通过 KeyRock 向 Wirecloud 进行身份验证
Authenticating to Wirecloud via KeyRock
我在自己的服务器上设置了 Wirecloud 和 KeyRock 实例。现在我想通过 KeyRock 启用对 Wirecloud 的身份验证,如下所述:Integration with the IdM-GE
在打开 <wirecloud_server>/login 完成上述步骤后,我进入了 KeyStone 登录屏幕。登录后,我被要求授权应用程序并被重定向到 <wirecloud_server>/complete/fiware/?state=<state_token>&code=<code_token>,但我只收到 500 错误。
Horizon (KeyRock-Frontend) 日志以及 Wirecloud 日志没有显示任何错误,因此我不知道问题可能是什么。
编辑1:
我将日志记录更改为调试,现在我在浏览器中收到以下消息:
Environment:
Request Method: GET
Request URL: https://<wirecloud_server>/complete/fiware/?state=LhCRZqqOaB57Lo8kyYxhk5zWJBhTRshi&code=JH3mwLCmnBx19kZwtPoqNm1Gl4eIpv
Django Version: 1.6.11
Python Version: 2.7.9
Installed Applications:
('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
'wirecloud.commons',
'wirecloud.defaulttheme',
'compressor',
'south',
'wirecloud.catalogue',
'wirecloud.platform',
'wirecloud.fiware',
'social.apps.django_app.default')
Installed Middleware:
('wirecloud.commons.middleware.URLMiddleware',)
Traceback:
File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
112. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
52. response = view_func(request, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
57. return view_func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py" in wrapper
51. return func(request, backend, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py" in complete
28. redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py" in do_complete
43. user = backend.complete(user=user, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in complete
41. return self.auth_complete(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py" in wrapper
229. return func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in auth_complete
375. state = self.validate_state()
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in validate_state
88. raise AuthStateMissing(self, 'state')
Exception Type: AuthStateMissing at /complete/fiware/
Exception Value: Session value state missing.
我的 wirecloud 虚拟主机的 apache 日志如下:
[Wed Jan 27 07:40:40.707138 2016] [wsgi:error] [pid 22571:tid 139868295030528] Internal Server Error: /complete/fiware/
[Wed Jan 27 07:40:40.707165 2016] [wsgi:error] [pid 22571:tid 139868295030528] Traceback (most recent call last):
[Wed Jan 27 07:40:40.707167 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response
[Wed Jan 27 07:40:40.707169 2016] [wsgi:error] [pid 22571:tid 139868295030528] response = wrapped_callback(request, *callback_args, **callback_kwargs)
[Wed Jan 27 07:40:40.707171 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py", line 52, in _wrapped_view_func
[Wed Jan 27 07:40:40.707173 2016] [wsgi:error] [pid 22571:tid 139868295030528] response = view_func(request, *args, **kwargs)
[Wed Jan 27 07:40:40.707175 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view
[Wed Jan 27 07:40:40.707177 2016] [wsgi:error] [pid 22571:tid 139868295030528] return view_func(*args, **kwargs)
[Wed Jan 27 07:40:40.707179 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 51, in wrapper
[Wed Jan 27 07:40:40.707181 2016] [wsgi:error] [pid 22571:tid 139868295030528] return func(request, backend, *args, **kwargs)
[Wed Jan 27 07:40:40.707183 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py", line 28, in complete
[Wed Jan 27 07:40:40.707185 2016] [wsgi:error] [pid 22571:tid 139868295030528] redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
[Wed Jan 27 07:40:40.707187 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py", line 43, in do_complete
[Wed Jan 27 07:40:40.707189 2016] [wsgi:error] [pid 22571:tid 139868295030528] user = backend.complete(user=user, *args, **kwargs)
[Wed Jan 27 07:40:40.707191 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 41, in complete
[Wed Jan 27 07:40:40.707204 2016] [wsgi:error] [pid 22571:tid 139868295030528] return self.auth_complete(*args, **kwargs)
[Wed Jan 27 07:40:40.707206 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py", line 229, in wrapper
[Wed Jan 27 07:40:40.707208 2016] [wsgi:error] [pid 22571:tid 139868295030528] return func(*args, **kwargs)
[Wed Jan 27 07:40:40.707210 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 375, in auth_complete
[Wed Jan 27 07:40:40.707212 2016] [wsgi:error] [pid 22571:tid 139868295030528] state = self.validate_state()
[Wed Jan 27 07:40:40.707213 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 88, in validate_state
[Wed Jan 27 07:40:40.707215 2016] [wsgi:error] [pid 22571:tid 139868295030528] raise AuthStateMissing(self, 'state')
[Wed Jan 27 07:40:40.707217 2016] [wsgi:error] [pid 22571:tid 139868295030528] AuthStateMissing: Session value state missing.
horizon 日志显示如下:
[Wed Jan 27 06:40:37.975296 2016] [wsgi:error] [pid 22572:tid 139868395742976] Login successful for user "idm".
[Wed Jan 27 06:40:38.089251 2016] [wsgi:error] [pid 22572:tid 139868362172160] DEBUG:idm_logger:Requesting authorization for application: 449efdc7913f434ea6e81ed49b1669e4 with redirect_uri: https://<wirecloud_server>/complete/fiware/ and scope: ['all_info'] by user idm
[Wed Jan 27 06:40:38.122259 2016] [wsgi:error] [pid 22572:tid 139868362172160] DEBUG:idm_logger:OAUTH2: Application 449efdc7913f434ea6e81ed49b1669e4 NOT alreadyauthorized
[Wed Jan 27 06:40:40.574809 2016] [wsgi:error] [pid 22572:tid 139868395742976] DEBUG:idm_logger:Authorizing application: 449efdc7913f434ea6e81ed49b1669e4 by user: idm
[Wed Jan 27 06:40:40.596301 2016] [wsgi:error] [pid 22572:tid 139868395742976] DEBUG:idm_logger:OAUTH2: Authorization Code obtained JH3mwLCmnBx19kZwtPoqNm1Gl4eIpv
[Wed Jan 27 06:40:40.596382 2016] [wsgi:error] [pid 22572:tid 139868395742976] DEBUG:idm_logger:OAUTH2: Redirecting user back to https://<wirecloud_server>/complete/fiware/?state=LhCRZqqOaB57Lo8kyYxhk5zWJBhTRshi&code=JH3mwLCmnBx19kZwtPoqNm1Gl4eIpv
似乎在同一域中托管 IdM 服务器和 WireCloud 时会发生此问题。在这种情况下,两种服务都尝试为会话使用相同的 cookie,因为 WireCloud 和 IdM 基于 Django。用于 CSRF 身份验证令牌的 cookie 也会发生同样的情况,尽管您的错误与此 cookie 无关。
请编辑 settings.py 文件并为 SESSION_COOKIE_NAME 和 CSRF_COOKIE_NAME 设置提供自定义值。例如:
SESSION_COOKIE_NAME = "wcsessionid"
CSRF_COOKIE_NAME = "wccsrftoken"
我在自己的服务器上设置了 Wirecloud 和 KeyRock 实例。现在我想通过 KeyRock 启用对 Wirecloud 的身份验证,如下所述:Integration with the IdM-GE
在打开 <wirecloud_server>/login 完成上述步骤后,我进入了 KeyStone 登录屏幕。登录后,我被要求授权应用程序并被重定向到 <wirecloud_server>/complete/fiware/?state=<state_token>&code=<code_token>,但我只收到 500 错误。
Horizon (KeyRock-Frontend) 日志以及 Wirecloud 日志没有显示任何错误,因此我不知道问题可能是什么。
编辑1: 我将日志记录更改为调试,现在我在浏览器中收到以下消息:
Environment:
Request Method: GET
Request URL: https://<wirecloud_server>/complete/fiware/?state=LhCRZqqOaB57Lo8kyYxhk5zWJBhTRshi&code=JH3mwLCmnBx19kZwtPoqNm1Gl4eIpv
Django Version: 1.6.11
Python Version: 2.7.9
Installed Applications:
('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
'wirecloud.commons',
'wirecloud.defaulttheme',
'compressor',
'south',
'wirecloud.catalogue',
'wirecloud.platform',
'wirecloud.fiware',
'social.apps.django_app.default')
Installed Middleware:
('wirecloud.commons.middleware.URLMiddleware',)
Traceback:
File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
112. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
52. response = view_func(request, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
57. return view_func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py" in wrapper
51. return func(request, backend, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py" in complete
28. redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py" in do_complete
43. user = backend.complete(user=user, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in complete
41. return self.auth_complete(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py" in wrapper
229. return func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in auth_complete
375. state = self.validate_state()
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in validate_state
88. raise AuthStateMissing(self, 'state')
Exception Type: AuthStateMissing at /complete/fiware/
Exception Value: Session value state missing.
我的 wirecloud 虚拟主机的 apache 日志如下:
[Wed Jan 27 07:40:40.707138 2016] [wsgi:error] [pid 22571:tid 139868295030528] Internal Server Error: /complete/fiware/
[Wed Jan 27 07:40:40.707165 2016] [wsgi:error] [pid 22571:tid 139868295030528] Traceback (most recent call last):
[Wed Jan 27 07:40:40.707167 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response
[Wed Jan 27 07:40:40.707169 2016] [wsgi:error] [pid 22571:tid 139868295030528] response = wrapped_callback(request, *callback_args, **callback_kwargs)
[Wed Jan 27 07:40:40.707171 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py", line 52, in _wrapped_view_func
[Wed Jan 27 07:40:40.707173 2016] [wsgi:error] [pid 22571:tid 139868295030528] response = view_func(request, *args, **kwargs)
[Wed Jan 27 07:40:40.707175 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view
[Wed Jan 27 07:40:40.707177 2016] [wsgi:error] [pid 22571:tid 139868295030528] return view_func(*args, **kwargs)
[Wed Jan 27 07:40:40.707179 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 51, in wrapper
[Wed Jan 27 07:40:40.707181 2016] [wsgi:error] [pid 22571:tid 139868295030528] return func(request, backend, *args, **kwargs)
[Wed Jan 27 07:40:40.707183 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py", line 28, in complete
[Wed Jan 27 07:40:40.707185 2016] [wsgi:error] [pid 22571:tid 139868295030528] redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
[Wed Jan 27 07:40:40.707187 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py", line 43, in do_complete
[Wed Jan 27 07:40:40.707189 2016] [wsgi:error] [pid 22571:tid 139868295030528] user = backend.complete(user=user, *args, **kwargs)
[Wed Jan 27 07:40:40.707191 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 41, in complete
[Wed Jan 27 07:40:40.707204 2016] [wsgi:error] [pid 22571:tid 139868295030528] return self.auth_complete(*args, **kwargs)
[Wed Jan 27 07:40:40.707206 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py", line 229, in wrapper
[Wed Jan 27 07:40:40.707208 2016] [wsgi:error] [pid 22571:tid 139868295030528] return func(*args, **kwargs)
[Wed Jan 27 07:40:40.707210 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 375, in auth_complete
[Wed Jan 27 07:40:40.707212 2016] [wsgi:error] [pid 22571:tid 139868295030528] state = self.validate_state()
[Wed Jan 27 07:40:40.707213 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 88, in validate_state
[Wed Jan 27 07:40:40.707215 2016] [wsgi:error] [pid 22571:tid 139868295030528] raise AuthStateMissing(self, 'state')
[Wed Jan 27 07:40:40.707217 2016] [wsgi:error] [pid 22571:tid 139868295030528] AuthStateMissing: Session value state missing.
horizon 日志显示如下:
[Wed Jan 27 06:40:37.975296 2016] [wsgi:error] [pid 22572:tid 139868395742976] Login successful for user "idm".
[Wed Jan 27 06:40:38.089251 2016] [wsgi:error] [pid 22572:tid 139868362172160] DEBUG:idm_logger:Requesting authorization for application: 449efdc7913f434ea6e81ed49b1669e4 with redirect_uri: https://<wirecloud_server>/complete/fiware/ and scope: ['all_info'] by user idm
[Wed Jan 27 06:40:38.122259 2016] [wsgi:error] [pid 22572:tid 139868362172160] DEBUG:idm_logger:OAUTH2: Application 449efdc7913f434ea6e81ed49b1669e4 NOT alreadyauthorized
[Wed Jan 27 06:40:40.574809 2016] [wsgi:error] [pid 22572:tid 139868395742976] DEBUG:idm_logger:Authorizing application: 449efdc7913f434ea6e81ed49b1669e4 by user: idm
[Wed Jan 27 06:40:40.596301 2016] [wsgi:error] [pid 22572:tid 139868395742976] DEBUG:idm_logger:OAUTH2: Authorization Code obtained JH3mwLCmnBx19kZwtPoqNm1Gl4eIpv
[Wed Jan 27 06:40:40.596382 2016] [wsgi:error] [pid 22572:tid 139868395742976] DEBUG:idm_logger:OAUTH2: Redirecting user back to https://<wirecloud_server>/complete/fiware/?state=LhCRZqqOaB57Lo8kyYxhk5zWJBhTRshi&code=JH3mwLCmnBx19kZwtPoqNm1Gl4eIpv
似乎在同一域中托管 IdM 服务器和 WireCloud 时会发生此问题。在这种情况下,两种服务都尝试为会话使用相同的 cookie,因为 WireCloud 和 IdM 基于 Django。用于 CSRF 身份验证令牌的 cookie 也会发生同样的情况,尽管您的错误与此 cookie 无关。
请编辑 settings.py 文件并为 SESSION_COOKIE_NAME 和 CSRF_COOKIE_NAME 设置提供自定义值。例如:
SESSION_COOKIE_NAME = "wcsessionid"
CSRF_COOKIE_NAME = "wccsrftoken"