[Backlogmanager] [FIWARE-JIRA] (HELP-16405) [fiware-stackoverflow] How to provision a Dockerized secure IoT Agent with Keyrock?

Fernando Lopez (JIRA) jira-help-desk at jira.fiware.org
Mon Dec 9 07:38:00 CET 2019
Previous message: [Backlogmanager] [FIWARE-JIRA] (HELP-16405) [fiware-stackoverflow] How to provision a Dockerized secure IoT Agent with Keyrock?
Next message: [Backlogmanager] [FIWARE-JIRA] (CEF-9) BUILTHUB
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
     [ https://jira.fiware.org/browse/HELP-16405?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Fernando Lopez updated HELP-16405:
----------------------------------
    Description: 
Created question in FIWARE Q/A platform on 06-12-2019 at 15:12
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/59215410/how-to-provision-a-dockerized-secure-iot-agent-with-keyrock


+Question:+
How to provision a Dockerized secure IoT Agent with Keyrock?

+Description:+
I'm failing to find this information within the existing documentation - either permanent or non-permanent tokens.

Using Keyrock 7.8, Ultralight 1.11.0 (though any current agent will do)

The following Docker parameters are set:

      - IOTA_AUTH_ENABLED=true
      - IOTA_AUTH_TYPE=oauth2
      - IOTA_AUTH_HEADER=Authorization
      - IOTA_AUTH_HOST=keyrock
      - IOTA_AUTH_PORT=3000
      - IOTA_AUTH_URL=http://keyrock:3000
      - IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp
   #  - IOTA_AUTH_PERMANENT_TOKEN=true


The default Docker configuration is used in the image, so no provisioning group types are created.

I am able to  provision a trusted group as shown:

curl -X POST \
  http://iot-agent:4041/iot/services \
  -H 'fiware-service: openiot' \
  -H 'fiware-servicepath: /' \
  -d '{
 "services": [
   {
     "apikey":      "4jggokgpepnvsb2uv4s40d59ov",
     "cbroker":     "http://orion:1026",
     "entity_type": "Motion",
     "resource":    "/iot/d",
     "trust": "<motn-auth-token>"
   }
 ]
}'


Question 1 - how do I generate the trust token within Keyrock.

When I provision the device

curl -X POST \
  http://iot-agent:4041/iot/devices \
  -H 'Content-Type: application/json' \
  -H 'fiware-service: openiot' \
  -H 'fiware-servicepath: /' \
  -d '{
 "devices": [
   {
     "device_id":   "motion001",
     "entity_name": "urn:ngsi-ld:Motion:001",
     "entity_type": "Motion",
     "timezone":    "Europe/Berlin",
     "attributes": [
       { "object_id": "c", "name":"count", "type":"Integer"}
      ],
      "static_attributes": [
         {"name":"refStore", "type": "Relationship","value": "urn:ngsi-ld:Store:001"}
      ]
   }
 ]
}
'


I receive the following error in the IoT Agent:

{
    "name": "SECURITY_INFORMATION_MISSING",
    "message": "Some security information was missing for device type:Motion"
}


And the following in the Keyrock logs:

Fri, 06 Dec 2019 14:13:52 GMT idm:oauth2-model_oauth_server -------getClient-------
Executing (default): SELECT `id`, `redirect_uri`, `token_types`, `jwt_secret`, `scope`, `grant_type` FROM `oauth_client` AS `OauthClient` WHERE `OauthClient`.`id` = 'tutorial-dckr-site-0000-xpresswebapp' AND `OauthClient`.`secret` = 'tutorial-lcal-host-0000-clientsecret';
Fri, 06 Dec 2019 14:13:52 GMT idm:oauth_controller Error  { invalid_client: Invalid client: client is invalid


Question 2: What additional information needs to be supplied?


  was:

Created question in FIWARE Q/A platform on 06-12-2019 at 15:12
{color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/59215410/how-to-provision-a-dockerized-secure-iot-agent-with-keyrock


+Question:+
How to provision a Dockerized secure IoT Agent with Keyrock?

+Description:+
I'm failing to find this information within the existing documentation - either permanent or non-permanent tokens.

Using Keyrock 7.8, Ultralight 1.11.0 (though any current agent will do)

The following Docker parameters are set:

      - IOTA_AUTH_ENABLED=true
      - IOTA_AUTH_TYPE=oauth2
      - IOTA_AUTH_HEADER=Authorization
      - IOTA_AUTH_HOST=keyrock
      - IOTA_AUTH_PORT=3000
      - IOTA_AUTH_URL=http://keyrock:3000
      - IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp
   #  - IOTA_AUTH_PERMANENT_TOKEN=true


The default Docker configuration is used in the image, so no provisioning group types are created.

I am able to  provision a trusted group as shown:

curl -X POST \
  http://iot-agent:4041/iot/services \
  -H 'fiware-service: openiot' \
  -H 'fiware-servicepath: /' \
  -d '{
 "services": [
   {
     "apikey":      "4jggokgpepnvsb2uv4s40d59ov",
     "cbroker":     "http://orion:1026",
     "entity_type": "Motion",
     "resource":    "/iot/d",
     "trust": "<motn-auth-token>"
   }
 ]
}'


Question 1 - how do I generate the trust token within Keyrock.

When I provision the device

curl -X POST \
  http://iot-agent:4041/iot/devices \
  -H 'Content-Type: application/json' \
  -H 'fiware-service: openiot' \
  -H 'fiware-servicepath: /' \
  -d '{
 "devices": [
   {
     "device_id":   "motion001",
     "entity_name": "urn:ngsi-ld:Motion:001",
     "entity_type": "Motion",
     "timezone":    "Europe/Berlin",
     "attributes": [
       { "object_id": "c", "name":"count", "type":"Integer"}
      ],
      "static_attributes": [
         {"name":"refStore", "type": "Relationship","value": "urn:ngsi-ld:Store:001"}
      ]
   }
 ]
}
'


I receive the following error in the IoT Agent:

{
    "name": "SECURITY_INFORMATION_MISSING",
    "message": "Some security information was missing for device type:Motion"
}


And the following in the Keyrock logs:

Fri, 06 Dec 2019 14:13:52 GMT idm:oauth2-model_oauth_server -------getClient-------
Executing (default): SELECT `id`, `redirect_uri`, `token_types`, `jwt_secret`, `scope`, `grant_type` FROM `oauth_client` AS `OauthClient` WHERE `OauthClient`.`id` = 'tutorial-dckr-site-0000-xpresswebapp' AND `OauthClient`.`secret` = 'tutorial-lcal-host-0000-clientsecret';
Fri, 06 Dec 2019 14:13:52 GMT idm:oauth_controller Error  { invalid_client: Invalid client: client is invalid


Question 2: What additional information needs to be supplied?


     HD-Enabler: KeyRock

> [fiware-stackoverflow] How to provision a Dockerized secure IoT Agent with Keyrock?
> -----------------------------------------------------------------------------------
>
>                 Key: HELP-16405
>                 URL: https://jira.fiware.org/browse/HELP-16405
>             Project: Help-Desk
>          Issue Type: Monitor
>          Components: FIWARE-TECH-HELP
>            Reporter: Backlog Manager
>            Assignee: Alvaro Alonso
>              Labels: fiware, fiware-keyrock, iot
>
> Created question in FIWARE Q/A platform on 06-12-2019 at 15:12
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/59215410/how-to-provision-a-dockerized-secure-iot-agent-with-keyrock
> +Question:+
> How to provision a Dockerized secure IoT Agent with Keyrock?
> +Description:+
> I'm failing to find this information within the existing documentation - either permanent or non-permanent tokens.
> Using Keyrock 7.8, Ultralight 1.11.0 (though any current agent will do)
> The following Docker parameters are set:
>       - IOTA_AUTH_ENABLED=true
>       - IOTA_AUTH_TYPE=oauth2
>       - IOTA_AUTH_HEADER=Authorization
>       - IOTA_AUTH_HOST=keyrock
>       - IOTA_AUTH_PORT=3000
>       - IOTA_AUTH_URL=http://keyrock:3000
>       - IOTA_AUTH_CLIENT_ID=tutorial-dckr-site-0000-xpresswebapp
>    #  - IOTA_AUTH_PERMANENT_TOKEN=true
> The default Docker configuration is used in the image, so no provisioning group types are created.
> I am able to  provision a trusted group as shown:
> curl -X POST \
>   http://iot-agent:4041/iot/services \
>   -H 'fiware-service: openiot' \
>   -H 'fiware-servicepath: /' \
>   -d '{
>  "services": [
>    {
>      "apikey":      "4jggokgpepnvsb2uv4s40d59ov",
>      "cbroker":     "http://orion:1026",
>      "entity_type": "Motion",
>      "resource":    "/iot/d",
>      "trust": "<motn-auth-token>"
>    }
>  ]
> }'
> Question 1 - how do I generate the trust token within Keyrock.
> When I provision the device
> curl -X POST \
>   http://iot-agent:4041/iot/devices \
>   -H 'Content-Type: application/json' \
>   -H 'fiware-service: openiot' \
>   -H 'fiware-servicepath: /' \
>   -d '{
>  "devices": [
>    {
>      "device_id":   "motion001",
>      "entity_name": "urn:ngsi-ld:Motion:001",
>      "entity_type": "Motion",
>      "timezone":    "Europe/Berlin",
>      "attributes": [
>        { "object_id": "c", "name":"count", "type":"Integer"}
>       ],
>       "static_attributes": [
>          {"name":"refStore", "type": "Relationship","value": "urn:ngsi-ld:Store:001"}
>       ]
>    }
>  ]
> }
> '
> I receive the following error in the IoT Agent:
> {
>     "name": "SECURITY_INFORMATION_MISSING",
>     "message": "Some security information was missing for device type:Motion"
> }
> And the following in the Keyrock logs:
> Fri, 06 Dec 2019 14:13:52 GMT idm:oauth2-model_oauth_server -------getClient-------
> Executing (default): SELECT `id`, `redirect_uri`, `token_types`, `jwt_secret`, `scope`, `grant_type` FROM `oauth_client` AS `OauthClient` WHERE `OauthClient`.`id` = 'tutorial-dckr-site-0000-xpresswebapp' AND `OauthClient`.`secret` = 'tutorial-lcal-host-0000-clientsecret';
> Fri, 06 Dec 2019 14:13:52 GMT idm:oauth_controller Error  { invalid_client: Invalid client: client is invalid
> Question 2: What additional information needs to be supplied?



--
This message was sent by Atlassian JIRA
(v6.4.1#64016)
Previous message: [Backlogmanager] [FIWARE-JIRA] (HELP-16405) [fiware-stackoverflow] How to provision a Dockerized secure IoT Agent with Keyrock?
Next message: [Backlogmanager] [FIWARE-JIRA] (CEF-9) BUILTHUB
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Backlogmanager mailing list
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy