fiwarefiware-orionfiware-wilma

Can anyone explain the usage of Context Broker via PeP proxy?


I have installed orion Context Broker and pep proxy on my machine. I am targeting the global instance of keyRock and the AuthZforce to authenticate the context broker.

Here is my config.js:

var config = {};

config.pep_port = 1307;

// Set this var to undefined if you don't want the server to listen on HTTPS
config.https = {
    enabled: false,
    cert_file: 'cert/cert.crt',
    key_file: 'cert/key.key',
    port: 443
};

config.account_host = 'https://account.lab.fiware.org';
config.keystone_host = 'cloud.lab.fiware.org';
config.keystone_port = 4731;


config.app_host = 'localhost';
config.app_port = '1026';

config.username = '<my fiware lab username>';
config.password = '<my fiware lab pass>';



// in seconds
config.chache_time = 300;

// if enabled PEP checks permissions with AuthZForce GE.
// only compatible with oauth2 tokens engine
config.azf = {
    enabled: false,
    host: 'auth.lab.fiware.org',
    port: 6019,
    path: '/authzforce/domains/d698df7f-ffd4-11e4-a09d-ed06f24e1e78/pdp'
};

// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];

// options: oauth2/keystone
config.tokens_engine = 'oauth2';

config.magic_key = undefined;

module.exports = config;

when I do node server.js I successfully get:

Starting PEP proxy in port 1307. Keystone authentication ...
Success authenticating PEP proxy. Proxy Auth-token:  e2189bdc1a8b4aae9280b0fd5a6ae8a0

following this installation and administration guide I did the following command:

curl --header "X-Auth-Token:e2189bdc1a8b4aae9280b0fd5a6ae8a0" http://localhost:1307

From there I get this message:

[TOKEN] Checking token with IDM...
User access-token not authorized

I am seriously at a loss here and don't know how access context broker via these three intermediaries?

Whose host am I supposed to ask a token from?

I dont know if I am even asking the right questions. The point of all this is to secure an access to context broker.

Edit 1

After setting up the auth-token.sh, I got the following error:

<orionError>
  <code>400</code>
  <reasonPhrase>Bad Request</reasonPhrase>
  <details>service not found</details>
</orionError>

The node server.js reported this:

Starting PEP proxy in port 1307. Keystone authentication ...
Success authenticating PEP proxy. Proxy Auth-token:  b90604bc94134c1a81414e97a23196f3


[TOKEN] Checking token with IDM...
[ROOT] Access-token OK. Redirecting to app...

previusly the command: sh auth-token.sh <username> <pass> gave me:

X-Auth-Token for '<my email on fiware lab>': OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc

and then I just curl --header "X-Auth-Token:OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc" http://localhost:1307 which gave me the before mentioned error.


Solution

  • The token shown in the boot screen of the PEP Proxy is not the one you need to authenitcate at the PEP Proxy. Please have a look at the description here: Wilma pep proxy and keystone - valid access token not found.

    The easy way is the following:

    Download the file provied here: https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh

    Replace the CLIENT_ID and CLIENT_SECRET with the ones you get from the FIWARE Lab. Also replace https://idm/oauth2/token with https://account.lab.fiware.org/oauth2/token Then just run:

       sh auth-token.sh <user-email> <password>
    

    The script will display you the Auth token for the user account you have used. The you can run the following to access the Orion Context Broker:

       curl --header "X-Auth-Token: <AUTH-TOKEN-DISPLAYED>" http://localhost:1307
    

    You should now receive a proper response from orion, which should run, based on your configuration, on port 1026. Make also sure you have configured the the redirect URL in the FIWARE Lab correctly.