[Backlogmanager] [FIWARE-JIRA] (HELP-17650) [fiware-stackoverflow] Configuring Fiware PEP Proxy, Keyrock and Orion Context Broker

Fernando Lopez (JIRA) jira-help-desk at jira.fiware.org
Mon Apr 26 09:36:00 CEST 2021

Previous message: [Backlogmanager] [FIWARE-JIRA] (LAB-5010) Create new FIWARE Lab user account
Next message: [Backlogmanager] [FIWARE-JIRA] (HELP-17679) [fiware-askbot] How to use cygnus with Kafka and docker
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     [ https://jira.fiware.org/browse/HELP-17650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Fernando Lopez reassigned HELP-17650:
-------------------------------------

    Assignee: Jason Fox

> [fiware-stackoverflow] Configuring Fiware PEP Proxy, Keyrock and Orion Context Broker
> -------------------------------------------------------------------------------------
>
>                 Key: HELP-17650
>                 URL: https://jira.fiware.org/browse/HELP-17650
>             Project: Help-Desk
>          Issue Type: Monitor
>          Components: FIWARE-TECH-HELP
>            Reporter: Backlog Manager
>            Assignee: Jason Fox
>              Labels: fiware, fiware-wilma
>
> Created question in FIWARE Q/A platform on 19-04-2021 at 11:04
> {color: red}Please, ANSWER this question AT{color} https://stackoverflow.com/questions/67160883/configuring-fiware-pep-proxy-keyrock-and-orion-context-broker
> +Question:+
> Configuring Fiware PEP Proxy, Keyrock and Orion Context Broker
> +Description:+
> I'm trying to integrate Keyrock and PEP Proxy in order to secure the access to the Context Broker but I'm having some issues.
> What I want to achieve is that only determined users registered in Keyrock can access to the Context Broker.
> I followed Fiware tutorials but in that development scene there is an application wich listens on port 3000 that is registered in Keyrock. But how can I get the same result without that tutorial application? Can't I secure access to the Context Broker without an application?
> If it's possible, it would be nice some help. Here you have relevant part of my docker-compose file:
> keyrock:
>     image: fiware/idm:${KEYROCK_VERSION}
>     container_name: fiware-keyrock
>     hostname: keyrock
>     networks:
>       default:
>         ipv4_address: 172.18.1.5
>     depends_on:
>         - mysql-db
>     ports:
>         - "${KEYROCK_PORT}:${KEYROCK_PORT}" # localhost:3005
>         - "${KEYROCK_HTTPS_PORT}:${KEYROCK_HTTPS_PORT}" # localhost:3443
>     environment:
>         - "DEBUG=idm:*"
>         - "IDM_DB_HOST=mysql-db"
>         - "IDM_DB_PASS_FILE=/run/secrets/my_secret_data"
>         - "IDM_DB_USER=root"
>         - "IDM_PORT=${KEYROCK_PORT}"
>         - "IDM_HOST=http://localhost:${KEYROCK_PORT}"
>         - "IDM_HTTPS_ENABLED=${IDM_HTTPS_ENABLED}"
>         - "IDM_HTTPS_PORT=${KEYROCK_HTTPS_PORT}"
>         - "IDM_ADMIN_USER=admin"
>         - "IDM_ADMIN_EMAIL=admin at test.com"
>         - "IDM_ADMIN_PASS=1234"
>     secrets:
>         - my_secret_data
>     healthcheck:
>         interval: 5s
> # Database
> mysql-db:
>     restart: always
>     image: mysql:${MYSQL_DB_VERSION}
>     hostname: mysql-db
>     container_name: db-mysql
>     expose:
>       - "${MYSQL_DB_PORT}"
>     ports:
>       - "${MYSQL_DB_PORT}:${MYSQL_DB_PORT}"
>     networks:
>       default:
>         ipv4_address: 172.18.1.6
>     environment:
>       - "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_secret_data"
>       - "MYSQL_ROOT_HOST=172.18.1.5" # Allow Keyrock to access this database
>     volumes:
>       - mysql-db:/var/lib/mysql
>     secrets:
>       - my_secret_data
> orion-proxy:
>     image: fiware/pep-proxy
>     container_name: fiware-orion-proxy
>     hostname: orion-proxy
>     networks:
>       default:
>         ipv4_address: 172.18.1.10
>     depends_on:
>         - keyrock
>     ports:
>         - "1027:1027"
>     expose:
>         - "1027"
>     environment:
>         - PEP_PROXY_APP_HOST=orion
>         - PEP_PROXY_APP_PORT=1026
>         - PEP_PROXY_PORT=1027
>         - PEP_PROXY_IDM_HOST=keyrock
>         - PEP_PROXY_HTTPS_ENABLED=false
>         - PEP_PROXY_AUTH_ENABLED=false
>         - PEP_PROXY_IDM_SSL_ENABLED=false
>         - PEP_PROXY_IDM_PORT=3005
>         - PEP_PROXY_APP_ID= <Obtained in Keyrock>
>         - PEP_PROXY_USERNAME= <Obtained in Keyrock>
>         - PEP_PASSWORD= <Obtained in Keyrock>
>         - PEP_PROXY_PDP=idm
>         - PEP_PROXY_MAGIC_KEY=1234
> In order to test it, I registered a test application with URL localhost:1026 (orion context broker URL)  with a PEP Proxy (from wich I got PEP_PROXY_APP_ID, PEP_PROXY_USERNAME and PEP_PASSWORD).
> When I run the docker containers it works but the problem comes when I try to get an access token using this bash (changing CLIENT_ID and CLIENT_SECRET to those obtained in the OAuth2 field of the application and https://idm/oauth2/token to http://localhost:3005/oauth2/token) with admin credentials.
> I get invalid_client: Invalid client: client is invalid error.
> If you need to see any more file just ask me.



--
This message was sent by Atlassian JIRA
(v6.4.1#64016)

Previous message: [Backlogmanager] [FIWARE-JIRA] (LAB-5010) Create new FIWARE Lab user account
Next message: [Backlogmanager] [FIWARE-JIRA] (HELP-17679) [fiware-askbot] How to use cygnus with Kafka and docker
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Backlogmanager mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy