Fiware Keystone API创建用户并通过Horizo​​n进行访问

本文介绍了Fiware Keystone API创建用户并通过Horizo​​n进行访问的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

im使用Keystone api创建用户(如固件Keystone API创建用户).

im using keystone api to create an user (as in Fiware Keystone API Create User).

我的步骤:

使用以下项目创建项目:

create project with:

curl -s -H"X-Auth-Token:17007fe11124bd71eb60" -H内容类型: application/json"-d'{" tenant:{" description:" Project1， 名称":"proyecto1"，已启用":true}}' localhost:35357/v2.0/tenants -X POST | Python -mjson.tool

curl -s -H "X-Auth-Token:17007fe11124bd71eb60" -H "Content-Type: application/json" -d '{"tenant": {"description":"Project1", "name":"proyecto1", "enabled": true}}' localhost:35357/v2.0/tenants -X POST | python -mjson.tool

创建角色:

curl -s -H"X-Auth-Token:17007fe11124bd71eb60" -H内容类型: application/json"-d'{" role:{" name:" Project1Admin， "description":"project1的角色管理员"}}' localhost:35357/v3/roles | python -mjson.tool

curl -s -H "X-Auth-Token:17007fe11124bd71eb60" -H "Content-Type: application/json" -d '{"role":{"name":"Project1Admin", "description":"Role Admin for project1"}}' localhost:35357/v3/roles | python -mjson.tool

创建用户:

curl -s -H"X-Auth-Token:17007fe11124bd71eb60" -H内容类型: application/json"-d'{" user:{" default_project_id: "d0f384973b9f4a57b975fcd9bef10c6e"，描述":"admin1"， "enabled":true，"name":"admin"，"password":"admin"， "email":"admin@gmail"}}' localhost:35357/v2. 0/用户 | python -mjson.tool

curl -s -H "X-Auth-Token:17007fe11124bd71eb60" -H "Content-Type: application/json" -d '{"user": {"default_project_id": "d0f384973b9f4a57b975fcd9bef10c6e", "description":"admin1", "enabled":true, "name":"admin", "password":"admin", "email":"admin@gmail"}}' localhost:35357/v2.0/users | python -mjson.tool

最后一步:创建用户-角色-租户关系:

last step: create user-role-tenant relationship:

curl -s -H"X-Auth-Token:17007fe11124bd71eb60" localhost:35357/v2. 0/租户/d0f384973b9f4a57b975fcd9bef10c6e/users/admin1/roles/OS-KS/0c10f475076345368724a03ccd1c3403 -X PUT

curl -s -H "X-Auth-Token:17007fe11124bd71eb60" localhost:35357/v2.0/tenants/d0f384973b9f4a57b975fcd9bef10c6e/users/admin1/roles/OS-KS/0c10f475076345368724a03ccd1c3403 -X PUT

如果我检查用户:

curl -s -H"X-Auth-Token:17007fe11124bd71eb60" localhost:5000/v3/users/admin1 | python -mjson.tool

curl -s -H "X-Auth-Token:17007fe11124bd71eb60" localhost:5000/v3/users/admin1 | python -mjson.tool

响应:

{ "user": { "default_project_id": "d0f384973b9f4a57b975fcd9bef10c6e", "description": "admin1", "domain_id": "default", "email": "admin1@gmail", "enabled": true, "id": "admin1", "links": { "self": "localhost:5000/v3/users/admin1" }, "name": "admin1", "username": null } }

我认为这很好，但是我尝试连接Horizo​​n并出现错误无效的用户或密码".即时通讯进入日志的结果如下:

I think thats good, But I try to connect with horizon and have an error "Invalid user or password". The result im getting in logs is the following :

keystone.log

keystone.log

2016-04-20 07:56:03.949 2150 WARNING keystonemon.wsgi [-] Could not find user: admin1@gmail 2016-04-20 07:56:03.967 2150 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [20/Apr/2016 07:56:03] "HEAD /v3/OS-TWO-FACTOR/two_factor_auth?user_name=admin1%40gmail&domain_name=Default HTTP/1.1" 404 159 0.077033

horizo​​n.log:

horizon.log:

[Wed Apr 20 07:59:41.934935 2016] [:error] [pid 5963:tid 140154061260544] Login failed for user "admin1@gmail".

任何人都知道为什么该用户无法与地平线连接吗?

Anyone knows why this user cant connect with horizon?

谢谢

推荐答案

在KeyRock中，我们使用name字段存储用户电子邮件，并使用username字段存储其用户名.创建用户时，请求中提供的所有属性(name，username，default_project_id，domain_id和enabled属性除外)都将被序列化并存储在称为extra的字段中.因此，您的email属性将存储在extra字段中.

In KeyRock, we use the name field to store the user email, and the username field to store its username. When creating a user, all attributes provided in the request but the name, the username, the default_project_id, the domain_id and the enabled attribute are serialized and stored inside a field called extra. Therefore, your email attribute will be stored in the extra field.

注册后，登录Horizo​​n并提供用户电子邮件时，Horizo​​n会向Keystone发送请求，以在name字段中搜索电子邮件.由于您输入的是admin1@gmail，但您提供的实际名称是admin1，因此登录Horizo​​n将会失败.

After registering, when loging in to Horizon and providing the user email, Horizon sends a request to Keystone to search for the email in the name field. Since you are entering admin1@gmail, but the actual name you provided is admin1, login into Horizon will fail.

使用admin1@gmail作为名称(而不是电子邮件)重新注册用户应该可以解决您的问题，但是如果您负担不起重新创建用户的费用，也可以在登录表单的电子邮件字段中输入admin1.

Registering the user again with admin1@gmail as name (and not email) should fix your problem, but you can also enter admin1 in the email field of the login form if you can't afford to recreate the user.

希望这可以解决您的问题！

Hope this solves your issue!