[Fiware-fractals-coaching] [Fractals][Grow-and-Link] IDM issue

Romero, Javier javier.romero at atos.net
Wed Mar 9 12:50:21 CET 2016

Next message: [Fiware-fractals-coaching] Migration from PiraeusN node.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear coachers

The following issue related with IDM has been submitted by Grow-and-Link project:

Dear all,

I am writing you to let you know some problems arose in the implementation of authentication components for gathered information within  grow-&-link project. We have deployed our own IdM server, which we access through web and we can perform basic operations such as create users, get tokens and some queries. However, it is not possible to authenticate as we receive errors. We have tried both pep proxy options (steelskin and wilma) with not success.

We get the following errors:

Using PepProxy steelskin:

·         Status Code: 500
·         Response: { "name": "PEPPROXYAUTHENTICATION_REJECTED", "message": "Proxy authentication was rejected with code: 401" }

Con esta configuración: (campos relevantes unicamente en config.js):

// Protected Resource configuration config.resource = { original: { host: 'localhost', port: 1026 }, proxy: { port: 4003, adminPort: 11211 } };

// Access Control configuration config.access = { disable: true, protocol: 'http', host: '192.168.1.101', port: 4002, path: '/pdp/v3' }

// User identity configuration config.authentication = { checkHeaders: false, module: 'keystone', user: 'pepproxyc2*', //generated by KeyRock IDM password: '31', //generated by KeyRock IDM domainName: 'default', retries: 3, cacheTTLs: { users: 1000, projectIds: 1000, roles: 60 }, options: { protocol: 'http', host: '192.168.1.101', port: 4002, path: '/v3/role_assignments', authPath: '/v3/auth/tokens' } };

// Security configuration config.ssl = { active: false, keyFile: '', certFile: '' }

config.logLevel = 'DEBUG';

// List of component middlewares config.middlewares = { require: 'lib/plugins/orionPlugin', functions: [ 'extractCBAction' ] };

config.dieOnRedirectError = false; config.componentName = 'orion'; config.resourceNamePrefix = 'fiware:'; config.bypass = false;

config.bypassRoleId = '';

Keyrock: domain: default service: keystone /v3/auth/tokens

------------------------------------------------------------------------------------------------------------

Whereas wilma proxy:
2016-03-08 17:08:19.361  - INFO: IDM-Client - Checking token with IDM...
2016-03-08 17:08:19.365  - ERROR: Server - Caught exception: SyntaxError: Unexpected token E

with this config.js file (reelevant fields only):

config.pep_port = 10000;
config.https = undefined;

config.account_host = 'http://192.168.1.101:8000<http://192.168.1.101:8000/>'; //KeyRock IDM - horizon instance.
config.keystone_host = 'http://192.168.1.101<http://192.168.1.101/>'; //KeyRock IDM - keystone instance.
config.keystone_port = 4002;

config.app_host = 'http://192.168.1.102<http://192.168.1.102/>';
config.app_port = '4000';
config.app_ssl = false;

config.username = 'pep_proxy_5e***'; //generated by KeyRock IDM
config.password = 'ce***';           //generated by KeyRock IDM
config.azf = {
    enabled: false,
    host: 'auth.lab.fiware.org<http://auth.lab.fiware.org/>',
    port: 6019,
    path: '/authzforce/domains/',
    custom_policy: undefined // use undefined to default policy checks (HTTP verb + path).
};
config.public_paths = ['/login', '/signup'];


We have checked all information and tried all possible alternatives. Finally, we ask at Stackoverflow, awaiting for response

Question link can be found here:  https://ask.fiware.org/question/419/idm-keystone-authentication-error-for-both-wilma-and-steelkin/


Thanks for the help

BR










---------------------------------
A. Javier Romero Negrín
MRE - Atos Research & Innovation

www.atos.net<http://www.atos.net/>

Feel free to download our booklet at
http://atos.net/en-us/home/we-are/insights-innovation/research-and-innovation.html

This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavors to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted.

Este mensaje y los ficheros adjuntos pueden contener información confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente y pueden estar protegidos por secreto profesional.
Si usted recibe este correo electrónico por error, gracias por informar inmediatamente al remitente y destruir el mensaje.
Al no estar asegurada la integridad de este mensaje sobre la red, Atos no se hace responsable por su contenido. Su contenido no constituye ningún compromiso para el grupo Atos, salvo ratificación escrita por ambas partes.
Aunque se esfuerza al máximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no será responsable de cualesquiera daños que puedan resultar de una transmisión de virus.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-fractals-coaching/attachments/20160309/1e74455b/attachment.html>

Next message: [Fiware-fractals-coaching] Migration from PiraeusN node.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Fiware-fractals-coaching mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy