We are developing an API library for .Net framework. Soon available in OpenSource on Github.
Cheers, Emmanuel Mathot www.terradue.com On 30 Jul 2014, at 12:37, Daniel Molina <dmol...@opennebula.org> wrote: > Great!!. May I ask what kind of tool/integration are you building on top > OpenNebula? > > Cheers > > > On 30 July 2014 09:49, Cesare Rossi <cesare.ro...@terradue.com> wrote: > Dear Daniel, > > thank you for your support. We found that the problem was the encryption made > on the client side. Now it works perfectly. > > Thank you again > > Cheers > > > Cesare Rossi > Terradue > Rome, Italy | Oxford, UK > http://www.terradue.com > > > > On 29 Jul 2014, at 12:23, Daniel Molina <dmol...@opennebula.org> wrote: > >> Could you check the password you are using to encrypt (password+sha1) is the >> same that oned uses to decrypt (oneuser show) >> >> [oneadmin@node1 ~]$ oneuser show serveradmin | grep PASS >> PASSWORD : 3412... >> [oneadmin@node1 ~]$ cat .one/sunstone_auth >> serveradmin:7f9f... >> [oneadmin@node1 ~]$ echo -n "7f9f..." | sha1sum >> 3412... - >> >> Also the problem could be that the token is (base64) encoded after being >> encrypted: >> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L90 >> >> and before being decrypted it's decoded: >> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L142 >> >> Cheers >> >> >> On 29 July 2014 12:01, Emmanuel Mathot <emmanuel.mat...@terradue.com> wrote: >> Here is the log output: >> >> Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG I 5 Command >> execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate >> serveradmin [secret] **** >> >> Mon Jul 28 16:37:48 2014 [AuM][I]: Command execution fail: >> /var/lib/one/remotes/auth/server_cipher/authenticate serveradmin [secret] >> **** >> Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG D 5 authenticate: >> Authenticating serveradmin, with password [secret] >> (4zj727qqns0xXEHWPBq4tJ2nRSyqom1KtWx5QBueF54I33c1y0fIuymmkn84TMP9) >> >> Mon Jul 28 16:37:48 2014 [AuM][I]: authenticate: Authenticating serveradmin, >> with password [secret] >> (4zj727qqns0xXEHWPBq4tJ2nRSyqom1KtWx5QBueF54I33c1y0fIuymmkn84TMP9) >> Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG E 5 bad decrypt >> >> Mon Jul 28 16:37:48 2014 [AuM][I]: bad decrypt >> Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG I 5 ExitCode: 255 >> >> >> Emmanuel Mathot >> www.terradue.com >> >> >> <PastedGraphic-1.tiff> >> >> On 29 Jul 2014, at 11:06, Daniel Molina <dmol...@opennebula.org> wrote: >> >>> Hi Enguerran, >>> >>> What error message are you getting in oned.log after trying to connect? >>> >>> Cheers >>> >>> >>> On 28 July 2014 17:16, Enguerran Boissier <enguerran.boiss...@terradue.com> >>> wrote: >>> Hello Daniel, >>> Thanks for your answer, unfortunately we still don't manage to connect with >>> a server_* user on the behalf of another normal user. >>> This is basically what we do, let us know if we do something wrong: >>> >>> { >>> string expires = DateTime.Now.Subtract(new DateTime(1970,1,1,0,0,0, >>> DateTimeKind.Utc)).TotalSeconds + 3600 + ""; >>> string token_encrypted = Encrypt(this.AdminUsername + ":" + >>> this.TargetUsername + ":" + expires, this.AdminPassword); >>> //this.AdminUsername = server_* user name >>> //this.TargetUsername = normal user name (target user) >>> //this.AdminPassword = server_* user password (SHA1 encrypted) >>> //Encrypt do the equivalent of the AES 256 CBC openssl encryption (cf >>> https://gist.github.com/scottlowe/1411917, we just removed the salt part) >>> session_SHA = this.AdminUsername + ":" + this.TargetUsername + ":" + >>> token_encrypted; >>> //session_SHA is the token used to authenticate on a request >>> } >>> >>> Thanks >>> Best regards >>> >>> >>> >>> >>> Enguerran Boissier >>> www.terradue.com >>> >>> <t2uk.png> >>> >>> On 28 Jul 2014, at 10:45, Daniel Molina <dmol...@opennebula.org> wrote: >>> >>>> Hi Cesare, >>>> >>>> The server_* authentication is a special method where a user can >>>> authenticate on behalf of other user. This method was included in >>>> OpenNebula for scenarios such as an Apache server configured to use x509 >>>> certificates, Apache has already authenticated the user and we just >>>> encrypt a token with the serveradmin credentials and OpenNebula will >>>> decrypt the token and will perform all the actions as the target_username. >>>> >>>> Users using the server_* auth method are special users and should not have >>>> any resource. >>>> >>>> You can see an example on how Sunstone uses this method: >>>> A user logs in: >>>> https://github.com/OpenNebula/one/blob/master/src/sunstone/sunstone-server.rb#L169 >>>> do_auth is called to authenticate the user: >>>> https://github.com/OpenNebula/one/blob/master/src/cloud/common/CloudAuth/SunstoneCloudAuth.rb#L18 >>>> a token is generated using the server_* method >>>> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L85 >>>> this info is sent to one and then checked by the auth driver: >>>> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L110 >>>> >>>> Hope this helps >>>> >>>> http://docs.opennebula.org/4.6/administration/sunstone_gui/cloud_auth.html >>>> >>>> >>>> >>>> >>>> On 25 July 2014 12:39, Cesare Rossi <cesare.ro...@terradue.com> wrote: >>>> Dear All, >>>> >>>> we are interacting with the XML-RPC API. We are trying to perform the >>>> special authentication method available with the users' drivers >>>> server_cipher or server_x509 (i.e. using username:target_username:secret), >>>> but it seems not working. >>>> >>>> The question is: is it possible to use with that API such kind of users ? >>>> If yes, how ? >>>> >>>> Thanks in advance, >>>> >>>> Cheers >>>> >>>> Cesare Rossi >>>> Terradue >>>> Rome, Italy | Oxford, UK >>>> http://www.terradue.com >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@lists.opennebula.org >>>> http://lists.opennebula.org/listinfo.cgi/dev-opennebula.org >>>> >>>> >>>> >>>> >>>> -- >>>> -- >>>> Daniel Molina >>>> Project Engineer >>>> OpenNebula - Flexible Enterprise Cloud Made Simple >>>> www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula >>> >>> >>> >>> >>> -- >>> -- >>> Daniel Molina >>> Project Engineer >>> OpenNebula - Flexible Enterprise Cloud Made Simple >>> www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula >> >> >> >> >> -- >> -- >> Daniel Molina >> Project Engineer >> OpenNebula - Flexible Enterprise Cloud Made Simple >> www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula > > > > > -- > -- > Daniel Molina > Project Engineer > OpenNebula - Flexible Enterprise Cloud Made Simple > www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula
_______________________________________________ Dev mailing list Dev@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/dev-opennebula.org
