you try with this request? curl -i \ -H "Content-Type: application/json" \ -d ' { "auth": { "identity": { "methods": ["password"] , "password": { "user": { "name": "pep_proxy_user", "domain": { "id": "default" } , "password": "pep_proxy_pass" } } } } }' \ http://keystone_host:keystone_port/v3/auth/tokens ; echo

Hide

Permalink

FW External User added a comment - 02/Feb/17 12:39 PM

Comment by toor.fatima23@gmail.com :

Thank you for your email. I have tried your suggestion and now I am getting
this error:

{"error": {"message": "object of type 'NoneType' has no len()", "code":
"400", "title": "Bad Request"}}

On the Keystone host, I receive the following message:

2017-02-02 11:29:52.554 1409 ERROR keystone.common.wsgi [-] object of type
'NoneType' has no len()
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi Traceback (most
recent call last):
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/keystone/common/wsgi.py", line 224, in _call_
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi result =
method(context, **params)
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/keystone/auth/controllers.py", line 407, in
authenticate_for_token
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi is_cloud_token
= self.assignment_api.get_project(project_id).get('is_cloud_project')
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/.venv/local/lib/python2.7/site-packages/dogpile/cache/region.py",
line 1040, in decorate
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi should_cache_fn)
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/.venv/local/lib/python2.7/site-packages/dogpile/cache/region.py",
line 651, in get_or_create
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi async_creator)
as value:
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/.venv/local/lib/python2.7/site-packages/dogpile/core/dogpile.py",
line 158, in _enter_
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi return
self._enter()
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/.venv/local/lib/python2.7/site-packages/dogpile/core/dogpile.py",
line 98, in _enter
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi generated =
self._enter_create(createdtime)
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/.venv/local/lib/python2.7/site-packages/dogpile/core/dogpile.py",
line 149, in _enter_create
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi created =
self.creator()
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/.venv/local/lib/python2.7/site-packages/dogpile/cache/region.py",
line 619, in gen_value
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi created_value =
creator()
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/.venv/local/lib/python2.7/site-packages/dogpile/cache/region.py",
line 1036, in creator
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi return fn(*arg,
**kw)
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/keystone/assignment/core.py", line 484, in get_project
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi return
self.driver.get_project(project_id)
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/keystone/assignment/backends/sql.py", line 47, in get_project
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi return
self._get_project(session, tenant_id).to_dict()
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/keystone/assignment/backends/sql.py", line 40, in _get_project
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi project_ref =
session.query(Project).get(project_id)
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File
"/keystone/.venv/local/lib/python2.7/site-packages/sqlalchemy/orm/query.py",
line 802, in get
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi if len(ident)
!= len(mapper.primary_key):
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi TypeError: object
of type 'NoneType' has no len()
2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi
2017-02-02 11:29:52.556 1409 INFO eventlet.wsgi.server [-] 134.61.178.241 -

[02/Feb/2017 11:29:52] "POST /v3/auth/tokens HTTP/1.1" 400 239 0.072728

I am still not able to connect PEP proxy server with KeyRock.

On Wed, Feb 1, 2017 at 2:36 PM, Help-Desk <jira-help-desk@jira.fiware.org>
wrote:

>
>

Show

FW External User added a comment - 02/Feb/17 12:39 PM Comment by toor.fatima23@gmail.com : Thank you for your email. I have tried your suggestion and now I am getting this error: {"error": {"message": "object of type 'NoneType' has no len()", "code": "400", "title": "Bad Request"}} On the Keystone host, I receive the following message: 2017-02-02 11:29:52.554 1409 ERROR keystone.common.wsgi [-] object of type 'NoneType' has no len() 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi Traceback (most recent call last): 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/keystone/common/wsgi.py", line 224, in _ call _ 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi result = method(context, **params) 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/keystone/auth/controllers.py", line 407, in authenticate_for_token 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi is_cloud_token = self.assignment_api.get_project(project_id).get('is_cloud_project') 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/.venv/local/lib/python2.7/site-packages/dogpile/cache/region.py", line 1040, in decorate 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi should_cache_fn) 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/.venv/local/lib/python2.7/site-packages/dogpile/cache/region.py", line 651, in get_or_create 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi async_creator) as value: 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/.venv/local/lib/python2.7/site-packages/dogpile/core/dogpile.py", line 158, in _ enter _ 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi return self._enter() 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/.venv/local/lib/python2.7/site-packages/dogpile/core/dogpile.py", line 98, in _enter 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi generated = self._enter_create(createdtime) 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/.venv/local/lib/python2.7/site-packages/dogpile/core/dogpile.py", line 149, in _enter_create 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi created = self.creator() 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/.venv/local/lib/python2.7/site-packages/dogpile/cache/region.py", line 619, in gen_value 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi created_value = creator() 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/.venv/local/lib/python2.7/site-packages/dogpile/cache/region.py", line 1036, in creator 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi return fn(*arg, **kw) 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/keystone/assignment/core.py", line 484, in get_project 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi return self.driver.get_project(project_id) 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/keystone/assignment/backends/sql.py", line 47, in get_project 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi return self._get_project(session, tenant_id).to_dict() 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/keystone/assignment/backends/sql.py", line 40, in _get_project 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi project_ref = session.query(Project).get(project_id) 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi File "/keystone/.venv/local/lib/python2.7/site-packages/sqlalchemy/orm/query.py", line 802, in get 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi if len(ident) != len(mapper.primary_key): 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi TypeError: object of type 'NoneType' has no len() 2017-02-02 11:29:52.554 1409 TRACE keystone.common.wsgi 2017-02-02 11:29:52.556 1409 INFO eventlet.wsgi.server [-] 134.61.178.241 - [02/Feb/2017 11:29:52] "POST /v3/auth/tokens HTTP/1.1" 400 239 0.072728 I am still not able to connect PEP proxy server with KeyRock. On Wed, Feb 1, 2017 at 2:36 PM, Help-Desk <jira-help-desk@jira.fiware.org> wrote: > >

Hide

Permalink

Alvaro Alonso added a comment - 08/Feb/17 12:23 PM

Hello,

There was a bug in one of the latest commits of Keystone, and it may be causing the error you are running into. Please use the code from the latest release (5.4.0, available in https://github.com/ging/keystone/tree/keyrock-5.4.0). You should have no problem with that version, so feel free to write back if the problem persists.

Kind regards

Show

Alvaro Alonso added a comment - 08/Feb/17 12:23 PM Hello, There was a bug in one of the latest commits of Keystone, and it may be causing the error you are running into. Please use the code from the latest release (5.4.0, available in https://github.com/ging/keystone/tree/keyrock-5.4.0 ). You should have no problem with that version, so feel free to write back if the problem persists. Kind regards

Hide

Permalink

FW External User added a comment - 09/Feb/17 12:31 PM

Comment by toor.fatima23@gmail.com :

Hi, Thank you for your answer. It worked.

Show

FW External User added a comment - 09/Feb/17 12:31 PM Comment by toor.fatima23@gmail.com : Hi, Thank you for your answer. It worked.

People

Assignee:

Alvaro Alonso

Reporter:

FW External User

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

25/Jan/17 2:32 PM

Updated:

27/May/21 10:55 AM

Resolved:

09/Feb/17 9:34 AM

Agile

View on Board