Here is the repo made public with the first beta release for testing: 
https://github.com/Terradue/DotNet4One

Cheers,

Emmanuel Mathot
www.terradue.com




On 30 Jul 2014, at 12:48, Daniel Molina <[email protected]> wrote:

> Sound good, thank you for the info Emmanuel. Looking forward to seeing the 
> code
> 
> 
> On 30 July 2014 12:44, Emmanuel Mathot <[email protected]> wrote:
> We are developing an API library for .Net framework. Soon available in 
> OpenSource on Github.
> 
> Cheers,
> 
> Emmanuel Mathot
> www.terradue.com
> 
> 
> <PastedGraphic-1.tiff>
> 
> On 30 Jul 2014, at 12:37, Daniel Molina <[email protected]> wrote:
> 
>> Great!!. May I ask what kind of tool/integration are you building on top 
>> OpenNebula?
>> 
>> Cheers
>> 
>> 
>> On 30 July 2014 09:49, Cesare Rossi <[email protected]> wrote:
>> Dear Daniel,
>> 
>> thank you for your support. We found that the problem was the encryption 
>> made on the client side. Now it works perfectly.
>> 
>> Thank you again
>> 
>> Cheers
>> 
>> 
>> Cesare Rossi
>> Terradue
>> Rome, Italy | Oxford, UK
>> http://www.terradue.com
>> 
>> 
>> 
>> On 29 Jul 2014, at 12:23, Daniel Molina <[email protected]> wrote:
>> 
>>> Could you check the password you are using to encrypt (password+sha1) is 
>>> the same that oned uses to decrypt (oneuser show) 
>>> 
>>> [oneadmin@node1 ~]$ oneuser show serveradmin | grep PASS
>>> PASSWORD        : 3412...
>>> [oneadmin@node1 ~]$ cat .one/sunstone_auth
>>> serveradmin:7f9f...
>>> [oneadmin@node1 ~]$ echo -n "7f9f..." | sha1sum
>>> 3412...  -
>>> 
>>> Also the problem could be that the token is (base64) encoded after being 
>>> encrypted:
>>> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L90
>>> 
>>> and before being decrypted it's decoded:
>>> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L142
>>> 
>>> Cheers
>>> 
>>> 
>>> On 29 July 2014 12:01, Emmanuel Mathot <[email protected]> wrote:
>>> Here is the log output:
>>> 
>>> Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG I 5 Command 
>>> execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate 
>>> serveradmin [secret] ****
>>> 
>>> Mon Jul 28 16:37:48 2014 [AuM][I]: Command execution fail: 
>>> /var/lib/one/remotes/auth/server_cipher/authenticate serveradmin [secret] 
>>> ****
>>> Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG D 5 authenticate: 
>>> Authenticating serveradmin, with password [secret] 
>>> (4zj727qqns0xXEHWPBq4tJ2nRSyqom1KtWx5QBueF54I33c1y0fIuymmkn84TMP9)
>>> 
>>> Mon Jul 28 16:37:48 2014 [AuM][I]: authenticate: Authenticating 
>>> serveradmin, with password [secret] 
>>> (4zj727qqns0xXEHWPBq4tJ2nRSyqom1KtWx5QBueF54I33c1y0fIuymmkn84TMP9)
>>> Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG E 5 bad decrypt
>>> 
>>> Mon Jul 28 16:37:48 2014 [AuM][I]: bad decrypt
>>> Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG I 5 ExitCode: 255
>>> 
>>> 
>>> Emmanuel Mathot
>>> www.terradue.com
>>> 
>>> 
>>> <PastedGraphic-1.tiff>
>>> 
>>> On 29 Jul 2014, at 11:06, Daniel Molina <[email protected]> wrote:
>>> 
>>>> Hi Enguerran,
>>>> 
>>>> What error message are you getting in oned.log after trying to connect?
>>>> 
>>>> Cheers
>>>> 
>>>> 
>>>> On 28 July 2014 17:16, Enguerran Boissier 
>>>> <[email protected]> wrote:
>>>> Hello Daniel,
>>>> Thanks for your answer, unfortunately we still don't manage to connect 
>>>> with a server_* user on the behalf of another normal user.
>>>> This is basically what we do, let us know if we do something wrong:
>>>> 
>>>> { 
>>>>   string expires = DateTime.Now.Subtract(new DateTime(1970,1,1,0,0,0, 
>>>> DateTimeKind.Utc)).TotalSeconds + 3600 + "";
>>>>   string token_encrypted = Encrypt(this.AdminUsername + ":" + 
>>>> this.TargetUsername + ":" + expires, this.AdminPassword);
>>>>   //this.AdminUsername = server_* user name
>>>>   //this.TargetUsername = normal user name (target user)
>>>>   //this.AdminPassword = server_* user password (SHA1 encrypted)
>>>>   //Encrypt do the equivalent of the AES 256 CBC openssl encryption (cf 
>>>> https://gist.github.com/scottlowe/1411917, we just removed the salt part)
>>>>   session_SHA = this.AdminUsername + ":" + this.TargetUsername + ":" + 
>>>> token_encrypted;
>>>>   //session_SHA is the token used to authenticate on a request
>>>> }
>>>> 
>>>> Thanks
>>>> Best regards
>>>> 
>>>> 
>>>> 
>>>> 
>>>> Enguerran Boissier
>>>> www.terradue.com
>>>> 
>>>> <t2uk.png>
>>>> 
>>>> On 28 Jul 2014, at 10:45, Daniel Molina <[email protected]> wrote:
>>>> 
>>>>> Hi Cesare,
>>>>> 
>>>>> The server_* authentication is a special method where a user can 
>>>>> authenticate on behalf of other user. This method was included in 
>>>>> OpenNebula for scenarios such as an Apache server configured to use x509 
>>>>> certificates, Apache has already authenticated the user and we just 
>>>>> encrypt a token with the serveradmin credentials and OpenNebula will 
>>>>> decrypt the token and will perform all the actions as the target_username.
>>>>> 
>>>>> Users using the server_* auth method are special users and should not 
>>>>> have any resource.
>>>>> 
>>>>> You can see an example on how Sunstone uses this method:
>>>>> A user logs in:
>>>>> https://github.com/OpenNebula/one/blob/master/src/sunstone/sunstone-server.rb#L169
>>>>> do_auth is called to authenticate the user:
>>>>> https://github.com/OpenNebula/one/blob/master/src/cloud/common/CloudAuth/SunstoneCloudAuth.rb#L18
>>>>> a token is generated using the server_* method
>>>>> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L85
>>>>> this info is sent to one and then checked by the auth driver:
>>>>> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L110
>>>>> 
>>>>> Hope this helps
>>>>> 
>>>>> http://docs.opennebula.org/4.6/administration/sunstone_gui/cloud_auth.html
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> On 25 July 2014 12:39, Cesare Rossi <[email protected]> wrote:
>>>>> Dear All,
>>>>> 
>>>>> we are interacting with the XML-RPC API. We are trying to perform the 
>>>>> special authentication method available with the users' drivers 
>>>>> server_cipher or server_x509 (i.e. using 
>>>>> username:target_username:secret), but it seems not working.
>>>>> 
>>>>> The question is: is it possible to use with that API such kind of users ? 
>>>>> If yes, how ?
>>>>> 
>>>>> Thanks in advance,
>>>>> 
>>>>> Cheers
>>>>> 
>>>>> Cesare Rossi
>>>>> Terradue
>>>>> Rome, Italy | Oxford, UK
>>>>> http://www.terradue.com
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> [email protected]
>>>>> http://lists.opennebula.org/listinfo.cgi/dev-opennebula.org
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> -- 
>>>>> --
>>>>> Daniel Molina
>>>>> Project Engineer
>>>>> OpenNebula - Flexible Enterprise Cloud Made Simple
>>>>> www.OpenNebula.org | [email protected] | @OpenNebula
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> --
>>>> Daniel Molina
>>>> Project Engineer
>>>> OpenNebula - Flexible Enterprise Cloud Made Simple
>>>> www.OpenNebula.org | [email protected] | @OpenNebula
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> --
>>> Daniel Molina
>>> Project Engineer
>>> OpenNebula - Flexible Enterprise Cloud Made Simple
>>> www.OpenNebula.org | [email protected] | @OpenNebula
>> 
>> 
>> 
>> 
>> -- 
>> --
>> Daniel Molina
>> Project Engineer
>> OpenNebula - Flexible Enterprise Cloud Made Simple
>> www.OpenNebula.org | [email protected] | @OpenNebula
> 
> 
> 
> 
> -- 
> --
> Daniel Molina
> Project Engineer
> OpenNebula - Flexible Enterprise Cloud Made Simple
> www.OpenNebula.org | [email protected] | @OpenNebula

_______________________________________________
Dev mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/dev-opennebula.org

Reply via email to