Fiware pep-proxy and idm communication issue

AhmedEmad031 commented 6 years ago

I wanted to connect pep-proxy with the idm .. so I followed the installation of pep from that link .. https://github.com/ging/fiware-pep-proxy by building it from the source . That was the config file i was supposed to edit


// Credentials obtained when registering PEP Proxy in app_id in Account Portal
config.pep = {
    app_id: '',
    username: '',
    password: '',
    trusted_apps : []
}

i also wanted to know how could i get both the app_id and the trusted_apps parameters and i'm also confused with the meaning of the app_id whether it's the client id or not .

That was the first part of my issue.

when i put the client id with app id and put the username and password of pep proxy that i got when i registerd it on idm , i got keystone communication error

when i edited the idm host parameter by adding "http" at the beginning , i got no token and i get "token undefined" message . Also when i edited the username and password by putting those of idm account , everytime i get a new token. So i wanted to know the best way to build the fiware pep-proxy and make it communicate correctly with the idm with no problems .

Then i tried to follow the installation commands from the docker file . On building the pep-proxy with these commands , i got a new config file which is that of fiware academia 32748916_523900604673745_4773914999145889792_n

this config file is different from the first one i worked on . When i followed the steps in this video https://www.youtube.com/watch?v=dtKsjGbJ7Xc&index=10&list=PLARS-yIy9nOoBIOJS05Rpkvu1pZiNTgPT and configured the username and password by putting those of the pep-proxy , i got this error. 32630590_523903108006828_7938221799307739136_n

On putting "http" before keystone parameter as follows

config.keystone_host = 'http://cloud.lab.fiware.org';

i got this message

32720242_523904374673368_5920851204832755712_n

But on putting the username and password of idm in the configuration as shown below config.username = 'idm_user_mail; config.password = 'password';

i always get a new token .

Now , I want to know the best way to get the pep-proxy and the idm work together as i'm still struggling to make them communicate properly. @aalonsog @flopezag @UniSurreyIoT

Update : I have followed this document "https://www.slideshare.net/mobile/daltoncezane/integrating-fiware-orion-keyrock-and-wilma"to make communication between idm and pep proxsy and specifically this code to generate token from idm send it using postman

POST to "http://idm_ip:8000/oauth2/token"
Payload:
grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD&cli
ent_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET

but can't generate token This is postman response

DOCTYPE html>

Error

SyntaxError: Unexpected token
# in JSON at position 0
    at JSON.parse (<anonymous>)
    at createStrictSyntaxError
(/home/ubuntu/fiware-idm/node_modules/body-parser/lib/types/json.js:157:10)

   at parse
(/home/ubuntu/fiware-idm/node_modules/body-parser/lib/types/json.js:83:15)

   at
/home/ubuntu/fiware-idm/node_modules/body-parser/lib/read.js:121:18

   at invokeCallback
(/home/ubuntu/fiware-idm/node_modules/raw-body/index.js:224:16)

   at done
(/home/ubuntu/fiware-idm/node_modules/raw-body/index.js:213:7)

   at IncomingMessage.onEnd
(/home/ubuntu/fiware-idm/node_modules/raw-body/index.js:273:7)

   at emitNone (events.js:106:13)
    at
IncomingMessage.emit (events.js:208:7)
    at
endReadableNT (_stream_readable.js:1064:12)
    at
_combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickCallback
(internal/process/next_tick.js:180:9)

and this is logs of idm after sending request

POST /oauth2/token 400 1.679 ms - 1164                                       
SyntaxError: Unexpected token # in JSON at position 0                        
    at JSON.parse (<anonymous>)                                              
    at createStrictSyntaxError (/home/ubuntu/fiware-idm/node_modules/body-par
ser/lib/types/json.js:157:10)                                                
    at parse (/home/ubuntu/fiware-idm/node_modules/body-parser/lib/types/json
.js:83:15)                                                                   
    at /home/ubuntu/fiware-idm/node_modules/body-parser/lib/read.js:121:18   
    at invokeCallback (/home/ubuntu/fiware-idm/node_modules/raw-body/index.js
:224:16)                                                                     
    at done (/home/ubuntu/fiware-idm/node_modules/raw-body/index.js:213:7)   
    at IncomingMessage.onEnd (/home/ubuntu/fiware-idm/node_modules/raw-body/i
ndex.js:273:7)                                                               
    at emitNone (events.js:106:13)                                           
    at IncomingMessage.emit (events.js:208:7)                                
    at endReadableNT (_stream_readable.js:1064:12)                           
    at _combinedTickCallback (internal/process/next_tick.js:138:11)          
    at process._tickCallback (internal/process/next_tick.js:180:9)

Any help why I got this error

ghost commented 6 years ago

Hey i was working on same thing as u are now, differences between config files u are seeing are versions. Docker one is 5.4 version of pep-proxy, while version u downloaded from github is latest version that is why there are many differences between them.

About error with Unauthorized issue, in version 5.4. Solution

From my short experience of tying to setup them, i think that best way is using latest versions of both but currently there is bug with pep-proxy when u put invalid/wrong token. Older versions depend on keystone/horizon with could lead to more bugs.

AhmedEmad031 commented 6 years ago

Firstly , thanks for your reply . I've deployed both of the latest versions of pep-proxy and idm from these links . https://github.com/ging/fiware-pep-proxy , https://github.com/ging/fiware-idm . I've also configured the pep-proxy as follows

// Set this var to undefined if you don't want the server to listen on HTTPS
config.https = {
    enabled: false,
    cert_file: 'cert/cert.crt',
    key_file: 'cert/key.key',
    port: 443
};

config.idm = {
        host: 'localhost',
        port: 3000,
        ssl: false
}

config.app = {
        host: 'www.google.com',
        port: '80',
        ssl: false // Use true if the app server listens in https
}

// Credentials obtained when registering PEP Proxy in app_id in Account Portal
config.pep = {
        app_id: 'XXXXXXXXX',
        username: 'XXXXXXXX',
        password: 'XXXXXXXX,
        trusted_apps : []
}

// in seconds
config.cache_time = 300;

and on starting the idm and pep-proxy , i get a token as shown in the following log 32775470_524428264620979_7740486530111635456_n

and this is the log of the idm

32779988_524428297954309_4770390630587170816_n

and when i test the pep-proxy with the idm by sending a request with the provided token i get an empty reply from server as follows 32764669_524428831287589_4228451219091226624_n

these are also the logs of the pep-proxy after sending the request .

32856053_524428894620916_5143172278388785152_n

now i hope my case is much clearer and that there's a solution @IgorDespot

AhmedEmad031 commented 6 years ago

I post current state in edited for issue hope is much clearer and that there's a solution @IgorDespot

ghost commented 6 years ago

There is solution for everything , but if u cannot wait for this issue to be fixed then use older version of idm and pep-proxy(5.4). That is what i have done. Your update link is not valid u have extra stuff "to, that link works with older versions of pep and Willma if u used that guide in combo with latest version it wont work. @AhmedEmad031

AhmedEmad031 commented 6 years ago

Could you please specify Which version of idm should I use to communicate with pep proxsy and Authorization PDP as I need to build advanced security senario ? @IgorDespot

ging / fiware-pep-proxy

Fiware pep-proxy and idm communication issue #48