[ https://jira.fiware.org/browse/HELP-9253?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Fernando Lopez updated HELP-9253:
---------------------------------
HD-Chapter: Security
Description:
Created question in FIWARE Q/A platform on 08-09-2015 at 18:09
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/32462583/keyrock-doesnt-accept-user-even-when-using-admin
+Question:+
Keyrock doesn't accept user, even when using admin
+Description:+
I got two users created by me, admin, with admin permissions, and another user, now with admin permissions too, but initially community (i'll be referring to this account as community).
I've registered an application with the community user and associated the admin later. As callbackUrl i've registered the address below in my keyrock instance
<keystone ip>:/oauth2/token
The request i am making to get oauth2 follows below, it uses https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh as a guideline. I've changed the user,pass, host, client id and app secret
curl -s --insecure -i --header "Authorization: Basic NmJjODMyMWMzNDQwNGVlYzkwYzNhNzhlYTU0ZTE2NjY6M2YwMzQyZjE4ZTM1NGI0ZDg5YjhlYWVkNTZmNGI5Mjc=" --header "Content-Type: application/x-www-form-urlencoded" -X POST http://<keyrock IP>/oauth2/token -d 'grant_type=password&username=<user>&password=<pass>&client_id=<clientID>&client_secret=<secret>'
The request reaches the keystone and it replies with a 404 (access token not found).
When i try to get oauth2 tokens from keyrock for both the admin and the community, it says
Error: Root - User access-token not authorized
I can login in horizon with both users.
What did i miss in order to get a oauth2 token from idm?
Edit: Code used to create users:
users_default_pass = '...'
user0 = _register_user(keystone,"user0",passwd=users_default_pass)
keystone.roles.grant(user=user0.id,role=keystone.roles.find(name='community'), project=user0.default_project_id)
Edit2: raw response and response from keystone captured with tcpflow
request:
POST /oauth2/token HTTP/1.1
User-Agent: curl/7.35.0
Host: 130.206.118.xxx:5000
Accept: */*
Authorization: Basic ZWU2YmFjMWNjOTQ3NDdhNmI4MTU3NDdiNDk5NmVhZjQ6NTRkY2NjMjgxODhhNDMxYTk4OTY3MjkwN2UxYjIxYzY=
Content-Type: application/x-www-form-urlencoded
Content-Length: 143
grant_type=password&username=admin&password=admin&client_id=ee6bac1cc94747a6b815747b4996eaf4&client_secret=54dccc28188a431a989672907e1b21c6
write error to stdout
response:
HTTP/1.1 404 Not Found
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 93
Date: Wed, 09 Sep 2015 09:46:19 GMT
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
write error to stdout
was:
Created question in FIWARE Q/A platform on 08-09-2015 at 18:09
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/32462583/keyrock-doesnt-accept-user-even-when-using-admin
+Question:+
Keyrock doesn't accept user, even when using admin
+Description:+
I got two users created by me, admin, with admin permissions, and another user, now with admin permissions too, but initially community (i'll be referring to this account as community).
I've registered an application with the community user and associated the admin later. As callbackUrl i've registered the address below in my keyrock instance
<keystone ip>:/oauth2/token
The request i am making to get oauth2 follows below, it uses https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh as a guideline. I've changed the user,pass, host, client id and app secret
curl -s --insecure -i --header "Authorization: Basic NmJjODMyMWMzNDQwNGVlYzkwYzNhNzhlYTU0ZTE2NjY6M2YwMzQyZjE4ZTM1NGI0ZDg5YjhlYWVkNTZmNGI5Mjc=" --header "Content-Type: application/x-www-form-urlencoded" -X POST http://<keyrock IP>/oauth2/token -d 'grant_type=password&username=<user>&password=<pass>&client_id=<clientID>&client_secret=<secret>'
The request reaches the keystone and it replies with a 404 (access token not found).
When i try to get oauth2 tokens from keyrock for both the admin and the community, it says
Error: Root - User access-token not authorized
I can login in horizon with both users.
What did i miss in order to get a oauth2 token from idm?
Edit: Code used to create users:
users_default_pass = '...'
user0 = _register_user(keystone,"user0",passwd=users_default_pass)
keystone.roles.grant(user=user0.id,role=keystone.roles.find(name='community'), project=user0.default_project_id)
Edit2: raw response and response from keystone captured with tcpflow
request:
POST /oauth2/token HTTP/1.1
User-Agent: curl/7.35.0
Host: 130.206.118.xxx:5000
Accept: */*
Authorization: Basic ZWU2YmFjMWNjOTQ3NDdhNmI4MTU3NDdiNDk5NmVhZjQ6NTRkY2NjMjgxODhhNDMxYTk4OTY3MjkwN2UxYjIxYzY=
Content-Type: application/x-www-form-urlencoded
Content-Length: 143
grant_type=password&username=admin&password=admin&client_id=ee6bac1cc94747a6b815747b4996eaf4&client_secret=54dccc28188a431a989672907e1b21c6
write error to stdout
response:
HTTP/1.1 404 Not Found
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 93
Date: Wed, 09 Sep 2015 09:46:19 GMT
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
write error to stdout
HD-Enabler: KeyRock
> [fiware-stackoverflow] Keyrock doesn't accept user, even when using admin
> -----------------------------------------------------------------------------
>
> Key: HELP-9253
> URL: https://jira.fiware.org/browse/HELP-9253
> Project: Help-Desk
> Issue Type: Monitor
> Components: FIWARE-TECH-HELP
> Reporter: Backlog Manager
> Assignee: Backlog Manager
> Labels: fiware, keystone
>
> Created question in FIWARE Q/A platform on 08-09-2015 at 18:09
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/32462583/keyrock-doesnt-accept-user-even-when-using-admin
> +Question:+
> Keyrock doesn't accept user, even when using admin
> +Description:+
> I got two users created by me, admin, with admin permissions, and another user, now with admin permissions too, but initially community (i'll be referring to this account as community).
> I've registered an application with the community user and associated the admin later. As callbackUrl i've registered the address below in my keyrock instance
> <keystone ip>:/oauth2/token
> The request i am making to get oauth2 follows below, it uses https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh as a guideline. I've changed the user,pass, host, client id and app secret
> curl -s --insecure -i --header "Authorization: Basic NmJjODMyMWMzNDQwNGVlYzkwYzNhNzhlYTU0ZTE2NjY6M2YwMzQyZjE4ZTM1NGI0ZDg5YjhlYWVkNTZmNGI5Mjc=" --header "Content-Type: application/x-www-form-urlencoded" -X POST http://<keyrock IP>/oauth2/token -d 'grant_type=password&username=<user>&password=<pass>&client_id=<clientID>&client_secret=<secret>'
> The request reaches the keystone and it replies with a 404 (access token not found).
> When i try to get oauth2 tokens from keyrock for both the admin and the community, it says
> Error: Root - User access-token not authorized
> I can login in horizon with both users.
> What did i miss in order to get a oauth2 token from idm?
> Edit: Code used to create users:
> users_default_pass = '...'
> user0 = _register_user(keystone,"user0",passwd=users_default_pass)
> keystone.roles.grant(user=user0.id,role=keystone.roles.find(name='community'), project=user0.default_project_id)
> Edit2: raw response and response from keystone captured with tcpflow
> request:
> POST /oauth2/token HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 130.206.118.xxx:5000
> Accept: */*
> Authorization: Basic ZWU2YmFjMWNjOTQ3NDdhNmI4MTU3NDdiNDk5NmVhZjQ6NTRkY2NjMjgxODhhNDMxYTk4OTY3MjkwN2UxYjIxYzY=
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 143
> grant_type=password&username=admin&password=admin&client_id=ee6bac1cc94747a6b815747b4996eaf4&client_secret=54dccc28188a431a989672907e1b21c6
> write error to stdout
> response:
> HTTP/1.1 404 Not Found
> Vary: X-Auth-Token
> Content-Type: application/json
> Content-Length: 93
> Date: Wed, 09 Sep 2015 09:46:19 GMT
> {"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}
> write error to stdout
--
This message was sent by Atlassian JIRA
(v6.4.1#64016)
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy