0

I have an instance of Keyrock in fiware lab.

in my app, im trying to create user with api as Fiware keystone api create user and access with horizon.

now i check user:

curl -s -H "X-Auth-Token:17007fe11124bd71eb60" http://localhost:5000/v3/users/admin | python -mjson.tool

response:

> {
>     "user": {
>         "default_project_id": "d0f384973b9f4a57b975fcd9bef10c6e",
>         "description": "admin",
>         "domain_id": "default",
>         "email": "admin@gmail.com",
>         "enabled": true,
>         "id": "admin",
>         "links": {
>             "self": "http://localhost:5000/v3/users/admin1"
>         },
>         "name": "admin@gmail.com",
>         "username": "admin"
>     } }

now name field is correct, but i cant log with this user in my Horizon. If i check the keystone.log, i can see this:

2016-09-21 12:28:50.353 1483 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 127.0.0.1
2016-09-21 12:28:50.445 1482 WARNING keystone.auth.controllers [-] User admin doesn't have access to default project d0f384973b9f4a57b975fcd9bef10c6e. The token will be unscoped rather than scoped to the project.
2016-09-21 12:28:50.767 1481 WARNING keystone.common.wsgi [-] You are not authorized to perform the requested action: identity:revoke_token
2016-09-21 12:29:42.900 1483 WARNING keystone.common.controller [-] RBAC: Bypassing authorization

and in Horizon:

enter image description here

Of course, the log explains problem: "User admin doesn't have access to default project d0f384973b9f4a57b975fcd9bef10c6e" But, how can i set permissions to this user in project?

Stephen C
  • 698,415
  • 94
  • 811
  • 1,216
Jakala
  • 121
  • 6

1 Answers1

1

You have to use the request:

PUT /v3/projects/{project_id}/users/{user_id}/roles/{role_id}

as explained in Keystone roles documentation

Álvaro Alonso
  • 385
  • 1
  • 3
  • Ok. I think its the way, but not all. After assign role to project, in horizon has the same error "session expired" and in keystone.log: "Authorization failed. The request you have made requires authentication". Looking for v3/projects/{idproject}/users/{my_user}/roles returns json with role member... – Jakala Sep 22 '16 at 11:16
  • @AlvaroAlonso I am having the same issue. The user logs out immediately after loggin in. Hoirzon console shows: Login successful for user "umair". [10/Jan/2017 13:35:14] "POST /auth/login/ HTTP/1.1" 302 0 DEBUG:idm_logger:Session expired for user nadeem [10/Jan/2017 13:35:14] "GET / HTTP/1.1" 302 0 Logging out user "umair". Could not delete token. And the fiware portal shows "Session expired" – Umair47 Jan 10 '17 at 13:34
  • @AngelCid Did you find a solution for this? – Umair47 Jan 10 '17 at 13:36