I want to connect to an my client's MQTT service on AWS. I found this Amazon IoT Sample, which saves me a lot of time to dig through the API to find the process of connecting an AWS MQTT service.
In my project, I changed constants in Constants.swift in order to access MQTT service of my client, as following:
let AWSRegion = AWSRegionType.USWest2 // e.g. AWSRegionType.USEast1
let CognitoIdentityPoolId = "us-west-2:e95087f0-48a7-4732-b482-4614c7c63db6"
let CertificateSigningRequestCommonName = "MyApp"
let CertificateSigningRequestCountryName = "MyCountry"
let CertificateSigningRequestOrganizationName = "MyOrganization"
let CertificateSigningRequestOrganizationalUnitName = "MyUnit"
let PolicyName = "pubsub_policy"
// This is the endpoint in your AWS IoT console. eg: https://xxxxxxxxxx.iot.<region>.amazonaws.com
let IOT_ENDPOINT = "https://<endpoint>.amazonaws.com" // endpoint is entered correctly!
let ASWIoTDataManager = "MyIotDataManager"
But when I press Connect, the app throws this error:
2018-06-04 17:12:59:992 IoTSampleSwift[4999:2464150] Response body:
{"__type":"InvalidIdentityPoolConfigurationException","message":"Invalid identity pool configuration. Check assigned IAM roles for this pool."}
2018-06-04 17:12:59:994 IoTSampleSwift[4999:2464150]
GetCredentialsForIdentity failed. Error is [Error
Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=5 "(null)"
UserInfo={__type=InvalidIdentityPoolConfigurationException,
message=Invalid identity pool configuration. Check assigned IAM roles
for this pool.}]
2018-06-04 17:12:59:995 IoTSampleSwift[4999:2464150]
Unable to refresh. Error is [Error
Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=5 "(null)"
UserInfo={__type=InvalidIdentityPoolConfigurationException,
message=Invalid identity pool configuration. Check assigned IAM roles
for this pool.}]
2018-06-04 17:13:00:017 IoTSampleSwift[4999:2464150]
error: Error Domain=com.amazonaws.AWSCognitoIdentityErrorDomain Code=5
"(null)" UserInfo={__type=InvalidIdentityPoolConfigurationException,
message=Invalid identity pool configuration. Check assigned IAM roles
for this pool.}
Is there something wrong with my parameters in Constants.swift?
Is there something to enable at my client's service so I can access?
According to 10): p12 file: if available, then I don't have to create keys and certificates dynamically every time I need to access this MQTT service? But my client has to create it on his Amazon AWS IoT Console and gives me the certificate/key so I can generate this p12 file on my MAC?
Sorry, I have to ask these simple questions since I'm new to AWS IoT API.
Regards,
It would help to know what type of IoT authentication you're using. If you're using Cognito for your AWS IoT authentication, then the below will definitely help.
In IAM console in AWS, go to Roles. Click on your role and view the trust relationships. It's easier to see where this tab is in the picture below.
There's a good chance that the value for your StringEquals condition does not match the value for your identity pool. You can view this in Cognito > Federated Identities > Click blue link with "Name of your identity pool here" > Edit identity pool (top right) and your identity pool ID is at the top. If this is the case, click "Edit trust relationship" (seen in the image below) and edit so that the value for the key "cognito-identit.amazonaws.com::aud" matches your identity pool ID.
Related
i have an app (stateless) running as C# executable in my SF cluster. the App uses Managed identity to connect to Azure Key Vault. i have granted Key vault accss policy to the Virtual Machine Scale set managed identity, but when app tries to connect to Key vault, it gets exeption
" Azure.Identity.AuthenticationFailedException (-2146233088)
DefaultAzureCredential failed to retrieve a token from the included credentials.
EnvironmentCredential authentication unavailable. Environment variables are not fully configured?
Most of the articles talks about this exception when running on local machine. But i am running SF on azure, but still getting exception.
Any pointers on how to troubleshoot further.
I am getting an error when I try to login to Keycloak by using it as a broker.1 I am using credentials from another keycloak instance to login. So far, I am redirected to the correct login page but after entering my credentials I receive an error.
I have set up Keycloack Identity Brokering on computer 1 by following the basic steps.2 I have used the generated redirection URI of the broker to register a new client on computer 2 in another Keycloak instance.3 The client configuration present on computer 2 4 is then used to fill in Authorization URL, Token URL, Client ID and Client Secret on the Identity Broker on Computer 1. 5
I may be leaving important fields missing. Pictures are attached for reference.
I have changed some settings to get the broker to work with the other Keycloak instance. I am now sending client secret as basic auth with signed verification off. I have also enabled back-channel logout. Hope this helps someone else.
I fixed this problem by regenerating the client secret on the identity provider side and using it on keycloak. The keycloak realm data import was not working very well for me apparently.
In my case I needed to empty the hosted domain field in the "Identity providers" configuration of my Google identity provider in Keycloak.
See also:
Keycloak Google identity provider error: "Identity token does not contain hosted domain parameter"
I'm following tutorial to deploy ARM with Azure DevOps pipeline, but getting error. I wonder what is wrong? Error happens with "Azure Resource Manager connection". It find all subsc correctly, but cannot move forward.
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-tutorial-pipeline
Failed to obtain the Json Web Token(JWT) using service principal client ID.
Exception Message:
AADSTS700016: Application with identifier '111117a0-1c4f-486f-8765-e19669693333' was not found in the directory '11111041-ba57-4f49-866b-06c297c12222'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant. Trace ID: 1174e46d-22fb-456e-9c18-450c95080b00
Correlation ID: 333c3a0e-42f4-41d7-83c1-f8e3e3a83274 Timestamp: 2020-04-07 10:07:14Z
I created Service Principal automatically and now it works!
I'm trying to import my blockchain business network on cloud
using IBM bluemix
I already have all the dockers up and accessed the composer playground on cloud successfully, imported my bna file successfully, imported my admin card successfully.
But when I try to connect to the network I get the error below.
Error: Error trying login and get user Context. Error: Error trying to
enroll user or load channel configuration. Error: Enrollment failed
with errors [[{"code":400,"message":"Authorization failure"}]]
I also tried to create a new card using playground directly and gave it admin privileges but I got the same error.
The error means that Composer attempted to enrol the specified identity against the Fabric CA. This identity is not registered with the Fabric CA, so you get the authorization error. Firstly, you can review the docker logs of your CA server to see errors eg. docker logs ca.org1.example.com to get info on the auth failure.
Its possible you tried to connect with a card with no credentials set (certificate/key, not enrol id + secret). You say you 'accessed playground on cloud successfully' (I assume you mean connected to your business network that you deployed (ie rather than imported) - as 'admin' - or some other 'network admin', is that correct?
When you issue an identity, (say, connected as an admin to the biz network), add it to your wallet in Playground, then switch identity (use now) to that id. This activates the identity. Next go to 'My business networks' and connect as that identity card - it will have credentials set in your local wallet (depending on where you're connecting from - local playground or playground inside your Bluemix environment). If you return to the 'My Business Networks' you can use the 'export' icon - alongside "that user's" business network card and save it to disk (with credentials) as a .card file. That card is the one you would share, to connect to Playground elsewhere as that identity. If you continue to have issues I would remove the cards in question using composer card delete (having exported it first) from your wallet location and import the exported .card (ie with credentials set) again, then try connect from Playground.
When I attempt to connect to the IBM IoT Foundation with a registered device, I receive the following error message:
Error connecting to IBM IoT: {"errorCode":6,"errorMessage":"AMQJS0006E Bad Connack return code:5 Connection Refused: not authorized."}
How do I resolve this problem?
It is possible that you have expired as a member of your org if you created the service (and thereby the org) via the Bluemix dashboard. When you log into Bluemix, you get a 24 hour pass as a guest. You can then go into the IoTF dashboard and add yourself as a permanent member.
Do this by launching the IoTF dashboard from your Bluemix IoT service and then go to the Access tab. You should see yourself as a "guest" user, and you can add yourself as a permanent member. From the Access tab, add yourself as a permanent member of the org.
Yeah, maybe just API attempts for trial are out?
CHeck in Bluemix panel