谁能通过PeP代理解释Context Broker的用法? [英] Can anyone explain the usage of Context Broker via PeP proxy?
问题描述
我已经在机器上安装了Orion Context Broker和pep代理.我的目标是keyRock和AuthZforce的全局实例,以对上下文代理进行身份验证.
I have installed orion Context Broker and pep proxy on my machine. I am targeting the global instance of keyRock and the AuthZforce to authenticate the context broker.
这是我的config.js:
Here is my config.js:
var config = {};
config.pep_port = 1307;
// Set this var to undefined if you don't want the server to listen on HTTPS
config.https = {
enabled: false,
cert_file: 'cert/cert.crt',
key_file: 'cert/key.key',
port: 443
};
config.account_host = 'https://account.lab.fiware.org';
config.keystone_host = 'cloud.lab.fiware.org';
config.keystone_port = 4731;
config.app_host = 'localhost';
config.app_port = '1026';
config.username = '<my fiware lab username>';
config.password = '<my fiware lab pass>';
// in seconds
config.chache_time = 300;
// if enabled PEP checks permissions with AuthZForce GE.
// only compatible with oauth2 tokens engine
config.azf = {
enabled: false,
host: 'auth.lab.fiware.org',
port: 6019,
path: '/authzforce/domains/d698df7f-ffd4-11e4-a09d-ed06f24e1e78/pdp'
};
// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];
// options: oauth2/keystone
config.tokens_engine = 'oauth2';
config.magic_key = undefined;
module.exports = config;
当我做node server.js时
我成功获得:
when I do node server.js
I successfully get:
Starting PEP proxy in port 1307. Keystone authentication ...
Success authenticating PEP proxy. Proxy Auth-token: e2189bdc1a8b4aae9280b0fd5a6ae8a0
遵循此安装和管理指南
我执行了以下命令:following this installation and administration guide I did the following command:
curl --header"X-Auth-Token:e2189bdc1a8b4aae9280b0fd5a6ae8a0" http://localhost:1307
curl --header "X-Auth-Token:e2189bdc1a8b4aae9280b0fd5a6ae8a0" http://localhost:1307
从那里我收到此消息:
[TOKEN] Checking token with IDM...
User access-token not authorized
我在这里很茫然,不知道如何通过这三个中介访问上下文代理?
I am seriously at a loss here and don't know how access context broker via these three intermediaries?
我应该向谁的主人问令牌?
Whose host am I supposed to ask a token from?
我不知道我是否在问正确的问题.所有这些的目的是确保对上下文代理的访问.
I dont know if I am even asking the right questions. The point of all this is to secure an access to context broker.
编辑1
设置auth-token.sh后,出现以下错误:
After setting up the auth-token.sh, I got the following error:
<orionError>
<code>400</code>
<reasonPhrase>Bad Request</reasonPhrase>
<details>service not found</details>
</orionError>
节点server.js对此进行了报告:
The node server.js reported this:
Starting PEP proxy in port 1307. Keystone authentication ...
Success authenticating PEP proxy. Proxy Auth-token: b90604bc94134c1a81414e97a23196f3
[TOKEN] Checking token with IDM...
[ROOT] Access-token OK. Redirecting to app...
以前的命令:sh auth-token.sh <username> <pass>给了我:
X-Auth-Token for '<my email on fiware lab>': OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc
然后我只是curl --header "X-Auth-Token:OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc" http://localhost:1307这给了我前面提到的错误.
and then I just curl --header "X-Auth-Token:OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc" http://localhost:1307 which gave me the before mentioned error.
推荐答案
PEP代理的启动屏幕中显示的令牌不是您需要在PEP代理上进行身份验证的令牌.请在此处查看说明: Wilma pep代理和梯形失真-找不到有效的访问令牌.
The token shown in the boot screen of the PEP Proxy is not the one you need to authenitcate at the PEP Proxy. Please have a look at the description here: Wilma pep proxy and keystone - valid access token not found.
简单的方法如下:
Download the file provied here: https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh
用从FIWARE Lab获得的CLIENT_ID和CLIENT_SECRET替换.另外,将 https://idm/oauth2/token 替换为
Replace the CLIENT_ID and CLIENT_SECRET with the ones you get from the FIWARE Lab. Also replace https://idm/oauth2/token with https://account.lab.fiware.org/oauth2/token Then just run:
sh auth-token.sh <user-email> <password>
该脚本将为您显示您所使用的用户帐户的Auth令牌.您可以运行以下命令来访问Orion上下文代理:
The script will display you the Auth token for the user account you have used. The you can run the following to access the Orion Context Broker:
curl --header "X-Auth-Token: <AUTH-TOKEN-DISPLAYED>" http://localhost:1307
您现在应该收到来自orion的正确响应,该响应应根据您的配置在端口1026上运行. 还要确保已在FIWARE Lab中正确配置了重定向URL.
You should now receive a proper response from orion, which should run, based on your configuration, on port 1026. Make also sure you have configured the the redirect URL in the FIWARE Lab correctly.
这篇关于谁能通过PeP代理解释Context Broker的用法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
