1

当尝试通过 KeyStone 在 Wirecloud 中进行身份验证时,我们会在浏览器中显示以下错误:

Environment:


Request Method: GET
Request URL: https://<ServerURL>/complete/fiware/?state=SDyJk9ru8wSLwUZIRtSrwI86jznMIv8O&code=WzIZ11YpmGAuZoltvTTGMGoP45ZtHe

Django Version: 1.6.11
Python Version: 2.7.9
Installed Applications:
('django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.admin',
 'wirecloud.commons',
 'wirecloud.defaulttheme',
 'compressor',
 'south',
 'wirecloud.catalogue',
 'wirecloud.platform',
 'wirecloud.fiware',
 'social.apps.django_app.default')
Installed Middleware:
('wirecloud.commons.middleware.URLMiddleware',)


Traceback:
File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
  112.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
  52.         response = view_func(request, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
  57.         return view_func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py" in wrapper
  51.             return func(request, backend, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py" in complete
  28.                        redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py" in do_complete
  43.         user = backend.complete(user=user, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in complete
  41.         return self.auth_complete(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py" in wrapper
  229.             return func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in auth_complete
  383.             method=self.ACCESS_TOKEN_METHOD
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in request_access_token
  361.         return self.get_json(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in get_json
  229.         return self.request(url, *args, **kwargs).json()
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in request
  224.             raise AuthFailed(self, str(err))

Exception Type: AuthFailed at /complete/fiware/
Exception Value: Authentication failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)

Wirecloud 日志显示以下内容:

[Fri Mar 04 08:09:51.933675 2016] [ssl:info] [pid 29119:tid 140090189723392] [client 172.30.20.99:63539] AH01964: Connection to child 20 established (server <ServerURL>:443)
[Fri Mar 04 08:10:04.388865 2016] [ssl:info] [pid 29120:tid 140090223294208] [client 172.30.20.99:63557] AH01964: Connection to child 80 established (server <ServerURL>:443)
[Fri Mar 04 08:10:04.443926 2016] [wsgi:error] [pid 29117:tid 140090323621632] Internal Server Error: /complete/fiware/
[Fri Mar 04 08:10:04.443940 2016] [wsgi:error] [pid 29117:tid 140090323621632] Traceback (most recent call last):
[Fri Mar 04 08:10:04.443942 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response
[Fri Mar 04 08:10:04.443945 2016] [wsgi:error] [pid 29117:tid 140090323621632]     response = wrapped_callback(request, *callback_args, **callback_kwargs)
[Fri Mar 04 08:10:04.443947 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py", line 52, in _wrapped_view_func
[Fri Mar 04 08:10:04.443950 2016] [wsgi:error] [pid 29117:tid 140090323621632]     response = view_func(request, *args, **kwargs)
[Fri Mar 04 08:10:04.443952 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view
[Fri Mar 04 08:10:04.443954 2016] [wsgi:error] [pid 29117:tid 140090323621632]     return view_func(*args, **kwargs)
[Fri Mar 04 08:10:04.443956 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 51, in wrapper
[Fri Mar 04 08:10:04.443958 2016] [wsgi:error] [pid 29117:tid 140090323621632]     return func(request, backend, *args, **kwargs)
[Fri Mar 04 08:10:04.443960 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py", line 28, in complete
[Fri Mar 04 08:10:04.443962 2016] [wsgi:error] [pid 29117:tid 140090323621632]     redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
[Fri Mar 04 08:10:04.443964 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py", line 43, in do_complete
[Fri Mar 04 08:10:04.443966 2016] [wsgi:error] [pid 29117:tid 140090323621632]     user = backend.complete(user=user, *args, **kwargs)
[Fri Mar 04 08:10:04.443968 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 41, in complete
[Fri Mar 04 08:10:04.443971 2016] [wsgi:error] [pid 29117:tid 140090323621632]     return self.auth_complete(*args, **kwargs)
[Fri Mar 04 08:10:04.443973 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py", line 229, in wrapper
[Fri Mar 04 08:10:04.443975 2016] [wsgi:error] [pid 29117:tid 140090323621632]     return func(*args, **kwargs)
[Fri Mar 04 08:10:04.443977 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 383, in auth_complete
[Fri Mar 04 08:10:04.443979 2016] [wsgi:error] [pid 29117:tid 140090323621632]     method=self.ACCESS_TOKEN_METHOD
[Fri Mar 04 08:10:04.443981 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 361, in request_access_token
[Fri Mar 04 08:10:04.443983 2016] [wsgi:error] [pid 29117:tid 140090323621632]     return self.get_json(*args, **kwargs)
[Fri Mar 04 08:10:04.443985 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 229, in get_json    
[Fri Mar 04 08:10:04.443987 2016] [wsgi:error] [pid 29117:tid 140090323621632]     return self.request(url, *args, **kwargs).json()
[Fri Mar 04 08:10:04.443995 2016] [wsgi:error] [pid 29117:tid 140090323621632]   File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 224, in request
[Fri Mar 04 08:10:04.443997 2016] [wsgi:error] [pid 29117:tid 140090323621632]     raise AuthFailed(self, str(err))
[Fri Mar 04 08:10:04.443999 2016] [wsgi:error] [pid 29117:tid 140090323621632] AuthFailed: Authentication failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)

Horizo​​n 日志显示如下:

[Fri Mar 04 08:10:01.939771 2016] [ssl:info] [pid 29120:tid 140090282043136] [client 172.30.20.99:63555] AH01964: Connection to child 73 established (<ServerURL>:443)
[Fri Mar 04 07:10:02.175214 2016] [wsgi:error] [pid 29118:tid 140090390763264] No regions could be found excluding identity.
[Fri Mar 04 07:10:02.175651 2016] [wsgi:error] [pid 29118:tid 140090390763264] Login successful for user "<UserEmail>".
[Fri Mar 04 07:10:02.313486 2016] [wsgi:error] [pid 29118:tid 140090415941376] DEBUG:idm_logger:Requesting authorization for application: 904fd95c253c4938a824d1a443ce0fdd with redirect_uri: https://<ServerURL>/complete/fiware/         and scope: ['all_info'] by user <UserName>
[Fri Mar 04 07:10:02.346101 2016] [wsgi:error] [pid 29118:tid 140090415941376] DEBUG:idm_logger:OAUTH2: Application 904fd95c253c4938a824d1a443ce0fdd NOT alreadyauthorized
[Fri Mar 04 07:10:04.250695 2016] [wsgi:error] [pid 29118:tid 140090390763264] DEBUG:idm_logger:Authorizing application: 904fd95c253c4938a824d1a443ce0fdd by user: <UserName>
[Fri Mar 04 07:10:04.274461 2016] [wsgi:error] [pid 29118:tid 140090390763264] DEBUG:idm_logger:OAUTH2: Authorization Code obtained WzIZ11YpmGAuZoltvTTGMGoP45ZtHe
[Fri Mar 04 07:10:04.274541 2016] [wsgi:error] [pid 29118:tid 140090390763264] DEBUG:idm_logger:OAUTH2: Redirecting user back to https://<ServerURL>/complete/fiware/?state=SDyJk9ru8wSLwUZIRtSrwI86jznMIv8O&code=WzIZ11YpmGAuZoltvTTGMGoP45ZtHe
[Fri Mar 04 08:10:04.441087 2016] [ssl:info] [pid 29120:tid 140090189723392] [client 192.168.149.9:53270] AH01964: Connection to child 84 established (server <ServerURL>:443)
[Fri Mar 04 08:10:04.442137 2016] [ssl:info] [pid 29120:tid 140090189723392] [client 192.168.149.9:53270] AH02008: SSL library error 1 in handshake (server <ServerURL>:443)
[Fri Mar 04 08:10:04.442165 2016] [ssl:info] [pid 29120:tid 140090189723392] SSL Library Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (SSL alert number 48)
[Fri Mar 04 08:10:04.442174 2016] [ssl:info] [pid 29120:tid 140090189723392] [client 192.168.149.9:53270] AH01998: Connection closed to child 84 with abortive shutdown (server <ServerURL>:443)

Horizo​​n 和 Wirecloud 在同一个 apache 上运行,Wirecloud 在端口 443 下,Horizo​​n 在端口 40443 下。两者都使用相同的证书文件进行 ssl 和工作,由他们自己调用,很好。这些证书文件目前是自签名的。

由于我对 apache 中的 ssl 使用非常陌生,因此非常感谢任何 halp。

4

1 回答 1

1

当您使用自签名证书时,最好的选择是将您的证书包含在受信任的证书列表中。requests(用于发出此请求的模块)通常默认使用捆绑包(取决于安装方法)。您可以编辑该捆绑包以添加您的证书(有关更多详细信息,请参阅此链接),尽管每次升级requests模块时都必须更新此捆绑包。

另一种选择是配置requests使用操作系统中的受信任证书存储库。这可以使用REQUESTS_CA_BUNDLE环境变量进行配置(例如,通过编辑您的wgsi.py文件添加类似于此的内容:)os.environ['REQUESTS_CA_BUNDLE'] = "/etc/ssl/certs/ca-certificates.crt"。将您的证书添加到受信任的存储库的操作取决于您的操作系统,但在 google 上有很多关于此问题的信息(例如,您可以在此处找到如何使用 Debian/Ubuntu 进行操作)。

于 2016-03-04T17:24:12.490 回答