conwetlab / ckanext-oauth2

OAuth2 support for CKAN
GNU Affero General Public License v3.0
25 stars 56 forks source link

Problems connecting Idm KeyRock and CKAN using this extension #24

Closed Urtza2 closed 6 years ago

Urtza2 commented 6 years ago

Hi, I'm Urtza Iturraspe and I am testing CKAN and all its extension for using it in a European Project and defend it to European Comission. I have some problems with this extension when I use oauth extension. In my production.ini file I put the extesion and all information related this. ckan.plugins = stats text_view image_view recline_view oauth2

## OAuth2 configuration
ckan.oauth2.logout_url = /user/_logout
ckan.oauth2.register_url = https://localhost:8443/sign_up/
ckan.oauth2.reset_url = https://localhost:8443/password/request/
ckan.oauth2.edit_url = https://localhost:8443/idm/settings
ckan.oauth2.authorization_endpoint = https://localhost:8443/oauth2/authorize
ckan.oauth2.token_endpoint = https://localhost:8443/oauth2/token
ckan.oauth2.profile_api_url = https://localhost:8443/user
ckan.oauth2.client_id = 7ef5d5fa-a0a9-4f19-ba4b-417d9611d032
ckan.oauth2.client_secret = 4964cf66-eed4-4f70-af99-ad41329a1f59
ckan.oauth2.scope = all_info
ckan.oauth2.rememberer_name = auth_tkt
ckan.oauth2.profile_api_user_field = username
ckan.oauth2.profile_api_fullname_field = displayName
ckan.oauth2.profile_api_mail_field = email
ckan.oauth2.authorization_header = Bearer
ckan.oauth2.legacy_idm = True

I have created and IDM application for this too, putting callback URL correctly. I started Idm and restart apache and when I sign in into IDM with the user and password and when I return to CKAN I have this error:

(psycopg2.IntegrityError) duplicate key value violates unique constraint "user_name_key" DETAIL: Key (name)=(admin) already exists.

I look into oauth.js file :+1: def identify --> method users = model.User.by_email(email) log.debug(' length users::: '+str(len(users))) -> I get 0 users.

It is correct?

At the end of this meths:

Save the user in the database

        model.Session.add(user)

        model.Session.commit()

        model.Session.remove()

My error came using the last three lines of this method. In which database save the user? I can't do anything else, please someone can help me?

I am using KeyRock 7.0.1 version, It is neccesary use another one. If it is OK I have a problem because I have install Biz Ecosystem and it uses KeyRock 7.0.1.

Thanks, Urtza

aitormagan commented 6 years ago

Hi,

As you have stated in your question, the extension looks for an user with the email provided by the IdM. If the user exists, its details are updated. Otherwise, a new user is created. Your case is the second one: the email provided by the IdM does not exist in the database. So the plugin tries to create a new user with user name admin (the one provided by the IdM). However, a user with username admin already exists in Ckan and the login process fails.

Based on that, I find two possible solutions:

  1. Change the CKAN admin user so its email matches with the email of the admin user returned by the IdM. If you have not used the CKAN admin user to create any resource (datasets, groups, etc.), you can also remove that user. The user will be recreated the first time you log in using the IdM. Once created, the admin user can become an administrator again by using the steps provided in the CKAN documentation.
  2. Try logging in the IdM with a different user (one with a username different from admin).
Urtza2 commented 6 years ago

Thanks a lot Aitor. I create a new user in Idm (adminIdm) and now it's works well. I don't know if another error that I have is related with this but when I click on in "View Profile" I get "Internal Server Error". I take a look apache log file and I can't see any error.

[DEBUG [ckanext.oauth2.plugin] URTZA :::: identify INFO [ckanext.oauth2.plugin] User adminIdm logged using session INFO [ckanext.oauth2.plugin] UserName is: adminIdm INFO [ckanext.oauth2.plugin] g.user: adminIdm INFO [ckanext.oauth2.plugin] toolkit c.user: adminIdm INFO [ckanext.oauth2.plugin] toolkit c.usertoken: {u'access_token': u'93166fb13a5ace852cf052eda0306b9251bde927', u'token_type': u'Bearer', u'expires_in': u'28799', u'refresh_token': u'b9b629b68eaa453bab5bdfc7bba2161a093ab457'} INFO [ckanext.oauth2.plugin] toolkit c.usertoken_refresh: <functools.partial object at 0x7f3fbee3e100>

Do you know what is the problem?

Thanks again

Urtza

aitormagan commented 6 years ago

Isn’t there more information in the Apache logs? The trace you sent don’t show any Internal Server Error :(

Un saludo Aitor

El 4 sept 2018, a las 8:18, Urtza notifications@github.com escribió:

Thanks a lot Aitor. I create a new user in Idm (adminIdm) and now it's works well. I don't know if another error that I have is related with this but when I click on in "View Profile" I get "Internal Server Error". I take a look apache log file and I can't see any error.

[DEBUG [ckanext.oauth2.plugin] URTZA :::: identify INFO [ckanext.oauth2.plugin] User adminIdm logged using session INFO [ckanext.oauth2.plugin] UserName is: adminIdm INFO [ckanext.oauth2.plugin] g.user: adminIdm INFO [ckanext.oauth2.plugin] toolkit c.user: adminIdm INFO [ckanext.oauth2.plugin] toolkit c.usertoken: {u'access_token': u'93166fb13a5ace852cf052eda0306b9251bde927', u'token_type': u'Bearer', u'expires_in': u'28799', u'refresh_token': u'b9b629b68eaa453bab5bdfc7bba2161a093ab457'} INFO [ckanext.oauth2.plugin] toolkit c.usertoken_refresh: <functools.partial object at 0x7f3fbee3e100>

Do you know what is the problem?

Thanks again

Urtza

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

Urtza2 commented 6 years ago

Hi again, I have Idm KeyRock in 8443 port so it runs on https://localhost:8443

I put this as profile_api_url in "production.ini" file (CKAN)

ckan.oauth2.profile_api_url = https://localhost:8443/user

I look into "error.log" file and I can see this:

Tue Sep 04 08:38:44.648280 2018] [wsgi:warn] [pid 6527:tid 140055651260288] mod_wsgi: Compiled for Python/2.7.11.
[Tue Sep 04 08:38:44.648293 2018] [wsgi:warn] [pid 6527:tid 140055651260288] mod_wsgi: Runtime using Python/2.7.12.
[Tue Sep 04 08:38:44.649900 2018] [mpm_event:notice] [pid 6527:tid 140055651260288] AH00489: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g mod_wsgi/4.3.0 Python/2.7.12 configured -- resuming normal operations
[Tue Sep 04 08:38:44.649916 2018] [core:notice] [pid 6527:tid 140055651260288] AH00094: Command line: '/usr/sbin/apache2'
[Tue Sep 04 08:43:16.246722 2018] [mpm_event:notice] [pid 6527:tid 140055651260288] AH00491: caught SIGTERM, shutting down

Something causes that apache stop. Do you know anything about this?

thanks

Urtza2 commented 6 years ago

Hi Aitor, Do not pay attention to my last comment. I stop apache manually that is the cause. Sorry.

In "ckan_default.error.log" file I can't see any error related with Internal Server error.

I upload complete file since I've start apache, logging with idm user and I try to view profile "adminIdm" user.

ckan_default.error.log

aitormagan commented 6 years ago

I have looked into the log you have sent but I can’t see anything. It’s a long time without me debugging the extension, but as far as I remember there was an Apache Log that prints all the exception stack trace when an error arises. Please, can you find that log?

BR Aitor

El 4 sept 2018, a las 9:00, Urtza notifications@github.com escribió:

Hi Aitor, Do not pay attention to my last comment. I stop apache manually that is the cause. Sorry.

In "ckan_default.error.log" file I can't see any error related with Internal Server error.

I upload complete file since I've start apache, logging with idm user and I try to view profile "adminIdm" user.

ckan_default.error.log

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

Urtza2 commented 6 years ago

Hi, I have changed LogLevel to debug and not I get another information in log file. I only can see this error: End of file found: [client 127.0.0.1:41988] AH01991: SSL input filter read failed.

Do you know something about this, could be something related to SSLCipherSuite. My "ckan_default.conf" located in sites_available of apache is the following:

WSGISocketPrefix /var/run/wsgi <VirtualHost 0.0.0.0:443>

ServerName www.ckan.com
ServerAlias www.default.ckan.com
WSGIScriptAlias / /etc/ckan/default/apache.wsgi

# pass authorization info on (needed for rest api)
WSGIPassAuthorization On

# Deploy as a daemon (avoids conflicts between CKAN instances)
WSGIDaemonProcess ckan_default display-name=ckan_default processes=2 threads=15

WSGIProcessGroup ckan_default

ErrorLog /var/log/apache2/ckan_default.error.log
CustomLog /var/log/apache2/ckan_default.custom.log combined
   SSLEngine On
    SSLCertificateFile /etc/ssl/certs/ckan.crt
    SSLCertificateKeyFile /etc/ssl/private/ckan.key 

    SSLProtocol all -SSLv2
    SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
     SSLHonorCipherOrder     on
     SSLCompression          off

    <Directory />
    Require all granted
    </Directory>

</VirtualHost>
<VirtualHost 0.0.0.0:80>
    ServerName www.ckan.com
    Redirect permanent / https://www.ckan.com
</VirtualHost>

ckan_default.error.log

aitormagan commented 6 years ago

Sorry, but I can't see an error in your configuration or in the traces you have sent :(. What CKAN version are you using? Can you share a screenshot of the error you are getting?

BR Aitor

aitormagan commented 6 years ago

As no response received in 7 days, we will close the issue. Please, feel free to reopen the issue if your issue is not resolved.

BR Aitor

Urtza2 commented 6 years ago

Sorry Aitor, I came back of my holidays today. I don't know if you are going to receive this message. Urtza

aitormagan commented 6 years ago

Yes, I can read your comment :)

Un saludo Aitor

El 18 sept 2018, a las 7:56, Urtza notifications@github.com escribió:

Sorry Aitor, I came back of my holidays today. I don't know if you are going to receive this message. Urtza

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.

Urtza2 commented 6 years ago

I have install the latest stable release version 2.8.0 I attach you two screenshot, "Internal Server Error" error appear when I have clicked on admin to recover its settings.

virtualbox_lubuntu_replicate_ckan_test_18_09_2018_08_54_33 virtualbox_lubuntu_replicate_ckan_test_18_09_2018_08_55_06

aitormagan commented 6 years ago

I can’t see anything in your screenshots. They are completely black :(

Un saludo Aitor

El 18 sept 2018, a las 8:58, Urtza notifications@github.com escribió:

I have install the latest stable release version 2.8.0 I attach you two screenshot, "Internal Server Error" error appear when I have clicked on admin to recover its settings.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.

Urtza2 commented 6 years ago

Sorry, here you are the correct attachments:..

ckan1 ckan2

aitormagan commented 6 years ago

Have you tried with a different user?

El 18 sept 2018, a las 9:05, Urtza notifications@github.com escribió:

Sorry, here you are the correct attachments:..

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.

Urtza2 commented 6 years ago

No I haven't got any other user. To do this I have to create two new users, one for ckan and another one for IDM and the email of this users has to be the same, it is correct?

aitormagan commented 6 years ago

No, you have just to create the user in the IdM. Once you login in the CKAN instance the user will be created automatically. Probably that’s your problem: the users cannot be created in the CKAN instance manually.

Un saludo Aitor

El 18 sept 2018, a las 9:13, Urtza notifications@github.com escribió:

No I haven't got any other user. To do this I have to create two new users, one for ckan and another one for IDM and the email of this users has to be the same, it is correct?

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.

Urtza2 commented 6 years ago

Probably I have an error creating users. I have not configure email to receive sign up confirmation from IDM and the user in the IDM is not correctly created. After of this I try to login with this user in the IDM and I receive an error message "invalid user or password". I have to configure email to receive confirmation link, isn't it?

Un saludo ;-) Urtza

Urtza2 commented 6 years ago

Another question, when you say " Once you login in the CKAN instance the user will be created automatically.", I have to login in ckan through the idm login window or without ckanesxt-oauth extension?

Urtza2 commented 6 years ago

Aitor no se si puedo pero te escribo en castellano ya que igual no me explico bien en inglés: 1.- Abro la página del IDM y le doy al botón "Sign up". Creo un usuario en el IDM pero como no tengo configurado el correo para recibir el email de confirmación, lo que hago es entrar en la base de datos y lo activo a mano. 2.- Ahora viene mi duda: Abro la página de CKAN (https://www.ckan.com) con el plugin ckanext-ouath2 o no? 2.1 Si lo abro con el plugin me abre la pagina de login del IDM y me logueo con el usuario que he creado en el paso 1. Ahora es donde se crea un usuario en CKAN? He hecho este paso y me da el mismo error "Internal Server Error"

2.2 o no uso el plugin?

Sabes si que he podido hacer mal? Gracias Urtza

aitormagan commented 6 years ago

I don’t know exactly how the IdM works but I guess you have to confirm the user in order to be able to login.

When the ckanext-oauth extension is installed, if you click in the “Log in” link in CKAN, you should be redirected to the IdM in order to introduce your credentials. Once introduced, you will be redirected again to CKAN and your user will be created.

Un saludo Aitor

El 18 sept 2018, a las 10:17, Urtza notifications@github.com escribió:

Another question, when you say " Once you login in the CKAN instance the user will be created automatically.", I have to login in ckan through the idm login window or without ckanesxt-oauth extension?

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.

aitormagan commented 6 years ago

Perdona, no había visto tu último correo, pero sí, puedes hablarme en castellano sin problema (de hecho, mejor :P)

Como te decía en mi ultimo correo, lo que tienes que hacer es entrar en tu instancia de CKAN (no en https://ckan.com porque esta es la página principal del proyecto CKAN). Allí tienes que pinchar el botón de "Log In" y eso debería redirigirte al IdM. Una vez en el IdM, introduces los datos de tu usuario (prueba con otro q no sea admin), y eso debería volver a tu instancia de CKAN.

Prueba con esto y me cuentas.

Mientras, ¿puedes pasarme la configuración de tu instancia de CKAN para confirmar que todo está bien?

Un saludo Aitor

Urtza2 commented 6 years ago

Yo siempre entro desde https://www.ckan.com Cuál es la instancia de CKAN? yo siempre entro en https://www.ckan.com y cuando pincho en login me redirecciona al IDM debido a que esta activado el plugin y configurado todo en el fichero production.ini

Te paso el production.ini:

#
# CKAN - Pylons configuration
#
# These are some of the configuration options available for your CKAN
# instance. Check the documentation in 'doc/configuration.rst' or at the
# following URL for a description of what they do and the full list of
# available options:
#
# http://docs.ckan.org/en/latest/maintaining/configuration.html
#
# The %(here)s variable will be replaced with the parent directory of this file
#

[DEFAULT]

# WARNING: *THIS SETTING MUST BE SET TO FALSE ON A PRODUCTION ENVIRONMENT*
debug = false

[server:main]
use = egg:Paste#http
host = 0.0.0.0
port = 5000

[app:main]
use = egg:ckan
full_stack = true
cache_dir = /tmp/%(ckan.site_id)s/
beaker.session.key = ckan

# This is the secret token that the beaker library uses to hash the cookie sent
# to the client. `paster make-config` generates a unique value for this each
# time it generates a config file.
beaker.session.secret = cI76CeEy1ZUglHs5XgzxQgGOZ

# `paster make-config` generates a unique value for this each time it generates
# a config file.
app_instance_uuid = 521f0df7-bc5e-4ab1-9546-d5a3fd8e2d51

# repoze.who config
who.config_file = %(here)s/who.ini
who.log_level = warning
who.log_file = %(cache_dir)s/who_log.ini
# Session timeout (user logged out after period of inactivity, in seconds).
# Inactive by default, so the session doesn't expire.
# who.timeout = 86400

## Database Settings
sqlalchemy.url = postgresql://ckan_default:ckan@localhost/ckan_default

#ckan.datastore.write_url = postgresql://ckan_default:pass@localhost/datastore_default
#ckan.datastore.read_url = postgresql://datastore_default:pass@localhost/datastore_default

# PostgreSQL' full-text search parameters
ckan.datastore.default_fts_lang = english
ckan.datastore.default_fts_index_method = gist

## Site Settings

#ckan.site_url =http://localhost:5000
ckan.site_url =https://www.ckan.com
#ckan.use_pylons_response_cleanup_middleware = true

## Authorization Settings

ckan.auth.anon_create_dataset = false
ckan.auth.create_unowned_dataset = false
ckan.auth.create_dataset_if_not_in_organization = false
ckan.auth.user_create_groups = false
ckan.auth.user_create_organizations = false
ckan.auth.user_delete_groups = true
ckan.auth.user_delete_organizations = true
ckan.auth.create_user_via_api = false
ckan.auth.create_user_via_web = true
ckan.auth.roles_that_cascade_to_sub_groups = admin

## Search Settings

ckan.site_id = default
solr_url = http://127.0.0.1:8983/solr

## Redis Settings

# URL to your Redis instance, including the database to be used.
#ckan.redis.url = redis://localhost:6379/0

## CORS Settings

# If cors.origin_allow_all is true, all origins are allowed.
# If false, the cors.origin_whitelist is used.
# ckan.cors.origin_allow_all = true
# cors.origin_whitelist is a space separated list of allowed domains.
# ckan.cors.origin_whitelist = http://example1.com http://example2.com

## Plugins Settings

# Note: Add ``datastore`` to enable the CKAN DataStore
#       Add ``datapusher`` to enable DataPusher
#       Add ``resource_proxy`` to enable resorce proxying and get around the
#       same origin policy

#ckan.legacy_route_mappings = {"home":"home.index", "about": "home.about","search": "dataset.search"}

ckan.plugins = stats text_view image_view recline_view oauth2 privatedatasets datarequests baepublisher 
#right_time_context wirecloud_view

ckan.privatedatasets.parser = ckanext.privatedatasets.parsers.fiware:FiWareNotificationParser
ckan.privatedatasets.show_acquire_url_on_create = True
ckan.privatedatasets.show_acquire_url_on_edit = True

ckan.datarequests.comments = true
ckan.datarequests.show_datarequests_badge = true

ckan.baepublisher.store_url = http://localhost:81

## OAuth2 configuration
#ckan.oauth2.logout_url = /user/_logout
ckan.oauth2.logout_url= https://localhost:8443/auth/logout?_method=DELETE

ckan.oauth2.register_url = https://localhost:8443/sign_up/
ckan.oauth2.reset_url = https://localhost:8443/password/request/
ckan.oauth2.edit_url = https://localhost:8443/idm/settings
ckan.oauth2.authorization_endpoint = https://localhost:8443/oauth2/authorize
ckan.oauth2.token_endpoint = https://localhost:8443/oauth2/token
ckan.oauth2.profile_api_url = https://localhost:8443/user
#ckan.oauth2.profile_api_url = https://localhost:8443/idm/users
ckan.oauth2.client_id = 7ef5d5fa-a0a9-4f19-ba4b-417d9611d032
ckan.oauth2.client_secret = 4964cf66-eed4-4f70-af99-ad41329a1f59
ckan.oauth2.scope = all_info
ckan.oauth2.rememberer_name = auth_tkt
ckan.oauth2.profile_api_user_field = username
ckan.oauth2.profile_api_fullname_field = displayName
ckan.oauth2.profile_api_mail_field = email
ckan.oauth2.authorization_header = Bearer
#ckan.oauth2.legacy_idm = True

# Define which views should be created by default
# (plugins must be loaded in ckan.plugins)
ckan.views.default_views = image_view text_view recline_view 
#ngsiview

#ckan.wirecloud_view.url = http://0.0.0.0:8000
#ckan.wirecloud_view.editor_dashboard = wirecloud/ckan-editor

# Customize which text formats the text_view plugin will show
#ckan.preview.json_formats = json
#ckan.preview.xml_formats = xml rdf rdf+xml owl+xml atom rss
#ckan.preview.text_formats = text plain text/plain

# Customize which image formats the image_view plugin will show
#ckan.preview.image_formats = png jpeg jpg gif

## Front-End Settings

# Uncomment following configuration to enable using of Bootstrap 2
#ckan.base_public_folder = public-bs2
#ckan.base_templates_folder = templates-bs2

ckan.site_title = CKAN
ckan.site_logo = /base/images/ckan-logo.png
ckan.site_description =
ckan.favicon = /base/images/ckan.ico
ckan.gravatar_default = identicon
ckan.preview.direct = png jpg gif
ckan.preview.loadable = html htm rdf+xml owl+xml xml n3 n-triples turtle plain atom csv tsv rss txt json
ckan.display_timezone = server

# package_hide_extras = for_search_index_only
#package_edit_return_url = http://another.frontend/dataset/<NAME>
#package_new_return_url = http://another.frontend/dataset/<NAME>
#ckan.recaptcha.publickey =
#ckan.recaptcha.privatekey =
#licenses_group_url = http://licenses.opendefinition.org/licenses/groups/ckan.json
# ckan.template_footer_end =

## Internationalisation Settings
ckan.locale_default = en
ckan.locale_order = en pt_BR ja it cs_CZ ca es fr el sv sr sr@latin no sk fi ru de pl nl bg ko_KR hu sa sl lv
ckan.locales_offered =
ckan.locales_filtered_out = en_GB

## Feeds Settings

ckan.feeds.authority_name =
ckan.feeds.date =
ckan.feeds.author_name =
ckan.feeds.author_link =

## Storage Settings

ckan.storage_path = /var/lib/ckan
#ckan.max_resource_size = 10
#ckan.max_image_size = 2

## Datapusher settings

# Make sure you have set up the DataStore

#ckan.datapusher.formats = csv xls xlsx tsv application/csv application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
#ckan.datapusher.url = http://127.0.0.1:8800/
#ckan.datapusher.assume_task_stale_after = 3600

# Resource Proxy settings
# Preview size limit, default: 1MB
#ckan.resource_proxy.max_file_size = 1048576
# Size of chunks to read/write.
#ckan.resource_proxy.chunk_size = 4096

## Activity Streams Settings

#ckan.activity_streams_enabled = true
#ckan.activity_list_limit = 31
#ckan.activity_streams_email_notifications = true
#ckan.email_notifications_since = 2 days
ckan.hide_activity_from_users = %(ckan.site_id)s

## Email settings

#email_to = errors@example.com
#error_email_from = ckan-errors@example.com
#smtp.server = localhost
#smtp.starttls = False
#smtp.user = username@example.com
#smtp.password = your_password
#smtp.mail_from =

## Logging configuration
[loggers]
keys = root, ckan, ckanext

[handlers]
keys = console

[formatters]
keys = generic

[logger_root]
level = WARNING
handlers = console

[logger_ckan]
level = INFO
handlers = console
qualname = ckan
propagate = 0

[logger_ckanext]
level = DEBUG
handlers = console
qualname = ckanext
propagate = 0

[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic

[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s] %(message)s
Urtza2 commented 6 years ago

Uff te paso el fichero: production.ini.txt

Urtza2 commented 6 years ago

Yo tengo CKAN desplegado en el apache y por eso entro como https://www.ckan.com No sé si esta información te puede servir de algo.

aitormagan commented 6 years ago

Supongo que tienes algo configurado en tu máquina para que https://ckan.com te redirija a tu propia máquina.

Entendiendo que el IdM está instalado en https://localhost:8443 entiendo que la configuración está bien. ¿Has probado con otro usuario?

Urtza2 commented 6 years ago

Si tengo configurado apache fichero "apache.wsgi" para que active CKAN y lo despliegue en Apache. Si el IDM lo he puesto en el puerto 8443. Y si he probado con otros usuarios y sucede exactamente lo mismo.

No sé en el que momento se crea el usuario en CKAN.

Una cosa que he hecho y creo que había que hacer es crear una aplicacíon CKAN en el IDM para que luego lo pueda poner en la sección ## OAuth2 configuration en el production.ini

aitormagan commented 6 years ago

Claro, de ahí es de donde has sacado el client_id y el client_secret no?

Urtza2 commented 6 years ago

Correcto.

aitormagan commented 6 years ago

Que versión de KeyRock estás usando? Creo que con la última esta extensión tenía un problema... Quizás @aarranz pueda ayudarte con eso.

Urtza2 commented 6 years ago

Si tengo el IDM KeyRock 7.0.1 pq necesitaba tener la últma versión para el BIZ Ecosystem. Ese es otro muro con el que me topé y me dijeron de poner la útlma versión del KeyRock para que pudiera descargar el BIZ Ecosystem de la rama develop.

Gracias

aitormagan commented 6 years ago

Vale, qué versión del plugin estás utilizando? Supongo que la 0.6.1 no?

Urtza2 commented 6 years ago

Si estoy usando la versión 0.6.1, ckanext

aitormagan commented 6 years ago

En el archivo production.ini, cambia debug a true y mira si en el fichero de logs te da alguna información más cuando se producen esos errores.

Urtza2 commented 6 years ago

Buff ya ni arranca Ckan...

Últimas líneas del fichero log "ckan_default_error.log"

[Tue Sep 18 12:22:50.394431 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] Traceback (most recent call last): [Tue Sep 18 12:22:50.394449 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] File "/etc/ckan/default/apache.wsgi", line 8, in [Tue Sep 18 12:22:50.394473 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] application = loadapp('config:%s' % config_filepath) [Tue Sep 18 12:22:50.394480 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 247, in loadapp [Tue Sep 18 12:22:50.394493 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] return loadobj(APP, uri, name=name, kw) [Tue Sep 18 12:22:50.394499 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 272, in loadobj [Tue Sep 18 12:22:50.394507 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] return context.create() [Tue Sep 18 12:22:50.394512 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 710, in create [Tue Sep 18 12:22:50.394520 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] return self.object_type.invoke(self) [Tue Sep 18 12:22:50.394525 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 146, in invoke [Tue Sep 18 12:22:50.394533 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] return fix_call(context.object, context.global_conf, context.local_conf) [Tue Sep 18 12:22:50.394539 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/util.py", line 55, in fix_call [Tue Sep 18 12:22:50.394548 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] val = callable(*args, kw) [Tue Sep 18 12:22:50.394553 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] File "/usr/lib/ckan/default/lib/python2.7/site-packages/ckan/config/middleware/init.py", line 59, in make_app [Tue Sep 18 12:22:50.394562 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] flask_app = make_flask_stack(conf, app_conf) [Tue Sep 18 12:22:50.394568 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] File "/usr/lib/ckan/default/lib/python2.7/site-packages/ckan/config/middleware/flask_app.py", line 104, in make_flask_stack [Tue Sep 18 12:22:50.394577 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] from flask_debugtoolbar import DebugToolbarExtension [Tue Sep 18 12:22:50.394589 2018] [wsgi:error] [pid 27287:tid 140616153855744] [remote 127.0.0.1:57790] ImportError: No module named flask_debugtoolbar [Tue Sep 18 12:22:50.396520 2018] [ssl:debug] [pid 27289:tid 140616079992576] ssl_engine_io.c(1017): [client 127.0.0.1:41448] AH02001: Connection closed to child 78 with standard shutdown (server www.ckan.com:443)

Urtza2 commented 6 years ago

Solucionado los logs anteriores con pip install flask-debugtoolbar. En modo debug es requisito. Ahora ya accedo a CKAN bueno un poco cutre página sin estilos, voy a ver que pasa...

Urtza2 commented 6 years ago

Hola Aitor, He probado con diferentes versiones de IDM Keyrock: 7.0.0, 7.01 y 7.0.2 y en todas tengo el problema de no poder hacer Logout y ni poder ver el perfil del usuario. Sabes como puedo contactar con @aarranz ?

Gracias

aitormagan commented 6 years ago

Entiendo que cuando dices Logout te refieres a Login... El error que comentas es raro. Por lo que he podido ver en el otro issue que has abierto, la extensión si que es capaz de contactar con el IdM para obtener las credenciales. Una cosa, ¿has probado a ver la pagina de un usuario cuando la extensión no está en uso? Quizás sea problema de la versión de CKAN y no de la integración con KeyRock

Urtza2 commented 6 years ago

Hola Aitor, Si con CKAN sin la extensión funciona todo perfectamente. El problema esta en la integración con KeyRock y el plugin ckanext-oauth2.

Gracias por todo

aitormagan commented 6 years ago

Pues entonces ya no te se decir... Lo único que se me ocurre, es que en vez de arrancar CKAN con Apache, intentes arrancarlo con paster, a ver si así te da alguna traza más con la que podamos ayudarte :)

Un saludo Aitor

El 20 sept 2018, a las 7:55, Urtza notifications@github.com escribió:

Hola Aitor, Si con CKAN sin la extensión funciona todo perfectamente. El problema esta en la integración con KeyRock y el plugin ckanext-oauth2.

Gracias por todo

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub, or mute the thread.

Urtza2 commented 6 years ago

Ok. Ayer lo intenté un poco pero tenía problemas con el protocolo http y https ya que con paster ckan arranca en http://localhost:5000 y IDM esta con https. Voy a dedicarle más rato...

Un saludo Urtza

Urtza2 commented 6 years ago

Hola Aitor, Me da algo más de información: Puede ser algo relacionado con este INFOque me sale al principio: 2018-09-20 09:47:52,198 INFO [ckan.lib.helpers] Route name "about" is deprecated and will be removed. Please update calls to use "home.about" instead

Exception happened during processing of request from ('127.0.0.1', 50308)
Traceback (most recent call last):
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/httpserver.py", line 1068, in process_request_in_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python2.7/SocketServer.py", line 331, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python2.7/SocketServer.py", line 652, in __init__
    self.handle()
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/httpserver.py", line 442, in handle
    BaseHTTPRequestHandler.handle(self)
  File "/usr/lib/python2.7/BaseHTTPServer.py", line 340, in handle
    self.handle_one_request()
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/httpserver.py", line 437, in handle_one_request
    self.wsgi_execute()
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/httpserver.py", line 287, in wsgi_execute
    self.wsgi_start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/config/middleware/__init__.py", line 202, in __call__
    return self.apps[app_name](environ, start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/repoze/who/middleware.py", line 86, in __call__
    app_iter = app(environ, wrapper.wrap_start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/fanstatic/publisher.py", line 234, in __call__
    return request.get_response(self.app)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/dec.py", line 147, in __call__
    resp = self.call_func(req, *args, **self.kwargs)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/dec.py", line 208, in call_func
    return self.func(req, *args, **kwargs)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/fanstatic/injector.py", line 54, in __call__
    response = request.get_response(self.app)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/request.py", line 1053, in get_response
    application, catch_exc_info=False)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/webob/request.py", line 1022, in call_application
    app_iter = application(self.environ, start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/app.py", line 1997, in __call__
    return self.wsgi_app(environ, start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/beaker/middleware.py", line 156, in __call__
    return self.wrap_app(environ, session_start_response)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/app.py", line 1985, in wsgi_app
    response = self.handle_exception(e)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/app.py", line 1540, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/app.py", line 1614, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/app.py", line 1517, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask_debugtoolbar/__init__.py", line 125, in dispatch_request
    return view_func(**req.view_args)
  File "/home/user1/ckan/lib/default/lib/python2.7/site-packages/ckan/views/user.py", line 151, in read
    return base.render(u'user/read.html', extra_vars)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/lib/base.py", line 127, in render
    return flask_render_template(template_name, **extra_vars)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/templating.py", line 134, in render_template
    context, ctx.app)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/flask/templating.py", line 116, in _render
    rv = template.render(context)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/jinja2/environment.py", line 989, in render
    return self.environment.handle_exception(exc_info, True)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/jinja2/environment.py", line 754, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/templates/user/read.html", line 1, in top-level template code
    {% extends "user/read_base.html" %}
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckanext/datarequests/templates/user/read_base.html", line 1, in top-level template code
    {% ckan_extends %}
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/templates/user/read_base.html", line 3, in top-level template code
    {% set user = user_dict %}
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/templates/page.html", line 1, in top-level template code
    {% extends "base.html" %}
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/templates/base.html", line 101, in top-level template code
    {%- block page %}{% endblock -%}
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/templates/page.html", line 19, in block "page"
    {%- block content %}
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/templates/page.html", line 22, in block "content"
    {% block main_content %}
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/templates/page.html", line 74, in block "main_content"
    {% block primary %}
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/templates/page.html", line 87, in block "primary"
    {% block primary_content %}
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/templates/page.html", line 89, in block "primary_content"
    {% block page_header %}
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/templates/page.html", line 97, in block "page_header"
    {% block content_primary_nav %}{% endblock %}
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckanext/datarequests/templates/user/read_base.html", line 4, in block "content_primary_nav"
    {{ h.build_nav_icon('user_datasets', _('Datasets'), id=user.name) }}
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/lib/helpers.py", line 864, in build_nav_icon
    return _make_menu_item(menu_item, title, **kw)
  File "/usr/lib/ckan/default/local/lib/python2.7/site-packages/ckan/lib/helpers.py", line 944, in _make_menu_item
    raise Exception('menu item `%s` cannot be found' % menu_item)
Exception: menu item `user_datasets` cannot be found
----------------------------------------

Ya que yendo a la línea 9444 del fichero helpers.py tiene lo siguiente:

menu_item = map_pylons_to_flask_route_name(menu_item) _menu_items = config['routes.named_routes'] if menu_item not in _menu_items: raise Exception('menu item %s cannot be found' % menu_item)

Te suena de algo?

Un saludo

aitormagan commented 6 years ago

Veo que tienes activa la extensión de data requests. Puedes desactivarla y comprobar que ahora te funciona?

Un saludo Aitor

Urtza2 commented 6 years ago

Siiiiiiiiiiiiiii con paster funciona !!!!! Eres un crack. Ahora tengo otro problema ya que la necesito pero bueno tengo acotado el problema. Muchísimas gracias por todo de verdad.... Un saludo

aitormagan commented 6 years ago

DataRequests no es compatible con la versión 2.8.0 de CKAN. La solución es utilizar la 2.7.0 :)

Un saludo Aitor

Urtza2 commented 6 years ago

Si es una solución buena siempre y cuando el resto de plugins funcionen bien con la 2.7.0. Voy a mirarlo y me pongo a ello.... Cerramos hilo verdad?

Gracias por todo. Urtza

aitormagan commented 6 years ago

Si, puedes cerrar el hilo. No sé que otros plugins estarás utilizando, pero todos los que están bajo conwetlab son compatibles con la versión 2.7.0 de CKAN. Piensa que la versión 2.8.0 es bastante nueva.

Un saludo y un placer haber podido solucionar tu problema. Aitor M.

aitormagan commented 6 years ago

PD: https://github.com/conwetlab/ckanext-datarequests/issues/39 ;)

Urtza2 commented 6 years ago

Gracias por todo de verdad ... Un saludo Urtza