PEP-Proxy-Steelskin과 관련하여 Orion Context에 보안 계층을 제공 할 수 있도록 노력하고 있습니다. 그러나 진행 상황을 차단하는 몇 가지 문제가 있습니다.PEP Proxy 설정
IDM 및 키스톤 글로벌 인스턴스를 사용하고 싶습니다.
나는, 그러나, 결과는 항상 같은 성공적으로 다음 각각의 방향 (https://github.com/telefonicaid/fiware-pep-steelskin)에 의해 pepProxy를 설치하는 것입니다했습니다
{
"name": "KEYSTONE_AUTHENTICATION_ERROR",
"message": "There was a connection error while authenticating to Keystone: 500"
}
config.js
파일에 사용되는 내 구성이 아래에 제시되어
var config = {};
// Protected Resource configuration
//--------------------------------------------------
// Configures the address of the component that is being proxied and the address of the proxy itself.
config.resource = {
original: {
/**
* Host that is being proxied.
*/
host: 'account.lab.fiware.org',
/**
* Port where the proxied server is listening.
*/
port: 10026
},
proxy: {
/**
* Port where the proxy is listening to redirect requests.
*/
port: 1026,
/**
* Administration port for the proxy.
*/
adminPort: 11211
}
};
// Access Control configuration
//--------------------------------------------------
/**
* This options can be used to configure the address and options of the Access Control, responsible of the request
* validation.
*/
config.access = {
/**
* Indicates whether the access control validation should be enabled. Defaults to false.
*/
disable: false,
/**
* Protocol to use to access the Access Control.
*/
protocol: 'http',
/**
* Host where the Access Control is located.
*/
host: 'account.lab.fiware.org',
/**
* Port where the Access Control is listening.
*/
port: 7070,
/**
* Path of the authentication action.
*/
path: '/pdp/v3'
}
// User identity configuration
//--------------------------------------------------
/**
* Information about the Identity Manager server from where the information about a user will be drawn.
*/
config.authentication = {
checkHeaders: false,
module: 'keystone',
user: 'pep_proxy_99c595...',
password: 'e3025a2...',
domainName: 'matest',
retries: 3,
cacheTTLs: {
users: 1000,
projectIds: 1000,
roles: 60,
validation: 120
},
options: {
protocol: 'http',
host: 'cloud.lab.fiware.org',
port: 5000,
path: '/v3/role_assignments',
authPath: '/v3/auth/tokens'
}
};
// Security configuration
//--------------------------------------------------
config.ssl = {
/**
* This flag activates the HTTPS protocol in the server. The endpoint always listen to the indicated port
* independently of the chosen protocol.
*/
active: false,
/**
* Key file to use for codifying the HTTPS requests. Only mandatory when the flag active is true.
*/
keyFile: '',
/**
* SSL Certificate to present to the clients. Only mandatory when the flag active is true.
*/
certFile: ''
}
/**
* Default log level. Can be one of: 'DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL'
*/
config.logLevel = 'FATAL';
// List of component middlewares
//-------------------------------------------------
/**
* To validate the request, the proxy needs some information that is dependant of the component: the action that a
* request is going to execute. How to detect the action given the request is component-specific logic, that can be
* codified in a middleware-like function that will be executed before the user validation. This logic must populate
* the 'action' parameter of the request.
*/
config.middlewares = {
/**
* Indicates the module from where the middlewares will be loaded.
*/
require: 'lib/plugins/orionPlugin',
/**
* Indicates the list of middlewares to load.
*/
functions: [
'extractCBAction'
]
};
/**
* If this flag is activated, whenever the pepProxy is not able to redirect a request, instead of returning a 501 error
* (that is the default functionality) the PEP Proxy process will exit with a -2 code.
*/
config.dieOnRedirectError = false;
/**
* Name of the component. It will be used in the generation of the FRN.
*/
config.componentName = 'orion';
/**
* Prefix to use in the FRN (Not to change, usually).
*/
config.resourceNamePrefix = 'fiware:';
/**
* Indicates whether this PEP should have an admin bypass or not. If it does, whenever a user request arrives to the
* PEP from a user that has the role defined in the "adminRoleId" property, that request is not validated against the
* Access Control, but it is automatically proxied instead.
*/
config.bypass = false;
/**
* ID of the admin user if it exists. Only effective if the "bypass" property is true.
*/
config.bypassRoleId = '';
/**
* Configures the maximum number of clients that can be simultaneously queued while waiting for the PEP to
* authenticate itself against Keystone (due to an expired token).
*/
config.maxQueuedClients = 1000;
module.exports = config;
이러한 맥락에서
:
- 는 오른쪽으로가요 리소스 및 액세스 호스트로
account.lab.fiware.org
을 사용하거나 다른 호스트를 사용해야합니까? - 인증 호스트로
cloud.lab.fiware.org
을 사용하는 것이 맞습니까? - IDM 글로벌 인스턴스가 사용자와 비밀번호를 자동으로 생성합니다. 역할 및 권한은 동일한 글로벌 인스턴스를 통해 할당됩니다. 이 절차가 충당 되었습니까? 아니면 다른 절차를 따라야합니까?
- 나는 뭔가를 놓친가요?
누구든지 내 문제에 대한 힌트가 있습니까?
참고 : 이미 성공과 함께 다른 게시물을 시도했습니다. 부분적으로 이러한 솔루션의 대부분은 예를 들어, 자신의 키스톤을 설치 한 때문에 : PEP-Proxy-Steelskin Log configuration , PEP proxy config file for integration of IDM GE, PEP proxy and Cosmos big data , PEP-Proxy-Steelskin Log configuration을. 이 사람은 내가 작업했습니다 무엇보다 관련있는 하나이지만, 여전히, 나는하지 최신 믿고 : Fiware Orion - pepProxy
은 통찰력과 AF-실바 @ 제안을 주셔서 대단히 감사합니다. 마침내 내가 기대했던대로 PEP 작업을 해 주셔서 고마워, 정말로 당신의 친절한 피드백에 감사드립니다. – netzahdzc