search

FIWARE-TMForum / Business-API-Ecosystem

The FIWARE/TMForum Business API Ecosystem allows the monetization of different kind of assets (both digital and physical) during the whole service life cycle, from offering creation to its charging, accounting and revenue settlement and sharing
https://business-api-ecosystem.rtfd.io/
GNU Affero General Public License v3.0
39 stars 22 forks source link

Fiware BAE with IdM docker installations #34

Closed CTidelius closed 6 years ago

CTidelius commented 6 years ago

I'm having troubles trying to authenticate an user through OAuth2 with a local IdM. It works with the IdM on FIWARE lab, but when I get to the callbackURL I get an error message on localhost:8004 stating

"There was an unexpected error that prevented the system from fulfilling the request. The error will be handled by the administrators. Sorry for the inconvenience."

This is the error message in the terminal: proxy_1 | 2018-09-18 08:29:56.017 - FATAL: Server - 3c97b417-1c23-439d-b6a4-1561f11fd5be - ::ffff:172.20.0.1 - Anonymous - GET: /auth/fiware/callback?code=233a1e1c144b4ff2d068c07f76a67a69115b14ea&state=eyJjYW1lX2Zyb21fcGF0aCI6Ii8ifQ - Unexpected unhandled exception - InternalOAuthError: Failed to obtain access token. Stack trace: proxy_1 | Error: connect ECONNREFUSED 127.0.0.1:3000 proxy_1 | at Strategy.OAuth2Strategy._createOAuthError (/business-ecosystem-logic-proxy/node_modules/passport-oauth2/lib/strategy.js:379:17) proxy_1 | at /business-ecosystem-logic-proxy/node_modules/passport-oauth2/lib/strategy.js:166:45 proxy_1 | at /business-ecosystem-logic-proxy/node_modules/oauth/lib/oauth2.js:191:18 proxy_1 | at ClientRequest. (/business-ecosystem-logic-proxy/node_modules/oauth/lib/oauth2.js:162:5) proxy_1 | at emitOne (events.js:96:13) proxy_1 | at ClientRequest.emit (events.js:188:7) proxy_1 | at Socket.socketErrorListener (_http_client.js:310:9) proxy_1 | at emitOne (events.js:96:13) proxy_1 | at Socket.emit (events.js:188:7) proxy_1 | at emitErrorNT (net.js:1276:8)

This is my configuration in the config.js-file: config.oauth2 = { 'server': 'http://localhost:3000', 'clientID': '158f286e-21c5-4d9c-8063-516f50530271', 'clientSecret': '1ee417d6-c0ce-4906-859c-adbed5cc00d0', 'callbackURL': 'http://localhost:8004/auth/fiware/callback', 'roles': { 'admin': 'provider', 'customer': 'customer', 'seller': 'seller', 'orgAdmin': 'orgAdmin' } };

I have not changed any configurations in the IdM.

Why do I get this error message?

fdelavega commented 6 years ago

If you are using docker, then the containers cannot communicate each other using localhost, so the IdM cannot access to localhost:8004 to send the access token

CTidelius commented 6 years ago

What are my options? I've changed the docker-compose files to use the same network, and using my IP instead of localhost. But that produced an error with mysql which states "Access denied for user 'root'@'*' (using password: YES)" Is there another solution where one does not use localhost/local IP or some other fix?

fdelavega commented 6 years ago

In may opinion (personal) I think that the easiest way to communicate containers in the same host is using the docker alias name, rather than using the IPs assigned by docker, then you can map localhost to the different aliases using the hosts file of the host machine. This way the URL for accessing a service is the same no matter is the request is done from a the host machine or from another container.

Anyway what mysql is crashing BAE or IDM one?

CTidelius commented 6 years ago

I thought it was the BAE, but it seems to be the IDM.

fdelavega commented 6 years ago

This is because they are using mysql-server image which makes this validation. If you use mysql:5.7 directly and remove the allowed_host setting it should work

CTidelius commented 6 years ago

Thank you, that helped solve my problem.

Unfortunately, I've come across other issues regarding the RSS and the logic proxy.

Trying to create a new catalog in MyStock as a seller produces this error:

proxy_1 | 2018-09-20 12:28:41.716 - FATAL: Server - c53a8df9-6a74-4756-9aac-94fba22ebf43 - ::ffff:172.18.1.1 - 767fb202-715c-4eac-9763-a55529b61478 - POST: /DSProductCatalog/api/catalogManagement/v2/catalog - Unexpected unhandled exception - TypeError: Cannot read property 'enabled' of undefined. Stack trace: proxy_1 | TypeError: Cannot read property 'enabled' of undefined proxy_1 | at Object.exports.getIndividualURL (/business-ecosystem-logic-proxy/lib/tmfUtils.js:225:21) proxy_1 | at /business-ecosystem-logic-proxy/lib/tmfUtils.js:191:43 proxy_1 | at Array.some (native) proxy_1 | at Object.exports.hasPartyRole (/business-ecosystem-logic-proxy/lib/tmfUtils.js:189:42) proxy_1 | at Object.exports.isOwner (/business-ecosystem-logic-proxy/lib/tmfUtils.js:32:47) proxy_1 | at createHandler (/business-ecosystem-logic-proxy/controllers/tmf-apis/catalog.js:729:22) proxy_1 | at /business-ecosystem-logic-proxy/controllers/tmf-apis/catalog.js:818:25 proxy_1 | at /business-ecosystem-logic-proxy/controllers/tmf-apis/catalog.js:704:21 proxy_1 | at Request._callback (/business-ecosystem-logic-proxy/controllers/tmf-apis/catalog.js:71:17) proxy_1 | at Request.self.callback (/business-ecosystem-logic-proxy/node_modules/request/request.js:185:22) proxy_1 | at emitTwo (events.js:106:13) proxy_1 | at Request.emit (events.js:191:7) proxy_1 | at Request. (/business-ecosystem-logic-proxy/node_modules/request/request.js:1157:10) proxy_1 | 2018-09-20 12:28:41.719 - WARN: Server - c53a8df9-6a74-4756-9aac-94fba22ebf43 - ::ffff:172.18.1.1 - 767fb202-715c-4eac-9763-a55529b61478 - POST: /DSProductCatalog/api/catalogManagement/v2/catalog - Status: 500

While trying to access MyRevenue this was the printout:

proxy_1 | 2018-09-20 12:44:41.777 - INFO: TMF - a5677546-e384-4c77-8fbd-fb25f63037f0 - ::ffff:172.18.1.1 - 767fb202-715c-4eac-9763-a55529b61478 - GET: /DSRevenueSharing/rss/models?action=count&providerId=767fb202-715c-4eac-9763-a55529b61478 - Validating RSS provider proxy_1 | 2018-09-20 12:44:41.904 - WARN: TMF - a5677546-e384-4c77-8fbd-fb25f63037f0 - ::ffff:172.18.1.1 - 767fb202-715c-4eac-9763-a55529b61478 - GET: /DSRevenueSharing/rss/models?action=count&providerId=767fb202-715c-4eac-9763-a55529b61478 - Pre-Validation (DSRevenueSharing): An unexpected error in the RSS API prevented your request to be processed proxy_1 | 2018-09-20 12:44:41.909 - WARN: Server - a5677546-e384-4c77-8fbd-fb25f63037f0 - ::ffff:172.18.1.1 - 767fb202-715c-4eac-9763-a55529b61478 - GET: /DSRevenueSharing/rss/models?action=count&providerId=767fb202-715c-4eac-9763-a55529b61478 - Status: 500

fdelavega commented 6 years ago

Are you using the develop tag? Can you share the docker-compose file?

CTidelius commented 6 years ago

Yes, I'm using the developer tag.

The settings I've changed in the config.js file are:

config.oauth2 = { 'server': 'http://192.168.1.141:3000/', 'clientID': 'd7a89af0-4582-4b14-a2b1-1ac715af03b6', 'clientSecret': '1f2dd2f5-bb22-4447-b7c5-dd21eaf61374', 'callbackURL': 'http://192.168.1.141:8004/auth/fiware/callback', 'roles': { 'admin': 'provider', 'customer': 'customer', 'seller': 'seller', 'orgAdmin': 'orgAdmin' } };

docker-compose-idm.txt docker-compose.txt

capossele commented 6 years ago

The problem is that in the business-api-ecosystem the config.js of the logic proxy is missing the following: config.proxy = { enabled: false, host: '', secured: false, port: 80 } Change it accordingly and it should work.