We use proprietary and third party´s cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2016-03-09 09:43:35 +0200

ghernandez gravatar image

IdM, Keystone authentication error for both (wilma and steelkin)

Hi All,

We have deployed our own Keyrock IDM instance and try to configure a PEP-Proxy as layer os security in front of a Context Broker+Cygnus instance. but we can not perform any operation with any of both PEP-Proxies: Wilma or Steelskin. We can manage users, obtain and validate tokens (using the keystone API as reference), but for any other operation we always get an error:

Using pepProxy steelkin, we got:

  • Status Code: 500
  • Response: { "name": "PEPPROXYAUTHENTICATION_REJECTED", "message": "Proxy authentication was rejected with code: 401" }

with this configuration (reelevant fields only):

// Protected Resource configuration config.resource = { original: { host: 'localhost', port: 1026 }, proxy: { port: 4003, adminPort: 11211 } };

// Access Control configuration config.access = { disable: true, protocol: 'http', host: '192.168.1.101', port: 4002, path: '/pdp/v3' }

// User identity configuration config.authentication = { checkHeaders: false, module: 'keystone', user: 'pepproxyc2*', //generated by KeyRock IDM password: '31', //generated by KeyRock IDM domainName: 'default', retries: 3, cacheTTLs: { users: 1000, projectIds: 1000, roles: 60 }, options: { protocol: 'http', host: '192.168.1.101', port: 4002, path: '/v3/role_assignments', authPath: '/v3/auth/tokens' } };

// Security configuration config.ssl = { active: false, keyFile: '', certFile: '' }

config.logLevel = 'DEBUG';

// List of component middlewares config.middlewares = { require: 'lib/plugins/orionPlugin', functions: [ 'extractCBAction' ] };

config.dieOnRedirectError = false; config.componentName = 'orion'; config.resourceNamePrefix = 'fiware:'; config.bypass = false;

config.bypassRoleId = '';

Keyrock: domain: default service: keystone /v3/auth/tokens

Using wilma proxy, we get :

2016-03-08 17:08:19.361 - INFO: IDM-Client - Checking token with IDM... 2016-03-08 17:08:19.365 - ERROR: Server - Caught exception: SyntaxError: Unexpected token E

with this config.js file (reelevant fields only):

config.pep_port = 10000; config.https = undefined;

config.accounthost = 'http://192.168.1.101:8000'; //KeyRock IDM - horizon instance. config.keystonehost = 'http://192.168.1.101'; //KeyRock IDM - keystone instance. config.keystone_port = 4002;

config.apphost = 'http://192.168.1.102'; config.appport = '4000'; config.app_ssl = false;

config.username = 'pepproxy5e'; //generated by KeyRock IDM config.password = 'ce'; //generated by KeyRock IDM config.azf = { enabled: false, host: 'auth.lab.fiware.org', port: 6019, path: '/authzforce/domains/', custompolicy: undefined // use undefined to default policy checks (HTTP verb + path). }; config.publicpaths = ['/login', '/signup'];

All GEs are deployed in our local machines and perform well individually.

Best regards Gustavo

Copyright Askbot, 2010-2011. Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | cookies policy | give feedback
Powered by Askbot version 0.7.53