问题描述
当尝试通过KeyStone在Wirecloud中进行身份验证时,在浏览器中显示以下错误:
When trying to authenticate in Wirecloud via KeyStone we get the following error displayed in the browser:
Environment:
Request Method: GET
Request URL: https://<ServerURL>/complete/fiware/?state=SDyJk9ru8wSLwUZIRtSrwI86jznMIv8O&code=WzIZ11YpmGAuZoltvTTGMGoP45ZtHe
Django Version: 1.6.11
Python Version: 2.7.9
Installed Applications:
('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
'wirecloud.commons',
'wirecloud.defaulttheme',
'compressor',
'south',
'wirecloud.catalogue',
'wirecloud.platform',
'wirecloud.fiware',
'social.apps.django_app.default')
Installed Middleware:
('wirecloud.commons.middleware.URLMiddleware',)
Traceback:
File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
112. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
52. response = view_func(request, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
57. return view_func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py" in wrapper
51. return func(request, backend, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py" in complete
28. redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py" in do_complete
43. user = backend.complete(user=user, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in complete
41. return self.auth_complete(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py" in wrapper
229. return func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in auth_complete
383. method=self.ACCESS_TOKEN_METHOD
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in request_access_token
361. return self.get_json(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in get_json
229. return self.request(url, *args, **kwargs).json()
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in request
224. raise AuthFailed(self, str(err))
Exception Type: AuthFailed at /complete/fiware/
Exception Value: Authentication failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
Wirecloud日志显示以下内容:
The Wirecloud log shows the following:
[Fri Mar 04 08:09:51.933675 2016] [ssl:info] [pid 29119:tid 140090189723392] [client 172.30.20.99:63539] AH01964: Connection to child 20 established (server <ServerURL>:443)
[Fri Mar 04 08:10:04.388865 2016] [ssl:info] [pid 29120:tid 140090223294208] [client 172.30.20.99:63557] AH01964: Connection to child 80 established (server <ServerURL>:443)
[Fri Mar 04 08:10:04.443926 2016] [wsgi:error] [pid 29117:tid 140090323621632] Internal Server Error: /complete/fiware/
[Fri Mar 04 08:10:04.443940 2016] [wsgi:error] [pid 29117:tid 140090323621632] Traceback (most recent call last):
[Fri Mar 04 08:10:04.443942 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response
[Fri Mar 04 08:10:04.443945 2016] [wsgi:error] [pid 29117:tid 140090323621632] response = wrapped_callback(request, *callback_args, **callback_kwargs)
[Fri Mar 04 08:10:04.443947 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py", line 52, in _wrapped_view_func
[Fri Mar 04 08:10:04.443950 2016] [wsgi:error] [pid 29117:tid 140090323621632] response = view_func(request, *args, **kwargs)
[Fri Mar 04 08:10:04.443952 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view
[Fri Mar 04 08:10:04.443954 2016] [wsgi:error] [pid 29117:tid 140090323621632] return view_func(*args, **kwargs)
[Fri Mar 04 08:10:04.443956 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 51, in wrapper
[Fri Mar 04 08:10:04.443958 2016] [wsgi:error] [pid 29117:tid 140090323621632] return func(request, backend, *args, **kwargs)
[Fri Mar 04 08:10:04.443960 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py", line 28, in complete
[Fri Mar 04 08:10:04.443962 2016] [wsgi:error] [pid 29117:tid 140090323621632] redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
[Fri Mar 04 08:10:04.443964 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py", line 43, in do_complete
[Fri Mar 04 08:10:04.443966 2016] [wsgi:error] [pid 29117:tid 140090323621632] user = backend.complete(user=user, *args, **kwargs)
[Fri Mar 04 08:10:04.443968 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 41, in complete
[Fri Mar 04 08:10:04.443971 2016] [wsgi:error] [pid 29117:tid 140090323621632] return self.auth_complete(*args, **kwargs)
[Fri Mar 04 08:10:04.443973 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py", line 229, in wrapper
[Fri Mar 04 08:10:04.443975 2016] [wsgi:error] [pid 29117:tid 140090323621632] return func(*args, **kwargs)
[Fri Mar 04 08:10:04.443977 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 383, in auth_complete
[Fri Mar 04 08:10:04.443979 2016] [wsgi:error] [pid 29117:tid 140090323621632] method=self.ACCESS_TOKEN_METHOD
[Fri Mar 04 08:10:04.443981 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 361, in request_access_token
[Fri Mar 04 08:10:04.443983 2016] [wsgi:error] [pid 29117:tid 140090323621632] return self.get_json(*args, **kwargs)
[Fri Mar 04 08:10:04.443985 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 229, in get_json
[Fri Mar 04 08:10:04.443987 2016] [wsgi:error] [pid 29117:tid 140090323621632] return self.request(url, *args, **kwargs).json()
[Fri Mar 04 08:10:04.443995 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 224, in request
[Fri Mar 04 08:10:04.443997 2016] [wsgi:error] [pid 29117:tid 140090323621632] raise AuthFailed(self, str(err))
[Fri Mar 04 08:10:04.443999 2016] [wsgi:error] [pid 29117:tid 140090323621632] AuthFailed: Authentication failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
然后Horizon日志显示以下内容:
And the Horizon log displays this:
[Fri Mar 04 08:10:01.939771 2016] [ssl:info] [pid 29120:tid 140090282043136] [client 172.30.20.99:63555] AH01964: Connection to child 73 established (<ServerURL>:443)
[Fri Mar 04 07:10:02.175214 2016] [wsgi:error] [pid 29118:tid 140090390763264] No regions could be found excluding identity.
[Fri Mar 04 07:10:02.175651 2016] [wsgi:error] [pid 29118:tid 140090390763264] Login successful for user "<UserEmail>".
[Fri Mar 04 07:10:02.313486 2016] [wsgi:error] [pid 29118:tid 140090415941376] DEBUG:idm_logger:Requesting authorization for application: 904fd95c253c4938a824d1a443ce0fdd with redirect_uri: https://<ServerURL>/complete/fiware/ and scope: ['all_info'] by user <UserName>
[Fri Mar 04 07:10:02.346101 2016] [wsgi:error] [pid 29118:tid 140090415941376] DEBUG:idm_logger:OAUTH2: Application 904fd95c253c4938a824d1a443ce0fdd NOT alreadyauthorized
[Fri Mar 04 07:10:04.250695 2016] [wsgi:error] [pid 29118:tid 140090390763264] DEBUG:idm_logger:Authorizing application: 904fd95c253c4938a824d1a443ce0fdd by user: <UserName>
[Fri Mar 04 07:10:04.274461 2016] [wsgi:error] [pid 29118:tid 140090390763264] DEBUG:idm_logger:OAUTH2: Authorization Code obtained WzIZ11YpmGAuZoltvTTGMGoP45ZtHe
[Fri Mar 04 07:10:04.274541 2016] [wsgi:error] [pid 29118:tid 140090390763264] DEBUG:idm_logger:OAUTH2: Redirecting user back to https://<ServerURL>/complete/fiware/?state=SDyJk9ru8wSLwUZIRtSrwI86jznMIv8O&code=WzIZ11YpmGAuZoltvTTGMGoP45ZtHe
[Fri Mar 04 08:10:04.441087 2016] [ssl:info] [pid 29120:tid 140090189723392] [client 192.168.149.9:53270] AH01964: Connection to child 84 established (server <ServerURL>:443)
[Fri Mar 04 08:10:04.442137 2016] [ssl:info] [pid 29120:tid 140090189723392] [client 192.168.149.9:53270] AH02008: SSL library error 1 in handshake (server <ServerURL>:443)
[Fri Mar 04 08:10:04.442165 2016] [ssl:info] [pid 29120:tid 140090189723392] SSL Library Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (SSL alert number 48)
[Fri Mar 04 08:10:04.442174 2016] [ssl:info] [pid 29120:tid 140090189723392] [client 192.168.149.9:53270] AH01998: Connection closed to child 84 with abortive shutdown (server <ServerURL>:443)
Horizon和Wirecloud在相同的Apache上运行,Wirecloud在端口443下,Horizon在端口40443下.两者都使用相同的cert文件用于ssl和工作,由他们自己调用,很好.这些证书文件当前是自签名文件.
Horizon and Wirecloud run on the same apache, Wirecloud under port 443 and Horizon under port 40443. Both use the same cert files for ssl and work, called by themself, fine. Those cert files are currently self signed ones.
由于我对apache中的ssl用法还很陌生,因此非常感谢halp.
Since I am pretty new to ssl usage in apache any halp would be much appreciated.
推荐答案
在使用自签名证书时,最好的选择是将证书包括在受信任证书列表中. requests
(用于发出此请求的模块)通常使用捆绑默认值(取决于安装方法).您可以编辑该捆绑包以添加证书(有关更多详细信息,请参见此链接),但是每次升级requests
模块时,您都必须更新此捆绑软件.
As you are using self-signed certificates, the best option is including your cert into the list of trusted certificates. requests
(the module used for making this request) usually uses a bundle by default (it depends on the installation method). You can edit that bundle for adding your cert (see this link for more details) although you will have to update this bundle every time you upgrade the requests
module.
另一个选项是配置requests
以使用来自OS的受信任证书存储库.可以使用REQUESTS_CA_BUNDLE
环境变量进行配置(例如,通过编辑wgsi.py
文件并添加类似于以下内容的内容:os.environ['REQUESTS_CA_BUNDLE'] = "/etc/ssl/certs/ca-certificates.crt"
).将证书添加到受信任存储库中的操作取决于您的操作系统,但是google上有很多有关此问题的信息(例如您可以在此处找到使用Debian/Ubuntu进行签名的方法.
Another option, is to configure requests
for using the trusted certs repository from the OS. This can be configured using the REQUESTS_CA_BUNDLE
environment var (e.g. by editing your wgsi.py
file adding something similar to this: os.environ['REQUESTS_CA_BUNDLE'] = "/etc/ssl/certs/ca-certificates.crt"
). The operation of adding your cert into the trusted repository depends on your OS, but there is a lot of information about this matter on google (e.g. here you can find how to do it using Debian/Ubuntu).
这篇关于Keystone Wirecloud身份验证失败:[SSL:CERTIFICATE_VERIFY_FAILED]的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!