Can anyone explain the usage of Context Broker via PeP proxy?

Question

I have installed orion Context Broker and pep proxy on my machine. I am targeting the global instance of keyRock and the AuthZforce to authenticate the context broker.

Here is my config.js:

var config = {};

config.pep_port = 1307;

// Set this var to undefined if you don't want the server to listen on HTTPS
config.https = {
    enabled: false,
    cert_file: 'cert/cert.crt',
    key_file: 'cert/key.key',
    port: 443
};

config.account_host = 'https://account.lab.fiware.org';
config.keystone_host = 'cloud.lab.fiware.org';
config.keystone_port = 4731;


config.app_host = 'localhost';
config.app_port = '1026';

config.username = '<my fiware lab username>';
config.password = '<my fiware lab pass>';



// in seconds
config.chache_time = 300;

// if enabled PEP checks permissions with AuthZForce GE.
// only compatible with oauth2 tokens engine
config.azf = {
    enabled: false,
    host: 'auth.lab.fiware.org',
    port: 6019,
    path: '/authzforce/domains/d698df7f-ffd4-11e4-a09d-ed06f24e1e78/pdp'
};

// list of paths that will not check authentication/authorization
// example: ['/public/*', '/static/css/']
config.public_paths = [];

// options: oauth2/keystone
config.tokens_engine = 'oauth2';

config.magic_key = undefined;

module.exports = config;

when I do node server.js I successfully get:

Starting PEP proxy in port 1307. Keystone authentication ...
Success authenticating PEP proxy. Proxy Auth-token:  e2189bdc1a8b4aae9280b0fd5a6ae8a0

following this installation and administration guide I did the following command:

curl --header "X-Auth-Token:e2189bdc1a8b4aae9280b0fd5a6ae8a0" http://localhost:1307

From there I get this message:

[TOKEN] Checking token with IDM...
User access-token not authorized

I am seriously at a loss here and don't know how access context broker via these three intermediaries?

Whose host am I supposed to ask a token from?

I dont know if I am even asking the right questions. The point of all this is to secure an access to context broker.

Edit 1

After setting up the auth-token.sh, I got the following error:

<orionError>
  <code>400</code>
  <reasonPhrase>Bad Request</reasonPhrase>
  <details>service not found</details>
</orionError>

The node server.js reported this:

Starting PEP proxy in port 1307. Keystone authentication ...
Success authenticating PEP proxy. Proxy Auth-token:  b90604bc94134c1a81414e97a23196f3


[TOKEN] Checking token with IDM...
[ROOT] Access-token OK. Redirecting to app...

previusly the command: sh auth-token.sh <username> <pass> gave me:

X-Auth-Token for '<my email on fiware lab>': OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc

and then I just curl --header "X-Auth-Token:OxFTGtMM6ckBa7FQCUmwvvhj6GQYFc" http://localhost:1307 which gave me the before mentioned error.

geissler geissler · Accepted Answer · 2015-08-28T13:13:36

The token shown in the boot screen of the PEP Proxy is not the one you need to authenitcate at the PEP Proxy. Please have a look at the description here: Wilma pep proxy and keystone - valid access token not found.

The easy way is the following:

Download the file provied here: https://raw.githubusercontent.com/Bitergia/fiware-chanchan-docker/master/images/pep-wilma/4.3.0/auth-token.sh

Replace the CLIENT_ID and CLIENT_SECRET with the ones you get from the FIWARE Lab. Also replace https://idm/oauth2/token with https://account.lab.fiware.org/oauth2/token Then just run:

   sh auth-token.sh <user-email> <password>

The script will display you the Auth token for the user account you have used. The you can run the following to access the Orion Context Broker:

   curl --header "X-Auth-Token: <AUTH-TOKEN-DISPLAYED>" http://localhost:1307

You should now receive a proper response from orion, which should run, based on your configuration, on port 1026. Make also sure you have configured the the redirect URL in the FIWARE Lab correctly.

Can anyone explain the usage of Context Broker via PeP proxy?

2 Answers