Wilma pep proxy and keystone - valid access token not found

后端 未结 1 1160
故里飘歌
故里飘歌 2021-01-25 18:33

I have wilma redirecting valid requests to orion but no messages are reaching it as i always get \"Access Token not found\" from wilma. The account entered in wilma config file

1条回答
  •  太阳男子
    2021-01-25 19:08

    Ok, I think I got it. There are 2 things to consider:

    1. The error Wilma is returning is Auth-token not found in request header, what makes me think that somehow you are not sending well the --header 'X-Auth-Token: '. Make sure your value is getting parsed well (as I see you use a parameter).

    2. The token that you retrieve from Keystone, is a keystone token, and not intended for what you need. To access a protected resource, you need to use the Oauth-token. It can be a bit confusing in the beginning, but if you think about it, it all makes sense. Check the Open Specification for better understanding.

    So, at this point, I'll assume that you already have configured your APP in the Keyrock instance and that you are able to retrieve both the client_secret and client_id. Now you have 2 ways to retrieve the Oauth Token as stands in the Fi-ware-Idm wiki:

    1. Authorization Code Grant. You have a simple example here, just configure the config.js according your requirements.

    2. Resource Owner Password Credentials Grant, which is easier to retrieve for simple requests (in my opinion). For this case we have a simple script in bash here. Just make sure you replace the CLIENT_ID, CLIENT_SECRET, and the host (or IP) in the REQUEST according your requirements. Then, just run:

      sh auth-token.sh  
      

    And then you should be able to retrieve the token. With that token and, if the resource is authorized in the Authzforce, everything should work.

    Finally, if you are into docker and want to give it a try, we have a workaround using docker and docker-compose that uses the Generic Enablers you are working with. For example, you can find here the documentation of PEP Wilma and how to run it (it's very simple).

    Let me know if you have any doubts.

    0 讨论(0)
提交回复
热议问题