尝试通过 KeyStone 在 Wirecloud 中进行身份验证时,浏览器中显示以下错误:
Environment:
Request Method: GET
Request URL: https://<ServerURL>/complete/fiware/?state=SDyJk9ru8wSLwUZIRtSrwI86jznMIv8O&code=WzIZ11YpmGAuZoltvTTGMGoP45ZtHe
Django Version: 1.6.11
Python Version: 2.7.9
Installed Applications:
('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
'wirecloud.commons',
'wirecloud.defaulttheme',
'compressor',
'south',
'wirecloud.catalogue',
'wirecloud.platform',
'wirecloud.fiware',
'social.apps.django_app.default')
Installed Middleware:
('wirecloud.commons.middleware.URLMiddleware',)
Traceback:
File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
112. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
52. response = view_func(request, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
57. return view_func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py" in wrapper
51. return func(request, backend, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py" in complete
28. redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py" in do_complete
43. user = backend.complete(user=user, *args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in complete
41. return self.auth_complete(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py" in wrapper
229. return func(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in auth_complete
383. method=self.ACCESS_TOKEN_METHOD
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py" in request_access_token
361. return self.get_json(*args, **kwargs)
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in get_json
229. return self.request(url, *args, **kwargs).json()
File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py" in request
224. raise AuthFailed(self, str(err))
Exception Type: AuthFailed at /complete/fiware/
Exception Value: Authentication failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
Wirecloud 日志显示如下:
[Fri Mar 04 08:09:51.933675 2016] [ssl:info] [pid 29119:tid 140090189723392] [client 172.30.20.99:63539] AH01964: Connection to child 20 established (server <ServerURL>:443)
[Fri Mar 04 08:10:04.388865 2016] [ssl:info] [pid 29120:tid 140090223294208] [client 172.30.20.99:63557] AH01964: Connection to child 80 established (server <ServerURL>:443)
[Fri Mar 04 08:10:04.443926 2016] [wsgi:error] [pid 29117:tid 140090323621632] Internal Server Error: /complete/fiware/
[Fri Mar 04 08:10:04.443940 2016] [wsgi:error] [pid 29117:tid 140090323621632] Traceback (most recent call last):
[Fri Mar 04 08:10:04.443942 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response
[Fri Mar 04 08:10:04.443945 2016] [wsgi:error] [pid 29117:tid 140090323621632] response = wrapped_callback(request, *callback_args, **callback_kwargs)
[Fri Mar 04 08:10:04.443947 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/cache.py", line 52, in _wrapped_view_func
[Fri Mar 04 08:10:04.443950 2016] [wsgi:error] [pid 29117:tid 140090323621632] response = view_func(request, *args, **kwargs)
[Fri Mar 04 08:10:04.443952 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 57, in wrapped_view
[Fri Mar 04 08:10:04.443954 2016] [wsgi:error] [pid 29117:tid 140090323621632] return view_func(*args, **kwargs)
[Fri Mar 04 08:10:04.443956 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py", line 51, in wrapper
[Fri Mar 04 08:10:04.443958 2016] [wsgi:error] [pid 29117:tid 140090323621632] return func(request, backend, *args, **kwargs)
[Fri Mar 04 08:10:04.443960 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/apps/django_app/views.py", line 28, in complete
[Fri Mar 04 08:10:04.443962 2016] [wsgi:error] [pid 29117:tid 140090323621632] redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
[Fri Mar 04 08:10:04.443964 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/actions.py", line 43, in do_complete
[Fri Mar 04 08:10:04.443966 2016] [wsgi:error] [pid 29117:tid 140090323621632] user = backend.complete(user=user, *args, **kwargs)
[Fri Mar 04 08:10:04.443968 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 41, in complete
[Fri Mar 04 08:10:04.443971 2016] [wsgi:error] [pid 29117:tid 140090323621632] return self.auth_complete(*args, **kwargs)
[Fri Mar 04 08:10:04.443973 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/utils.py", line 229, in wrapper
[Fri Mar 04 08:10:04.443975 2016] [wsgi:error] [pid 29117:tid 140090323621632] return func(*args, **kwargs)
[Fri Mar 04 08:10:04.443977 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 383, in auth_complete
[Fri Mar 04 08:10:04.443979 2016] [wsgi:error] [pid 29117:tid 140090323621632] method=self.ACCESS_TOKEN_METHOD
[Fri Mar 04 08:10:04.443981 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/oauth.py", line 361, in request_access_token
[Fri Mar 04 08:10:04.443983 2016] [wsgi:error] [pid 29117:tid 140090323621632] return self.get_json(*args, **kwargs)
[Fri Mar 04 08:10:04.443985 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 229, in get_json
[Fri Mar 04 08:10:04.443987 2016] [wsgi:error] [pid 29117:tid 140090323621632] return self.request(url, *args, **kwargs).json()
[Fri Mar 04 08:10:04.443995 2016] [wsgi:error] [pid 29117:tid 140090323621632] File "/usr/local/venv/lib/python2.7/site-packages/social/backends/base.py", line 224, in request
[Fri Mar 04 08:10:04.443997 2016] [wsgi:error] [pid 29117:tid 140090323621632] raise AuthFailed(self, str(err))
[Fri Mar 04 08:10:04.443999 2016] [wsgi:error] [pid 29117:tid 140090323621632] AuthFailed: Authentication failed: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
Horizon 日志显示如下:
[Fri Mar 04 08:10:01.939771 2016] [ssl:info] [pid 29120:tid 140090282043136] [client 172.30.20.99:63555] AH01964: Connection to child 73 established (<ServerURL>:443)
[Fri Mar 04 07:10:02.175214 2016] [wsgi:error] [pid 29118:tid 140090390763264] No regions could be found excluding identity.
[Fri Mar 04 07:10:02.175651 2016] [wsgi:error] [pid 29118:tid 140090390763264] Login successful for user "<UserEmail>".
[Fri Mar 04 07:10:02.313486 2016] [wsgi:error] [pid 29118:tid 140090415941376] DEBUG:idm_logger:Requesting authorization for application: 904fd95c253c4938a824d1a443ce0fdd with redirect_uri: https://<ServerURL>/complete/fiware/ and scope: ['all_info'] by user <UserName>
[Fri Mar 04 07:10:02.346101 2016] [wsgi:error] [pid 29118:tid 140090415941376] DEBUG:idm_logger:OAUTH2: Application 904fd95c253c4938a824d1a443ce0fdd NOT alreadyauthorized
[Fri Mar 04 07:10:04.250695 2016] [wsgi:error] [pid 29118:tid 140090390763264] DEBUG:idm_logger:Authorizing application: 904fd95c253c4938a824d1a443ce0fdd by user: <UserName>
[Fri Mar 04 07:10:04.274461 2016] [wsgi:error] [pid 29118:tid 140090390763264] DEBUG:idm_logger:OAUTH2: Authorization Code obtained WzIZ11YpmGAuZoltvTTGMGoP45ZtHe
[Fri Mar 04 07:10:04.274541 2016] [wsgi:error] [pid 29118:tid 140090390763264] DEBUG:idm_logger:OAUTH2: Redirecting user back to https://<ServerURL>/complete/fiware/?state=SDyJk9ru8wSLwUZIRtSrwI86jznMIv8O&code=WzIZ11YpmGAuZoltvTTGMGoP45ZtHe
[Fri Mar 04 08:10:04.441087 2016] [ssl:info] [pid 29120:tid 140090189723392] [client 192.168.149.9:53270] AH01964: Connection to child 84 established (server <ServerURL>:443)
[Fri Mar 04 08:10:04.442137 2016] [ssl:info] [pid 29120:tid 140090189723392] [client 192.168.149.9:53270] AH02008: SSL library error 1 in handshake (server <ServerURL>:443)
[Fri Mar 04 08:10:04.442165 2016] [ssl:info] [pid 29120:tid 140090189723392] SSL Library Error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (SSL alert number 48)
[Fri Mar 04 08:10:04.442174 2016] [ssl:info] [pid 29120:tid 140090189723392] [client 192.168.149.9:53270] AH01998: Connection closed to child 84 with abortive shutdown (server <ServerURL>:443)
Horizon 和 Wirecloud 运行在相同的 apache 上,Wirecloud 在端口 443 下,Horizon 在端口 40443 下。两者使用相同的证书文件进行 ssl 和工作,由它们自己调用,很好。这些证书文件目前是自签名的。
由于我对在 apache 中使用 ssl 还很陌生,所以我将不胜感激。
最佳答案
当您使用自签名证书时,最好的选择是将您的证书包含在受信任的证书列表中。 requests (用于发出此请求的模块)通常默认使用一个包(这取决于安装方法)。您可以编辑该 bundle 以添加您的证书(请参阅此 link 了解更多详细信息),但每次升级 requests 模块时都必须更新此 bundle 。
另一种选择是配置请求以使用来自操作系统的可信证书存储库。这可以使用 REQUESTS_CA_BUNDLE 环境变量进行配置(例如,通过编辑您的 wgsi.py 文件添加类似于此的内容:os.environ['REQUESTS_CA_BUNDLE'] = “/etc/ssl/certs/ca-certificates.crt”)。将证书添加到受信任存储库的操作取决于您的操作系统,但在 google 上有很多关于此事的信息(例如 here 您可以找到如何使用 Debian/Ubuntu 执行此操作)。
关于ssl - Keystone Wirecloud 身份验证失败 : [SSL: CERTIFICATE_VERIFY_FAILED],我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35791817/