[ https://jira.fiware.org/browse/HELP-16405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Fernando Lopez reassigned HELP-16405:
-------------------------------------
Assignee: Alvaro Alonso
> [fiware-stackoverflow] How to provision a Dockerized secure IoT Agent with Keyrock?
> -----------------------------------------------------------------------------------
>
> Key: HELP-16405
> URL: https://jira.fiware.org/browse/HELP-16405
> Project: Help-Desk
> Issue Type: Monitor
> Components: FIWARE-TECH-HELP
> Reporter: Backlog Manager
> Assignee: Alvaro Alonso
> Labels: fiware, fiware-keyrock, iot
>
> Created question in FIWARE Q/A platform on 06-12-2019 at 15:12
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/59215410/how-to-provision-a-dockerized-secure-iot-agent-with-keyrock
> +Question:+
> How to provision a Dockerized secure IoT Agent with Keyrock?
> +Description:+
> I'm failing to find this information within the existing documentation - either permanent or non-permanent tokens.
> Using Keyrock 7.8, Ultralight 1.11.0 (though any current agent will do)
> The following Docker parameters are set:
> - IOTA_AUTH_ENABLED=true
> - IOTA_AUTH_TYPE=oauth2
> - IOTA_AUTH_HEADER=Authorization
> - IOTA_AUTH_HOST=keyrock
> - IOTA_AUTH_PORT=3000
> - IOTA_AUTH_URL=http://keyrock:3000
> - IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp
> # - IOTA_AUTH_PERMANENT_TOKEN=true
> The default Docker configuration is used in the image, so no provisioning group types are created.
> I am able to provision a trusted group as shown:
> curl -X POST \
> http://iot-agent:4041/iot/services \
> -H 'fiware-service: openiot' \
> -H 'fiware-servicepath: /' \
> -d '{
> "services": [
> {
> "apikey": "4jggokgpepnvsb2uv4s40d59ov",
> "cbroker": "http://orion:1026",
> "entity_type": "Motion",
> "resource": "/iot/d",
> "trust": "<motn-auth-token>"
> }
> ]
> }'
> Question 1 - how do I generate the trust token within Keyrock.
> When I provision the device
> curl -X POST \
> http://iot-agent:4041/iot/devices \
> -H 'Content-Type: application/json' \
> -H 'fiware-service: openiot' \
> -H 'fiware-servicepath: /' \
> -d '{
> "devices": [
> {
> "device_id": "motion001",
> "entity_name": "urn:ngsi-ld:Motion:001",
> "entity_type": "Motion",
> "timezone": "Europe/Berlin",
> "attributes": [
> { "object_id": "c", "name":"count", "type":"Integer"}
> ],
> "static_attributes": [
> {"name":"refStore", "type": "Relationship","value": "urn:ngsi-ld:Store:001"}
> ]
> }
> ]
> }
> '
> I receive the following error in the IoT Agent:
> {
> "name": "SECURITY_INFORMATION_MISSING",
> "message": "Some security information was missing for device type:Motion"
> }
> And the following in the Keyrock logs:
> Fri, 06 Dec 2019 14:13:52 GMT idm:oauth2-model_oauth_server -------getClient-------
> Executing (default): SELECT `id`, `redirect_uri`, `token_types`, `jwt_secret`, `scope`, `grant_type` FROM `oauth_client` AS `OauthClient` WHERE `OauthClient`.`id` = 'tutorial-dckr-site-0000-xpresswebapp' AND `OauthClient`.`secret` = 'tutorial-lcal-host-0000-clientsecret';
> Fri, 06 Dec 2019 14:13:52 GMT idm:oauth_controller Error { invalid_client: Invalid client: client is invalid
> Question 2: What additional information needs to be supplied?
--
This message was sent by Atlassian JIRA
(v6.4.1#64016)
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy