Reputation: 43
Securing Short-term-history (STH, aka. comet) with FIWARE-PEP-STEELSKIN
I'm struggling around FIWARE Short Time Historic (STH, aka. Comet) securization by using Steelskin, the additional GEi of PEP Proxy GE (https://github.com/telefonicaid/fiware-pep-steelskin).
We finally came up with a configuration that perfectly works with orion and perseo but it does not propertly handle STH calls. It returns:
{
"name": "ACCESS_DENIED",
"message": "The user does not have the appropriate permissions to access the selected action"
}
But it perfectly handle orion calls with given token. Has anyone a working configuration on docker-compose schema?
Our PEP frontend looks like:
pep-sth-fe:
#image: telefonicaiot/fiware-pep-steelskin:latest
build: ./fiware-pep-steelskin
links:
- sth
- keystone
- keypass
ports:
- "8666:8666"
- "11213:11211"
environment:
- COMPONENT_PLUGIN=rest
- TARGET_HOST=sth
- TARGET_PORT=8666
- PROXY_USERNAME=pep
- PROXY_PASSWORD=XXXXXXXX
- ACCESS_HOST=keypass
- ACCESS_PORT=7070
- AUTHENTICATION_HOST=keystone
- AUTHENTICATION_PORT=5001
According to: https://github.com/telefonicaid/fiware-pep-steelskin/blob/master/errorcodes.md
It might be a keypass configuration issue. Creating and assigning an authorised role to allow queries on pep proxied sth?
Thanks in advance for your help.
Bests!
Upvotes: 1
Views: 127
Answers (0)
Related Questions
- Fiware IoTAgent and Context Broker
- Fiware multitenancy
- Exactly-once: who is storing the historical data, flink or the data source
- This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms while caching
- STH-Comet installation
- Fiware: subscription duration
- Fiware: data privacy generic enabler implementation?
- Fiware: Cepheus security considerations?
- Support authentication in FIWARE Monitoring generic enabler
- How can I see real time modifications of my data using a Fiware Enabler?