1. 技术文章
  2. Can anyone explain the usage of Context Broker via PeP proxy?

Can anyone explain the usage of Context Broker via PeP proxy?

久未见 提交于 2019-12-24 11:32:50

问题


I have installed orion Context Broker and pep proxy on my machine. I am targeting the global instance of keyRock and the AuthZforce to authenticate the context broker.

Here is my config.js:

var config = {};

config.pep_port = 1307;

// Set this var to undefined if you don't want the server to listen on HTTPS
config.https = {
    enabled: false,
    cert_file: 'cert/cert.crt',
    key_file: 'cert/key.key',
    port: 443
};

config.account_host = 'https://account.lab.fiware.org';
config.keystone_host = 'cloud.lab.fiware.org';
config.keystone_port = 4731;


config.app_host = 'localhost';
config.app_port = '1026';

config.username = '<my fiware lab username>';
config.password = '<my fiware lab pass>';



// in seconds
config.chache_time = 300;

// if enabled PEP checks permissions with AuthZForce GE.
// only compatible with oauth2 tokens engine
config.azf = {
    enabled: false,
    host: 'auth.lab.fiware.org',
    port: 6019,
    path: '/authzforce/domains/d698df7f-ffd4-11e4-a09d-ed06f24e1e78/pdp'
};

// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];

// options: oauth2/keystone
config.tokens_engine = 'oauth2';

config.magic_key = undefined;

module.exports = config;

when I do node server.js I successfully get: 

Starting PEP proxy in port 1307. Keystone authentication ...
Success authenticating PEP proxy. Proxy Auth-token:  e2189bdc1a8b4aae9280b0fd5a6ae8a0

following this installation and administration guide I did the following command:

curl --header "X-Auth-Token:e2189bdc1a8b4aae9280b0fd5a6ae8a0" http://localhost:1307

From there I get this message:

[TOKEN] Checking token with IDM...
User access-token not authorized

I am seriously at a loss here and don't know how access context broker via these three intermediaries?

Whose host am I supposed to ask a token from?

I dont know if I am even asking the right questions. The point of all this is to secure an access to context broker.

Edit 1

After setting up the auth-token.sh, I got the following error:

<orionError>
  <code>400</code>
  <reasonPhrase>Bad Request</reasonPhrase>
  <details>service not found</details>
</orionError>

The node server.js reported this:

Starting PEP proxy in port 1307. Keystone authentication ...
Success authenticating PEP proxy. Proxy Auth-token:  b90604bc94134c1a81414e97a23196f3


[TOKEN] Checking token with IDM...
[ROOT] Access-token OK. Redirecting to app...

previusly the command: sh auth-token.sh <username> <pass> gave me:

X-Auth-Token for '<my email on fiware lab>': OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc

and then I just curl --header "X-Auth-Token:OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc" http://localhost:1307 which gave me the before mentioned error.


回答1:


The token shown in the boot screen of the PEP Proxy is not the one you need to authenitcate at the PEP Proxy. Please have a look at the description here: Wilma pep proxy and keystone - valid access token not found.

The easy way is the following:

Download the file provied here: https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh

Replace the CLIENT_ID and CLIENT_SECRET with the ones you get from the FIWARE Lab. Also replace https://idm/oauth2/token with https://account.lab.fiware.org/oauth2/token Then just run:

   sh auth-token.sh <user-email> <password>

The script will display you the Auth token for the user account you have used. The you can run the following to access the Orion Context Broker:

   curl --header "X-Auth-Token: <AUTH-TOKEN-DISPLAYED>" http://localhost:1307

You should now receive a proper response from orion, which should run, based on your configuration, on port 1026. Make also sure you have configured the the redirect URL in the FIWARE Lab correctly.




回答2:


The answer given from @geissler is correct. Regarding the Edit 1, this is not an error returned by PEP, Authzforce or KeyRock, is an error regarding Orion Context Broker usage.

Doing 

curl --header "X-Auth-Token:OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc" http://localhost:1307

You are not querying any operation, and that's why you receive this error. Please check the Orion User and Programmers Guide to find out how to use Orion Context Broker.

For end to end testing, you can always query Orion just to retrieve the Version by doing:

curl --header "X-Auth-Token:OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc" http://localhost:1307/version

So if you get it, you will properly access the protected Orion.



来源:https://stackoverflow.com/questions/32248526/can-anyone-explain-the-usage-of-context-broker-via-pep-proxy

标签
fiware
fiware-orion
fiware-wilma
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!