2

I was trying to incorporate IDM (Docker) latest, and pep-proxy (git example running with node server).

When I started pep-proxy, everything was working as intended. I've got the following messages:

  1. INFO: Server - Starting PEP proxy in port 80. IdM authentication...

  2. Server - Success authenticating PEP proxy. Proxy Auth-token: d9badf48-16fa-423d-884c-a3e155578791

Now a problem happens. When I enter the wrong token I get this error.

ERROR: IDM-Client - Error validating token. 
Proxy not authorized in keystone. Keystone authentication ... 
ERROR: Server - Caught exception: 
SyntaxError: Unexpected token u in JSON at position 0

As far as I understand I am expecting some return like invalid token, etc.. instead I get this error in pep-proxy and my curl command show->(52) Empty reply from server.

My config.json of pep-proxy:

var config = {};

// Used only if https is disabled
config.pep_port = 80;

// Set this var to undefined if you don't want the server to listen on  HTTPS
config.https = {
  enabled: false,
  cert_file: 'cert/cert.crt',
  key_file: 'cert/key.key',
  port: 443
};

config.idm = {
  host: 'localhost',
  port: 3000,
  ssl: false
}

config.app = {
  host: 'www.google.es',
  port: '80',
  ssl: false // Use true if the app server listens in https
}

// Credentials obtained when registering PEP Proxy in app_id in Account Portal     
config.pep = {
  app_id: 'xxxxxx',
  username: 'xxxxxx',
  password: 'xxxxxx',
  trusted_apps : []
}

// in seconds
config.cache_time = 300;

// if enabled PEP checks permissions with AuthZForce GE. 
// only compatible with oauth2 tokens engine
//
// you can use custom policy checks by including programatic scripts 
// in policies folder. An script template is included there
config.azf = {
  enabled: true,
  protocol: 'http',
  host: 'localhost',
  port: 8080,
  custom_policy: undefined // use undefined to default policy checks (HTTP verb + path).
 };

 // list of paths that will not check authentication/authorization
 // example: ['/public/*', '/static/css/']
 config.public_paths = [];

 config.magic_key = 'undefined';

 module.exports = config;

IDM logs:

fiware-idm_1  | GET                                                
/user?access_token=7cb25729577c2e01dc337314dcd912ec981dc49b 401 4.445 ms -  116

fiware-idm_1  | Executing (default): SELECT email, 'user' as Source FROM  
user WHERE email='pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c'
fiware-idm_1  |                  UNION ALL
fiware-idm_1  |                  SELECT id, 'pep_proxy' as Source FROM    
pep_proxy WHERE id='pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c';
fiware-idm_1  | Executing (default): SELECT `id`, `password`,    
`oauth_client_id` FROM `pep_proxy` AS `PepProxy` WHERE `PepProxy`.`id` = 
'pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c';
fiware-idm_1  | Executing (default): INSERT INTO `auth_token` 
(`access_token`,`expires`,`valid`,`pep_proxy_id`) VALUES ('a0d54a6f- 
8461-4000-bb80-5fb60193bcb4','2018-05-04 
11:45:21',true,'pep_proxy_edf60435-7de7-4875-85a9-cf68b8838b8c');
fiware-idm_1  | POST /v3/auth/tokens 201 13.733 ms - 74
roNn23
  • 1,532
  • 1
  • 15
  • 32
Igor
  • 225
  • 1
  • 9
  • I've just removed your login data, I'll hope that's fine – roNn23 May 04 '18 at 12:45
  • Are you using a wrong token and waiting an appropriate message? Is the wrong token in the right format? What is the purpose of using a wrong token? =) – Dalton Cézane May 07 '18 at 16:31
  • Yes I'm using wrong token and wait for proper message, well purpose is testing and seeing response when provided with wrong token. Token format is correct i only swap 1 letter with another. But even they are for older version on pep-proxy videos u can see even if u type like "affaas" for token u should get msg saying token not valid or wrong..... U can see in logs of IDM he said 401 witch is expected he was not able to find user with that token but then proceed into executing more things and I'm not sure why. – Igor May 08 '18 at 07:26

1 Answers1

0

The error "SyntaxError: Unexpected token u in JSON at position 0", as stated here, is probably due to some place at the code where JSON.parse is called with an undefined parameter. You are getting this message because the error was not properly treated and the exception is being thrown (exception not treated).

In the Wilma PEP Proxy github, we can see the latest changes at the code and we can guess/infer where this error comes from.

I think you can open an issue at github.

Dalton Cézane
  • 3,672
  • 2
  • 35
  • 60
  • Thanks for your input i will proceed and open issue on github. – Igor May 11 '18 at 07:58
  • If you think the answer helped, you can mark it. Regards. – Dalton Cézane May 14 '18 at 14:25
  • Hey Dalton, your question helped. I just wanted to see if maybe problems are on my end and i went and try to configure pep and idm older version. And i got similar issue, also i try to setup them using your guide witch was very clear but still same issue and problem. Error that i got with older versions are same as described here https://stackoverflow.com/questions/49360026/fiware-how-to-connect-pep-proxy-to-orion-and-configure-both-with-https Now at this moment i am out of idea what is problem because it is for sure on my end, do u have some suggestion or idea where to look or something. – Igor May 16 '18 at 10:02
  • I still think the problem is with the Wilma code. =) Some place there needs a good exception treatment... – Dalton Cézane May 16 '18 at 13:58
  • U have point about current version of Wilma code i will open issue on github when i find time, what about using older version of pep-proxy and idm (using horizon and keystone) are that viable or not? – Igor May 16 '18 at 14:21
  • Once the purpose of a PEP Proxy is allow only authorized access and this error does not hit that, i.e., the PEP even with this error is allowing only authorized tokens to get access to your service, I would continue using the latest versions. Older versions can have even more errors. A more complex problem would be if the PEP was allowing invalid tokens to access your protected service, and I think it is not. – Dalton Cézane May 16 '18 at 14:54