fiware POI: cannot add poi: always unauthorized
Question
I have two instances:
- keyrock
- Poi with wilma-proxy
Trying to create a poi in instance, allways the response is 401 Permission denied. But token is correct as said proxy log:
2016-10-14 09:40:30.132 - INFO: IDM-Client - Token in cache, checking timestamp...
2016-10-14 09:40:30.135 - INFO: IDM-Client - Token in cache expired
2016-10-14 09:40:30.136 - INFO: IDM-Client - Checking token with IDM...
2016-10-14 09:40:30.342 - INFO: Root - Access-token OK. Redirecting to app...
Refused to set unsafe header "content-length"
2016-10-14 09:40:30.366 - ERROR: HTTP-Client - Error: 401 Permission denied.
So, i think the problem is the authenticate.html file. The only lines i changed are:
<meta name="fiware_lab-signin-client_id"
content="8dc5826cdaea4729a4f43a01d01cb32e">
<meta name="fiware_lab-signin-host" content="http://myserver.com:8000">
fiware_lab-signin-client_id has the client_id of application POI created in my keyrock instance. the fiware_lab-signin-host has the server AND port of horizon.
Is that correct? I try with 5000 port (keystone) without results.
Also, I found this in add_poi.php :
$session = get_session();
$user_id = $session['user'];
$add_permission = $session['permissions']['add'];
if(!$add_permission) {
header("HTTP/1.0 401 Unauthorized");
die("Permission denied.");
}
If comment these lines, all proccess seems to be correct until the sql insert. (needs the $session['user'] and other parameters that are null)
I dont understand why these lines are there. also, the function get_session() returns a hardcoded array and not the session (which may not have)
I'm so confused how to use this enabler. Anyone knows how to use?
1 answers
solution1
0 2016-10-25 20:33:47
Have you configured the auth_conf.json file with the root user(s) of the POI-DP? Configuring hard users The POI-DP considers the Keystone as a general identity provider (as Google+). You have to separately give permissions to the POI-DP users, first configuring the root users with all privileges and then they can call other users using user_management.html . Site Administration
Please, use the tag fiware-poi for quicker response to POI-DP questions.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.