fiware POI: cannot add poi: always unauthorized

Question

I have two instances:

keyrock
Poi with wilma-proxy

Trying to create a poi in instance, allways the response is 401 Permission denied. But token is correct as said proxy log:

2016-10-14 09:40:30.132  - INFO: IDM-Client - Token in cache, checking timestamp...
2016-10-14 09:40:30.135  - INFO: IDM-Client - Token in cache expired
2016-10-14 09:40:30.136  - INFO: IDM-Client - Checking token with IDM...
2016-10-14 09:40:30.342  - INFO: Root - Access-token OK. Redirecting to app...
Refused to set unsafe header "content-length"
2016-10-14 09:40:30.366  - ERROR: HTTP-Client - Error:  401 Permission denied.

So, i think the problem is the authenticate.html file. The only lines i changed are:

<meta name="fiware_lab-signin-client_id"
content="8dc5826cdaea4729a4f43a01d01cb32e">   
<meta name="fiware_lab-signin-host" content="http://myserver.com:8000">

fiware_lab-signin-client_id has the client_id of application POI created in my keyrock instance. the fiware_lab-signin-host has the server AND port of horizon.

Is that correct? I try with 5000 port (keystone) without results.

Also, I found this in add_poi.php:

$session = get_session();   
  $user_id = $session['user'];  
  $add_permission = $session['permissions']['add'];  
  if(!$add_permission) {
    header("HTTP/1.0 401 Unauthorized");
    die("Permission denied.");   
  }

If comment these lines, all proccess seems to be correct until the sql insert. (needs the $session['user'] and other parameters that are null)

I dont understand why these lines are there. also, the function get_session() returns a hardcoded array and not the session (which may not have)

I'm so confused how to use this enabler. Anyone knows how to use?

Could you give a detailed version information of the POI software? E.g. a link to the commit would be helpful. — Ari Okkonen, Oct 24 '16 at 13:23
get_session() returns a hardcoded array, if login has not been successful. — Ari Okkonen, Oct 25 '16 at 20:21

Ari Okkonen · Answer 1 · 2016-12-04T01:26:47.313

0

Have you configured the auth_conf.json file with the root user(s) of the POI-DP? Configuring hard users The POI-DP considers the Keystone as a general identity provider (as Google+). You have to separately give permissions to the POI-DP users, first configuring the root users with all privileges and then they can call other users using user_management.html . Site Administration

Please, use the tag fiware-poi for quicker response to POI-DP questions.

edited Dec 04 '16 at 01:26

answered Oct 25 '16 at 20:33

Ari Okkonen

165
1
10

im confused with this. I check my auth_conf.json and is only a copy of auth_conf.json. I change permissions on **john doe** to trying an example of adding poi, but also says **Permission denied**. – Jakala Nov 09 '16 at 09:26
Please, read the configuration instructions from http://fiware-poidataprovider.readthedocs.io/en/latest/POI_Data_Provider__Installation_and_Administration_Guide/#configuring_hard_users . You have to configure the admin (and other) permissions for your own KeyStone account. – Ari Okkonen Nov 09 '16 at 12:43

fiware POI: cannot add poi: always unauthorized

1 Answers1