I would like to know if it is possible to use passport-http to secure the REST API of Hyperledger Composer generated with the composer-rest-server and what would be the export COMPOSER_PROVIDERS='{}' configuration.
The idea is to use the identities previously generated and assigned to participants with the composer to authenticate the GET and POST requests on the API.
If it were possible, how would the userID and userSecret be passed, as a special http header, in the body or as a simple basic auth header?
I've not tried, but it should be able to. The Composer REST server uses the open source Passport authentication middleware, its a matter of configuration. Multiple Passport strategies can be selected, allowing clients of the REST server to select a preferred authentication mechanism.
The strategy for passport-http is here -> https://github.com/jaredhanson/passport-http
You can try something like:
export COMPOSER_PROVIDERS='{
"basic": {
"provider": "basic",
"module": "passport-http",
"clientID": "REPLACE_WITH_CLIENT_ID",
"clientSecret": "REPLACE_WITH_CLIENT_SECRET",
"authPath": "/auth/local",
"callbackURL": "/auth/local/callback",
"successRedirect": "/",
"failureRedirect": "/login"
}
}'
I assume you know how to configure your passport-http strategy.
and check out RESTful Node.js Application with passport-http - and see an example (right near the end) of an app consuming REST Endpoints right near the end.
Related
I am trying to update my password via keycloak account management using postman and I get this error:
"error": "RESTEASY003650: No resource method found for POST, return 405 with Allow header"
My endpoint: http://keycloak_url/auth/realms/{realm name}/account//credentials/password/
I have done a post request
Password reset functionality via API is removed from keycloak(12+) as it was unsafe. You can refer this thread from github. You won't find /credentials/password/ api if you are using keycloak 12 or above.
Alternative that I can suggest is that use Application Initiated Action (AIA) or use Admin Rest API
You can see further these got removed from keycloak here.
References : https://github.com/keycloak/keycloak/pull/7393#issuecomment-773502862
I am under keycloak 17+, I also had troubles to make it work,
The correct url to use should be like:
https://myHost.com/auth/admin/realms/myRealm/users/99999999-9999-9999-9999-999999999999/reset-password
You absolutely need the /auth/admin/realms keywords (some other endpoints only use /auth/realms) !
You will also need an access token from either a keycloak user or a keycloak client in the Authorization header. Check somewhere else to see how to generate and use an access token.
The body should be like:
{
"type": "password",
"temporary": true,
"value": "myNew-password1"
}
Check documentation:
https://www.keycloak.org/docs-api/17.0/rest-api/index.html#:~:text=Set%20up%20a%20new%20password%20for%20the%20user.
call back for access tokenI am searching for a solution to implement passport jwt authetication strategy for hyperledger composer REST API. I have followed this link for setting up passport authetication https://www.codementor.io/gangachris125/passport-jwt-authentication-for-hyperledger-composer-rest-server-jqfgkoljn.
Generating hyperledger composer API,creating composer rest server docker container , API's are protected everything seems working except the access token generation , how to retrieve that token.
Also i created another nodejs application with passport jwt, mongodb with few users added. I was able to succesfully generate token from that application and protect any express routes using that token.
But my struggling point is how to generate token for the composer rest server API
As explained in many articles i have created custom jwt , environment varibales as follows
custom jwt
const passportJwt = require('passport-jwt');
const util = require('util');
function CustomJwtStrategy(options, verify) {
options.jwtFromRequest = passportJwt.ExtractJwt.fromAuthHeaderAsBearerToken();
passportJwt.Strategy.call(this, options, verify);
}
util.inherits(CustomJwtStrategy, passportJwt.Strategy);
module.exports = {
Strategy: CustomJwtStrategy
};
Environment variables
COMPOSER_CARD=admin#tutorial-network
COMPOSER_NAMESPACES=never
COMPOSER_AUTHENTICATION=true
COMPOSER_MULTIUSER=true
COMPOSER_PROVIDERS='{
"jwt": {
"provider": "jwt",
"module": "/home/composer/node_modules/custom-jwt.js",
"secretOrKey": "admin",
"authScheme": "saml",
"successRedirect": "/",
"failureRedirect":"/"
}
}'
COMPOSER_DATASOURCES='{
"db": {
"name": "auth",
"connector": "mongodb",
"host": "mongo"
}
}'
composer rest server logs on startup
Now from where should i generate the token, how to retrive that token so that i can capture and pass it in headers for the hyperledger composer business API's.
Please help with details.
You can use the token generated by node js. One thing you need to take care is you have to use same here "secretOrKey": "admin" customkey with which you are generating token in node js
Make request as shown in an image as you are using options.jwtFromRequest =passportJwt.ExtractJwt.fromAuthHeaderAsBearerToken(); . It will store the access_token in cookie. Then you can retrieve it from cookie for further use.
I would like to use the cloud foundry api to get information about different apps running on the Pivotal Apps Manager.
When I run a GET request on https://api.[domain-to-look-into.com]/v2/apps
I keep getting this response:
{
"description": "Invalid Auth Token",
"error_code": "CF-InvalidAuthToken",
"code": 1000
}
I know I need some sort of Bearer Token but I am not sure how to generate that on a front-end application like angular. Does anyone know how to generate the Bearer Token and how to set up CRUD requests so I can get information from the cloud foundry api?
I wrote this Chrome plugin to talk to CF using Angular a while back, it's probably a good place to start. It handles authentication too.
https://github.com/danhigham/chrome-cf-client
I'm using a the same destination on a number of apps, which are connecting fine.
Created a new app (using the same SAP WEB IDE template).
The Service is retrieved fine when selecting New/OData service from the project menu, proving my Destination credentials are fine.
Now, when I run the app. I'm getting a basic authentication window. Cancelling this means I can't connect to the metadata of the service and therefore can't retrieve any data.
https://webidetesting0837185-s0015641139trial.dispatcher.hanatrial.ondemand.com/SAPUI5-ABAP-SFI/sap/opu/odata/sap/ZSV_SURVEY_SRV/$metadata?sap-language=EN 401 (Unauthorized)
My username and password is not being accepted even though it's correct.
Any ideas?
If you User/Password is not accepted I think you missing some configuration in the backend, check the logs like ST22 or SLG1 for authorization issues. Also check if your destinations in Cloud Connector work properly.
To solve this in generell not using basic authentication, you need to work with SAP CP's destination service. Retrieving from onPremise or via AppToAppSSO as Type/Mode of the destination OR work with API Service on SAP CP. For first way change (destination service) reference in your SAPUI5 instead of relative paths in neo-app.json like this:
{
"routes": [
{
"path": "/destinations/SFSF_ODATA_PROXY",
"target": {
"type": "destination",
"name": "sap_hcmcloud_core_odata"
},
"description": "SFSF Proxy OData"
}
],
"cacheControl": [
{
"directive": "public",
"maxAge": 0
}
]
}
Make sure you enter the credentials for your backend (and not for your CP account for example). You can also try and maintain the credentials in the destination itself by setting AuthenticationType as BasicAuthentication.
I have already solved this issue with change Authentication as Basic Authentication
i'm trying to make a request to orion broker using REST Client, for example a NGSI10 queryContext with a payload like this one:
{
"entities": [
{
"type": "*",
"isPattern": "false",
"id": "Sevilla:01727449"
}
]
}
and I always receive the same result:
Auth-token not found in request header
The orion context broker that i´m using is fi-ware lab context broker and I want to know how to make a authorized request to this CB using REST Client, if it is possible.
Thanks
The Orion instance at FI-LAB uses OAuth authentication. Thus, you need to include a valid X-Auth-Token HTTP header in your requests to Orion.
Your application should implement OAuth and negotiate with the security framework a valid token for that. However, for debug or quick testing you can use the following shell script in order to get a fresh X-Auth-Token:
https://github.com/fgalan/oauth2-example-orion-client/blob/master/token_script.sh
The script will ask you your FI-LAB user and password.
Please, have a look to https://wiki.fi-ware.org/Publish/Subscribe_Broker_-_Orion_Context_Broker_-_User_and_Programmers_Guide#FI-LAB_context_management_platform to get more detail on Orion FI-LAB deployment.
EDIT: the recently published Orion Quick Start guide also includes an example on how to use the token_script.sh script that can be useful.