We use proprietary and third party´s cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Ask Your Question
0

IdM, Keystone authentication error for both (wilma and steelkin)

asked 2016-03-09 09:43:35 +0200

ghernandez gravatar image

Hi All,

We have deployed our own Keyrock IDM instance and try to configure a PEP-Proxy as layer os security in front of a Context Broker+Cygnus instance. but we can not perform any operation with any of both PEP-Proxies: Wilma or Steelskin. We can manage users, obtain and validate tokens (using the keystone API as reference), but for any other operation we always get an error:

Using pepProxy steelkin, we got:

  • Status Code: 500
  • Response: { "name": "PEPPROXYAUTHENTICATION_REJECTED", "message": "Proxy authentication was rejected with code: 401" }

with this configuration (reelevant fields only):

// Protected Resource configuration config.resource = { original: { host: 'localhost', port: 1026 }, proxy: { port: 4003, adminPort: 11211 } };

// Access Control configuration config.access = { disable: true, protocol: 'http', host: '192.168.1.101', port: 4002, path: '/pdp/v3' }

// User identity configuration config.authentication = { checkHeaders: false, module: 'keystone', user: 'pepproxyc2*', //generated by KeyRock IDM password: '31', //generated by KeyRock IDM domainName: 'default', retries: 3, cacheTTLs: { users: 1000, projectIds: 1000, roles: 60 }, options: { protocol: 'http', host: '192.168.1.101', port: 4002, path: '/v3/role_assignments', authPath: '/v3/auth/tokens' } };

// Security configuration config.ssl = { active: false, keyFile: '', certFile: '' }

config.logLevel = 'DEBUG';

// List of component middlewares config.middlewares = { require: 'lib/plugins/orionPlugin', functions: [ 'extractCBAction' ] };

config.dieOnRedirectError = false; config.componentName = 'orion'; config.resourceNamePrefix = 'fiware:'; config.bypass = false;

config.bypassRoleId = '';

Keyrock: domain: default service: keystone /v3/auth/tokens

Using wilma proxy, we get :

2016-03-08 17:08:19.361 - INFO: IDM-Client - Checking token with IDM... 2016-03-08 17:08:19.365 - ERROR: Server - Caught exception: SyntaxError: Unexpected token E

with this config.js file (reelevant fields only):

config.pep_port = 10000; config.https = undefined;

config.accounthost = 'http://192.168.1.101:8000'; //KeyRock IDM - horizon instance. config.keystonehost = 'http://192.168.1.101'; //KeyRock IDM - keystone instance. config.keystone_port = 4002;

config.apphost = 'http://192.168.1.102'; config.appport = '4000'; config.app_ssl = false;

config.username = 'pepproxy5e'; //generated by KeyRock IDM config.password = 'ce'; //generated by KeyRock IDM config.azf = { enabled: false, host: 'auth.lab.fiware.org', port: 6019, path: '/authzforce/domains/', custompolicy: undefined // use undefined to default policy checks (HTTP verb + path). }; config.publicpaths = ['/login', '/signup'];

All GEs are deployed in our local machines and perform well individually.

Best regards Gustavo

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted
0

answered 2016-03-14 09:09:45 +0200

aalonsog gravatar image

Which Wilma version are you using? We introduce a patch that fix this issue few days ago. Please, could you update your code and try again?

edit flag offensive delete link more
Login/Signup to Answer

Question Tools

1 follower

Stats

Asked: 2016-03-09 09:43:35 +0200

Seen: 2,847 times

Last updated: Mar 09 '16