I set up a Wirecloud and an KeyRock instance on my own servers. Now I want to enable authentication to Wirecloud via KeyRock as described here: Integration with the IdM-GE
After going through the described steps upon opening <wirecloud_server>/login I land on the KeyStone login screen. When logged in I am asked th authorize the app and get redirected to <wirecloud_server>/complete/fiware/?state=<state_token>&code=<code_token> but there I only get a 500 error.
The Horizon (KeyRock-Frontend) log aswell as the Wirecloud log don't display any errors and thus I'm clueless what the problem might be.
EDIT1: I changed the logging to debug and now I get the following message in the browser:
Environment:
Request Method: GET
Request URL: https://<wirecloud_server>/complete/fiware/?state=LhCRZqqOaB57Lo8kyYxhk5zWJBhTRshi&code=JH3mwLCmnBx19kZwtPoqNm1Gl4eIpv
Django Version: 1.6.11
Python Version: 2.7.9
Installed Applications:
('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
'wirecloud.commons',
'wirecloud.defaulttheme',
'compressor',
'south',
'wirecloud.catalogue',
'wirecloud.platform',
'wirecloud.fiware',
'social.apps.django_app.default')
Installed Middleware:
('wirecloud.commons.middleware.URLMiddleware',)
Traceback:
File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
112. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
52. response = view_func(request, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
57. return view_func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py" in wrapper
51. return func(request, backend, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py" in complete
28. redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py" in do_complete
43. user = backend.complete(user=user, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in complete
41. return self.auth_complete(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py" in wrapper
229. return func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in auth_complete
375. state = self.validate_state()
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in validate_state
88. raise AuthStateMissing(self, 'state')
Exception Type: AuthStateMissing at /complete/fiware/
Exception Value: Session value state missing.
The apache log for my wirecloud vhost reads the following:
[Wed Jan 27 07:40:40.707138 2016] [wsgi:error] [pid 22571:tid 139868295030528] Internal Server Error: /complete/fiware/
[Wed Jan 27 07:40:40.707165 2016] [wsgi:error] [pid 22571:tid 139868295030528] Traceback (most recent call last):
[Wed Jan 27 07:40:40.707167 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response
[Wed Jan 27 07:40:40.707169 2016] [wsgi:error] [pid 22571:tid 139868295030528] response = wrapped_callback(request, *callback_args, **callback_kwargs)
[Wed Jan 27 07:40:40.707171 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py", line 52, in _wrapped_view_func
[Wed Jan 27 07:40:40.707173 2016] [wsgi:error] [pid 22571:tid 139868295030528] response = view_func(request, *args, **kwargs)
[Wed Jan 27 07:40:40.707175 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view
[Wed Jan 27 07:40:40.707177 2016] [wsgi:error] [pid 22571:tid 139868295030528] return view_func(*args, **kwargs)
[Wed Jan 27 07:40:40.707179 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 51, in wrapper
[Wed Jan 27 07:40:40.707181 2016] [wsgi:error] [pid 22571:tid 139868295030528] return func(request, backend, *args, **kwargs)
[Wed Jan 27 07:40:40.707183 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py", line 28, in complete
[Wed Jan 27 07:40:40.707185 2016] [wsgi:error] [pid 22571:tid 139868295030528] redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
[Wed Jan 27 07:40:40.707187 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py", line 43, in do_complete
[Wed Jan 27 07:40:40.707189 2016] [wsgi:error] [pid 22571:tid 139868295030528] user = backend.complete(user=user, *args, **kwargs)
[Wed Jan 27 07:40:40.707191 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 41, in complete
[Wed Jan 27 07:40:40.707204 2016] [wsgi:error] [pid 22571:tid 139868295030528] return self.auth_complete(*args, **kwargs)
[Wed Jan 27 07:40:40.707206 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py", line 229, in wrapper
[Wed Jan 27 07:40:40.707208 2016] [wsgi:error] [pid 22571:tid 139868295030528] return func(*args, **kwargs)
[Wed Jan 27 07:40:40.707210 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 375, in auth_complete
[Wed Jan 27 07:40:40.707212 2016] [wsgi:error] [pid 22571:tid 139868295030528] state = self.validate_state()
[Wed Jan 27 07:40:40.707213 2016] [wsgi:error] [pid 22571:tid 139868295030528] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 88, in validate_state
[Wed Jan 27 07:40:40.707215 2016] [wsgi:error] [pid 22571:tid 139868295030528] raise AuthStateMissing(self, 'state')
[Wed Jan 27 07:40:40.707217 2016] [wsgi:error] [pid 22571:tid 139868295030528] AuthStateMissing: Session value state missing.
The horizon log shows the following:
[Wed Jan 27 06:40:37.975296 2016] [wsgi:error] [pid 22572:tid 139868395742976] Login successful for user "idm".
[Wed Jan 27 06:40:38.089251 2016] [wsgi:error] [pid 22572:tid 139868362172160] DEBUG:idm_logger:Requesting authorization for application: 449efdc7913f434ea6e81ed49b1669e4 with redirect_uri: https://<wirecloud_server>/complete/fiware/ and scope: ['all_info'] by user idm
[Wed Jan 27 06:40:38.122259 2016] [wsgi:error] [pid 22572:tid 139868362172160] DEBUG:idm_logger:OAUTH2: Application 449efdc7913f434ea6e81ed49b1669e4 NOT alreadyauthorized
[Wed Jan 27 06:40:40.574809 2016] [wsgi:error] [pid 22572:tid 139868395742976] DEBUG:idm_logger:Authorizing application: 449efdc7913f434ea6e81ed49b1669e4 by user: idm
[Wed Jan 27 06:40:40.596301 2016] [wsgi:error] [pid 22572:tid 139868395742976] DEBUG:idm_logger:OAUTH2: Authorization Code obtained JH3mwLCmnBx19kZwtPoqNm1Gl4eIpv
[Wed Jan 27 06:40:40.596382 2016] [wsgi:error] [pid 22572:tid 139868395742976] DEBUG:idm_logger:OAUTH2: Redirecting user back to https://<wirecloud_server>/complete/fiware/?state=LhCRZqqOaB57Lo8kyYxhk5zWJBhTRshi&code=JH3mwLCmnBx19kZwtPoqNm1Gl4eIpv
Seems that this problem is happening when hosting the IdM server and WireCloud in the same domain. In that case, both services try to use the same cookie for the session as WireCloud and the IdM are based on Django. The same happens for the cookie used for the CSRF authentication token, although your error is not related to this cookie.
Please edit the settings.py file and provide a custom value for the SESSION_COOKIE_NAME and CSRF_COOKIE_NAME settings. E.g:
SESSION_COOKIE_NAME = "wcsessionid"
CSRF_COOKIE_NAME = "wccsrftoken"