Details
-
Type:
Monitor
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 2021
-
Component/s: FIWARE-TECH-HELP
-
HD-Chapter:Security
-
HD-Enabler:KeyRock
Description
Created question in FIWARE Q/A platform on 08-09-2015 at 18:09
Please, ANSWER this question AT https://stackoverflow.com/questions/32462583/keyrock-doesnt-accept-user-even-when-using-admin
Question:
Keyrock doesn't accept user, even when using admin
Description:
I got two users created by me, admin, with admin permissions, and another user, now with admin permissions too, but initially community (i'll be referring to this account as community).
I've registered an application with the community user and associated the admin later. As callbackUrl i've registered the address below in my keyrock instance
<keystone ip>:/oauth2/token
The request i am making to get oauth2 follows below, it uses https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh as a guideline. I've changed the user,pass, host, client id and app secret
curl -s --insecure -i --header "Authorization: Basic NmJjODMyMWMzNDQwNGVlYzkwYzNhNzhlYTU0ZTE2NjY6M2YwMzQyZjE4ZTM1NGI0ZDg5YjhlYWVkNTZmNGI5Mjc=" --header "Content-Type: application/x-www-form-urlencoded" -X POST http://<keyrock IP>/oauth2/token -d 'grant_type=password&username=<user>&password=<pass>&client_id=<clientID>&client_secret=<secret>'
The request reaches the keystone and it replies with a 404 (access token not found).
When i try to get oauth2 tokens from keyrock for both the admin and the community, it says
Error: Root - User access-token not authorized
I can login in horizon with both users.
What did i miss in order to get a oauth2 token from idm?
Edit: Code used to create users:
users_default_pass = '...'
user0 = _register_user(keystone,"user0",passwd=users_default_pass)
keystone.roles.grant(user=user0.id,role=keystone.roles.find(name='community'), project=user0.default_project_id)
Edit2: raw response and response from keystone captured with tcpflow
request:
POST /oauth2/token HTTP/1.1
User-Agent: curl/7.35.0
Host: 130.206.118.xxx:5000
Accept: /
Authorization: Basic ZWU2YmFjMWNjOTQ3NDdhNmI4MTU3NDdiNDk5NmVhZjQ6NTRkY2NjMjgxODhhNDMxYTk4OTY3MjkwN2UxYjIxYzY=
Content-Type: application/x-www-form-urlencoded
Content-Length: 143
grant_type=password&username=admin&password=admin&client_id=ee6bac1cc94747a6b815747b4996eaf4&client_secret=54dccc28188a431a989672907e1b21c6
write error to stdout
response:
HTTP/1.1 404 Not Found
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 93
Date: Wed, 09 Sep 2015 09:46:19 GMT
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
write error to stdout
Activity
| Fix Version/s | 2021 [ 12600 ] |
| Resolution | Done [ 10000 ] | |
| Status | Answered [ 10104 ] | Closed [ 6 ] |
| Status | In Progress [ 3 ] | Answered [ 10104 ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| HD-Enabler | KeyRock [ 10889 ] | |
| Description |
Created question in FIWARE Q/A platform on 08-09-2015 at 18:09 {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/32462583/keyrock-doesnt-accept-user-even-when-using-admin +Question:+ Keyrock doesn't accept user, even when using admin +Description:+ I got two users created by me, admin, with admin permissions, and another user, now with admin permissions too, but initially community (i'll be referring to this account as community). I've registered an application with the community user and associated the admin later. As callbackUrl i've registered the address below in my keyrock instance <keystone ip>:/oauth2/token The request i am making to get oauth2 follows below, it uses https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh as a guideline. I've changed the user,pass, host, client id and app secret curl -s --insecure -i --header "Authorization: Basic NmJjODMyMWMzNDQwNGVlYzkwYzNhNzhlYTU0ZTE2NjY6M2YwMzQyZjE4ZTM1NGI0ZDg5YjhlYWVkNTZmNGI5Mjc=" --header "Content-Type: application/x-www-form-urlencoded" -X POST http://<keyrock IP>/oauth2/token -d 'grant_type=password&username=<user>&password=<pass>&client_id=<clientID>&client_secret=<secret>' The request reaches the keystone and it replies with a 404 (access token not found). When i try to get oauth2 tokens from keyrock for both the admin and the community, it says Error: Root - User access-token not authorized I can login in horizon with both users. What did i miss in order to get a oauth2 token from idm? Edit: Code used to create users: users_default_pass = '...' user0 = _register_user(keystone,"user0",passwd=users_default_pass) keystone.roles.grant(user=user0.id,role=keystone.roles.find(name='community'), project=user0.default_project_id) Edit2: raw response and response from keystone captured with tcpflow request: POST /oauth2/token HTTP/1.1 User-Agent: curl/7.35.0 Host: 130.206.118.xxx:5000 Accept: */* Authorization: Basic ZWU2YmFjMWNjOTQ3NDdhNmI4MTU3NDdiNDk5NmVhZjQ6NTRkY2NjMjgxODhhNDMxYTk4OTY3MjkwN2UxYjIxYzY= Content-Type: application/x-www-form-urlencoded Content-Length: 143 grant_type=password&username=admin&password=admin&client_id=ee6bac1cc94747a6b815747b4996eaf4&client_secret=54dccc28188a431a989672907e1b21c6 write error to stdout response: HTTP/1.1 404 Not Found Vary: X-Auth-Token Content-Type: application/json Content-Length: 93 Date: Wed, 09 Sep 2015 09:46:19 GMT {"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}} write error to stdout |
Created question in FIWARE Q/A platform on 08-09-2015 at 18:09
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/32462583/keyrock-doesnt-accept-user-even-when-using-admin +Question:+ Keyrock doesn't accept user, even when using admin +Description:+ I got two users created by me, admin, with admin permissions, and another user, now with admin permissions too, but initially community (i'll be referring to this account as community). I've registered an application with the community user and associated the admin later. As callbackUrl i've registered the address below in my keyrock instance <keystone ip>:/oauth2/token The request i am making to get oauth2 follows below, it uses https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh as a guideline. I've changed the user,pass, host, client id and app secret curl -s --insecure -i --header "Authorization: Basic NmJjODMyMWMzNDQwNGVlYzkwYzNhNzhlYTU0ZTE2NjY6M2YwMzQyZjE4ZTM1NGI0ZDg5YjhlYWVkNTZmNGI5Mjc=" --header "Content-Type: application/x-www-form-urlencoded" -X POST http://<keyrock IP>/oauth2/token -d 'grant_type=password&username=<user>&password=<pass>&client_id=<clientID>&client_secret=<secret>' The request reaches the keystone and it replies with a 404 (access token not found). When i try to get oauth2 tokens from keyrock for both the admin and the community, it says Error: Root - User access-token not authorized I can login in horizon with both users. What did i miss in order to get a oauth2 token from idm? Edit: Code used to create users: users_default_pass = '...' user0 = _register_user(keystone,"user0",passwd=users_default_pass) keystone.roles.grant(user=user0.id,role=keystone.roles.find(name='community'), project=user0.default_project_id) Edit2: raw response and response from keystone captured with tcpflow request: POST /oauth2/token HTTP/1.1 User-Agent: curl/7.35.0 Host: 130.206.118.xxx:5000 Accept: */* Authorization: Basic ZWU2YmFjMWNjOTQ3NDdhNmI4MTU3NDdiNDk5NmVhZjQ6NTRkY2NjMjgxODhhNDMxYTk4OTY3MjkwN2UxYjIxYzY= Content-Type: application/x-www-form-urlencoded Content-Length: 143 grant_type=password&username=admin&password=admin&client_id=ee6bac1cc94747a6b815747b4996eaf4&client_secret=54dccc28188a431a989672907e1b21c6 write error to stdout response: HTTP/1.1 404 Not Found Vary: X-Auth-Token Content-Type: application/json Content-Length: 93 Date: Wed, 09 Sep 2015 09:46:19 GMT {"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}} write error to stdout |
| HD-Chapter | Security [ 10841 ] |
| Assignee | Backlog Manager [ backlogmanager ] |
| Field | Original Value | New Value |
|---|---|---|
| Component/s | FIWARE-TECH-HELP [ 10278 ] |