Keystone通过api创建用户和权限
问题描述:
我在fiware实验室中有一个Keyrock实例。Keystone通过api创建用户和权限
在我的应用程序,即时试图创建用户与API作为Fiware keystone api create user and access with horizon。
现在我检查用户:
卷曲-s -h “X-验证令牌:17007fe11124bd71eb60” http://localhost:5000/v3/users/admin |蟒蛇-mjson.tool
响应:
> {
> "user": {
> "default_project_id": "d0f384973b9f4a57b975fcd9bef10c6e",
> "description": "admin",
> "domain_id": "default",
> "email": "[email protected]",
> "enabled": true,
> "id": "admin",
> "links": {
> "self": "http://localhost:5000/v3/users/admin1"
> },
> "name": "[email protected]",
> "username": "admin"
> } }
现在名称字段是正确的,但我不能登录该用户在我的视野。如果我检查keystone.log,我可以看到这一点:
2016-09-21 12:28:50.353 1483 WARNING keystone.common.wsgi [-] Authorization failed. The request you have made requires authentication. from 127.0.0.1
2016-09-21 12:28:50.445 1482 WARNING keystone.auth.controllers [-] User admin doesn't have access to default project d0f384973b9f4a57b975fcd9bef10c6e. The token will be unscoped rather than scoped to the project.
2016-09-21 12:28:50.767 1481 WARNING keystone.common.wsgi [-] You are not authorized to perform the requested action: identity:revoke_token
2016-09-21 12:29:42.900 1483 WARNING keystone.common.controller [-] RBAC: Bypassing authorization
和地平线:
当然,日志说明问题:“用户管理员无权访问默认项目d0f384973b9f4a57b975fcd9bef10c6e“但是,我怎样才能在项目中设置此用户的权限?
好解释{} ROLE_ID
。我认为它的方式,但不是全部。在将角色分配给项目之后,水平线中会出现“session expired”错误,并且在keystone.log中:“授权失败。您提出的请求需要验证”。寻找v3/projects/{idproject}/users/{my_user} /角色返回带有角色成员的json ... – Jakala
@AlvaroAlonso我遇到同样的问题。登录后,用户立即注销。Hoirzon控制台显示: 用户“umair”登录成功。 [10/Jan/2017 13:35:14]“POST/auth/login/HTTP/1.1”302 0 DEBUG:idm_logger:Session expired for user nadeem [10/Jan/2017 13:35:14]“ GET/HTTP/1.1“302 0 注销用户”umair“。 无法删除令牌。 而fiware门户显示“Session expired” – Umair47
@AngelCid您是否找到解决方案? – Umair47