Fiware-如何集成Keyrock IdM,Wilma PEP代理和Orion上下文代理? [英] Fiware - How to integrate Keyrock IdM, Wilma PEP Proxy and Orion Context Broker?
问题描述
我阅读了Keyrock和Wilma的所有文档,并观看了FIWARE学院的所有视频,但是在这种集成中我仍然没有成功.从几天前开始,我一直在搜索此文件,但没有成功.我认为FIWARE文档可能会有教程,动手...
I read all the documentation of Keyrock and Wilma and I watched all the videos in the FIWARE Academy, but I still do not get success in this integration. I am searching for this since a few days ago, but without success. I think the FIWARE documentation could have tutorials, hands on...
我有一个带有Orion Context Broker的VM,一个带有Keyrock IdM和Wilma PEP Proxy的容器.我正在尝试生成访问令牌以授予对应用程序的访问权限,但是我仍然没有得到它.此外,我想知道如何在Orion Context Broker和某些IoT设备之间安全地交换消息.确实,像Keyrock IdM示例所示,考虑物联网设备必须访问屏幕并放置其凭据进行身份验证和授权是一件很复杂的事情.你觉得什么?
I have a VM with Orion Context Broker and a container with Keyrock IdM and Wilma PEP Proxy. I am trying to generate an access token to grant access for an application, but I still did not get it. Besides, I would like to know how can I securely exchange messages between the Orion Context Broker and some IoT devices. Indeed, it is complicated to think about IoT devices having to access a screen and put their credentials to authenticate and to be authorized like the Keyrock IdM examples show. What do you sugest?
推荐答案
看到@albertinisg的答案 bash脚本以请求令牌.我将其更改为与本地实例一起使用,并且可以正常工作.
Seeing the answer of @albertinisg here, I found a bash script for token request. I changed it to use with my local instances and it worked.
在FIWARE Portal(更多信息在这里)中注册我的应用程序之后,我有了向 http://idm:8000/oauth2/token 发出POST请求(idm是我的本地用户Keyrock实例).有了这个有效的令牌,我就可以访问Orion中的内容.
After registering my application at FIWARE Portal (more information here), I had to make a POST request to http://idm:8000/oauth2/token (idm is my local instance of Keyrock). With this valid token, I can access the content in Orion.
import requests, json, getpass
TOKEN_URL = "http://idm:5000/v2.0/tokens"
USER = raw_input("Username: ")
PASSWORD = getpass.getpass("Password: ")
PAYLOAD = "{\"auth\": {\"passwordCredentials\": {\"username\":\""+USER+"\", \"password\":\""+PASSWORD+"\"}}}"
HEADERS = {'content-type': 'application/json'}
RESP = requests.post(TOKEN_URL, data=PAYLOAD, headers=HEADERS)
PEP代理(Wilma)配置(config.js):
PEP Proxy (Wilma) configuration (config.js):
config.app_host = 'my_orion_ip'; //change to your Orion address
config.app_port = '1026'; //change to your Orion port
config.username = 'pep_proxy_credential_obtained_at_portal';
config.password = 'password_obtained_at_portal';
在使用此配置运行有效令牌和PEP代理(Wilma)服务器的情况下,可以通过向PEP代理地址发出请求来控制对Orion的访问. PEP代理会将此请求重定向到IdM(Keyrock),以便IdM可以验证用户/设备凭据.如果凭据有效,则用户/设备将收到有效令牌,并且现在PEP代理可以允许访问Orion.
With the valid token and the PEP Proxy (Wilma) server running with this configuration, it is possible to control the access to Orion doing a request to PEP Proxy address. The PEP Proxy will redirect this request to IdM (Keyrock) so that IdM can verify the user/device credentials. If the credentials are valid, the user/device will receive a valid token and now PEP Proxy can allow the access to Orion.
对于HTTPS通信,我将Nginx服务器配置为充当反向代理(.conf文件):
For HTTPS communication, I configured a Nginx server to act like a reverse proxy (.conf file):
server {
listen 443;
server_name orion;
ssl on;
ssl_certificate /etc/nginx/ssl/orion.crt;
ssl_certificate_key /etc/nginx/ssl/orion.key;
...
...
location / {
#root orion:1026; #/var/www/yourdomain.com;
#index index.php index.html index.htm;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the "It appears that your reverse proxy set up is broken" error.
proxy_pass http://orion:1026;
proxy_read_timeout 90;
proxy_redirect http://orion:1026 https://orion;
}
}
我做了一个有关FIWARE Orion,Wilma和Keyrock集成的简单教程:
I made a simple tutorial about the integration of FIWARE Orion, Wilma and Keyrock: https://www.slideshare.net/daltoncezane/integrating-fiware-orion-keyrock-and-wilma
我希望这个答案可以帮助其他人.
I hope this answer can help someone else.
这篇关于Fiware-如何集成Keyrock IdM,Wilma PEP代理和Orion上下文代理?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!