Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 18 17:50
    umbreak synchronize #1950
  • Jan 18 17:37
    umbreak synchronize #1950
  • Jan 18 13:44
    umbreak synchronize #1950
  • Jan 18 13:42

    imsdu on master

    Disable snapshotting when depre… (compare)

  • Jan 18 13:42
    imsdu closed #1949
  • Jan 18 13:42
    umbreak edited #1950
  • Jan 18 13:41
    umbreak review_requested #1950
  • Jan 18 13:41
    umbreak review_requested #1950
  • Jan 18 13:41
    umbreak review_requested #1950
  • Jan 18 13:41
    umbreak assigned #1950
  • Jan 18 13:41
    umbreak opened #1950
  • Jan 18 13:41
    umbreak milestoned #1950
  • Jan 18 13:38
    umbreak commented #1949
  • Jan 18 13:37
    umbreak review_requested #1949
  • Jan 18 13:37
    umbreak commented #1949
  • Jan 18 13:32
    imsdu commented #1949
  • Jan 18 13:26
    kenjinp closed #1127
  • Jan 18 13:26
    kenjinp closed #1737
  • Jan 18 12:31
    umbreak commented #1949
  • Jan 18 12:31
    umbreak review_requested #1949
Paul Pawletta
@PaulPawletta
Thanks @umbreak that works! I guess my error is then related to how I configure the groups in keycloak
Didac
@umbreak

Yes. I guess the groups are not linked to the users correctly. When dealing with groups you have 2 options:

  • Adding the group information directly into the token. This is the most performant option if you don’t have too many groups in application. Otherwise don’t use it since the token is gonna get pretty big.
  • Using the /userinfo endpoint to fetch the group information.

I believe keycloack supports both, but I’m not well aware of the details. If you need some help with keycloak I could probably ask someone else on the team to help you. Let us know.

Paul Pawletta
@PaulPawletta
Exactly. The problem was the missing group information. Now it works with group ACLs. Thanks @umbreak ,we probably need help in the future for a proper production setup. For now I'm just playing :)
Paul Pawletta
@PaulPawletta

Hi everyone, we are planning on using BBN as a KG for our metadata at Charite Berlin. We envision a similar version to EBRAINS KG.
Right now, I'm looking for existing SHACL shapes that we could use and extend. I know about Neuroshapes, but it seems to me the metadata model for EBRAINS KG is more close to openMINDS v1. So my questions are:

  1. Are there any other SHACL constraints besides from Neuroshapes? e.g. Does anyone know what is used by EBRAINS KG?
  2. How is Neuroshapes related to openMINDS?
  3. Specifically is there SHACL shape that resembles a dataset as defined by openMINDS?

Thanks!

Anna
@annakristinkaufmann

Hi Paul!

Thanks a lot for getting in touch!

Regarding your questions:

  1. and 2. Unfortunately, we don't know details about the EBRAINS data model. Maybe best to get in touch with them directly!

  2. Maybe have a look at the neuroshapes dataset schema: https://github.com/INCF/neuroshapes/blob/8f3ce6d1de892990bab4f36179300ba485341d80/shapes/neurosciencegraph/datashapes/core/dataset/schema.json which extends the neuroshapes minds schema: https://github.com/INCF/neuroshapes/blob/8f3ce6d1de892990bab4f36179300ba485341d80/shapes/neurosciencegraph/commons/minds/schema.json

niksub
@niksub
Hello. I'm trying to install nexus on minikube, but got error because file missing - 404 https://bluebrainnexus.io/docs/getting-started/running-nexus/minikube/kg.yaml
niksub
@niksub

@bogdanromanx

Hello. I'm trying to install nexus on minikube, but got error because file missing - 404 https://bluebrainnexus.io/docs/getting-started/running-nexus/minikube/kg.yaml

Bogdan Roman
@bogdanromanx
mukul ashok joshi
@mukulajoshi_twitter
Trying to use Nexus with manual build (outside docker). Using Nexus Release 1.4.2 for Delta and Nexus-Web. Have manually installed and started Cassandra, ElasticSearch, Blazegraph. Trying to use Keycloak both as Broker and Identity Provider with Client set to the Nexus-Web. Have created a Realm in Delta using the Delta API with OpenIDConfig of the Realm created in Keycloak. And then started Nexus-Web with API Endpoint of Delta API. When I access the Nexus-Web page, the login menu drop down does not result in creating the button for the Identity Provider login. Tried setting the Client ID in the command line of Nexus-Web, but that also does not change anything. Is there anything missing or wrong in either the Keycloak setup or starting of Nexus-Web or any other API update for Delta? Any pointers will be much appreciated. Thanks
Didac
@umbreak

@mukulajoshi_twitter what do you get when you perform the following request:

curl -s 'http://{endpoint}/v1/realms'

…where {endpoint} is the address (and port) where your nexus deployment is running.

Nexus Web displays the login options based on the response from that request
Didac
@umbreak
You can also just open nexus web on the browser and through the browser development tools Inspect element -> Network you can see there the requests nexus web is doing to the nexus delta (backend) component and check what’s the response to that realms request.
mukul ashok joshi
@mukulajoshi_twitter
@umbreak thanks. Yes, initially was not passing the API_Endpoint which showed requests failing in the Dev Tools Network tab. Then after passing the API_Endpoint can see this response when the /v1/realms gets invoked: *{"@context":["https://bluebrain.github.io/nexus/contexts/resource.json","https://bluebrain.github.io/nexus/contexts/iam.json","https://bluebrain.github.io/nexus/contexts/search.json"],"_total":1,"_results":[{"@id":"http://127.0.0.1:8080/v1/realms/keycloak","@type":"Realm","name":"Nexus Keycloak","openIdConfig":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/.well-known/openid-configuration","_label":"keycloak","_grantTypes":["password","clientCredentials","refreshToken","authorizationCode","implicit"],"_issuer":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus","_authorizationEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/auth","_tokenEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/token","_userInfoEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/userinfo","_revocationEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/revoke","_endSessionEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/logout","_rev":1,"_deprecated":false,"_createdAt":"2021-01-13T13:51:05.704Z","_createdBy":"http://127.0.0.1:8080/v1/anonymous","_updatedAt":"2021-01-13T13:51:05.704Z","_updatedBy":"http://127.0.0.1:8080/v1/anonymous"}]}*. I kind of tried to compare this with the response seen in the Sandbox environment, but did not see any glaring differences, though i could be wrong. Would be useful if you can give a look over and see if there anything patently wrong in the above response. Thanks
Nope. The login drop down in the header does not result in the button for Identity Provider login in the main section. Is it because the Broker and Identity Provider are the same? I can probably have 2 keycloak instances, one acting as Broker and the other as the Identity Provider
Didac
@umbreak
that shouldn’t be necessary
Bogdan Roman
@bogdanromanx
I remember seeing this before because of a browser caching issue
could you try to clear the cache and refresh the web page?
mukul ashok joshi
@mukulajoshi_twitter
@umbreak thanks. Restarted the browser, but no luck. Clicking the "Login" in the header does not have any effect. Also I cannot see "Admin" link in the LHS section. I can see only "Home" and "Studios". Could that also be pointing to some issue? And the header section appears with black background, rather than the white background as seen in the Sandbox environment
Didac
@umbreak
@mukulajoshi_twitter what version of keycloak, nexus-delta and nexus-web have you installed?
Kenneth Pirman
@kenjinp
@mukulajoshi_twitter perhaps you can try to remove the elements in localStorage by going to the browser inspector / Storage and removing any of the items there
also make sure you run the webapp with all caps ENV vars API_ENDPOINT=https://somehost/v1 (I guess you already did)
mukul ashok joshi
@mukulajoshi_twitter
@umbreak these are details: Keycloak is version 12.0.1, Nexus Delta is Release version 1.4.2 (downloaded the tar and extracted the same for build with sbt dist), Nexus-Web downloaded as git clone with branch 1.4.2 (-b v1.4.2 --single-branch). Had to do the git clone for Nexus-Web since the yarn build was looking for .git when i tried the build with the tar extract of the Nexus-Web Release 1.4.2
mukul ashok joshi
@mukulajoshi_twitter
@umbreak these are the details: starting the Nexus-Web like this "CLIENT_ID=nexus-web API_ENDPOINT=http://127.0.0.1:8080/v1 node dist/server.js > startup.log 2>&1 &". Also getting these errors in the delta log: "2021-01-15 19:23:34 ERROR c.e.b.nexus.delta.routes.ServiceInfo - Error while attempting to query for Blazegraph service description
ch.epfl.bluebrain.nexus.commons.http.UnexpectedUnsuccessfulHttpResponse: Received an unexpected http response while communicating with an external service" and
"2021-01-15 19:23:49 ERROR I.e.b.n.s.c.t.ServiceDescription] - Unexpected response for Storage call. Request: 'HttpMethod(GET) http://localhost:8084'akka.stream.StreamTcpException: Tcp command [Connect(localhost:8084,None,List(),Some(10 seconds),true)] failed because of java.net.ConnectException: Connection refused". I do not have the storage service running. Will check the localStorage stuff. Thanks
mukul ashok joshi
@mukulajoshi_twitter
@umbreak there are no key/value pairs in the Chrome Browser DevTools Inspector - Application/Local Storage
Also see these errors: * "2021-01-15 20:47:21 INFO akka.actor.ActorSystemImpl - Request timeout encountered for request [GET /version Strict(0 bytes)]
2021-01-15 20:48:36 WARN c.d.o.d.a.c.a.PlainTextAuthProviderBase - [s0] /127.0.0.1:9042 did not send an authentication challenge; This is suspicious because the driver expects authentication"
Didac
@umbreak
the version endpoint is not working because the storage service is probably not up and running, whcih does not matter for your deployment. So that one you can ignore
Didac
@umbreak
I’m not sure on the Nexus-Web side of things. The API seems to at least return the right realms
Kenneth Pirman
@kenjinp
I'm having trouble with that part, as far as I can see as long as the realms returns _results > 0, and if none of them are service accounts, then it should render them in the dropdown
Didac
@umbreak
@kenjinp if there is just one entry it will display a dropdown or one will just need to click on login?
Kenneth Pirman
@kenjinp
I think it will still display a dropdown. Is it possible that __results will not be an array if there's only one item?
Didac
@umbreak
@kenjinp his response from realms endpoint it this:
{
  "@context": [
    "https://bluebrain.github.io/nexus/contexts/resource.json",
    "https://bluebrain.github.io/nexus/contexts/iam.json",
    "https://bluebrain.github.io/nexus/contexts/search.json"
  ],
  "_total": 1,
  "_results": [
    {
      "@id": "http://127.0.0.1:8080/v1/realms/keycloak",
      "@type": "Realm",
      "name": "Nexus Keycloak",
      "openIdConfig": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/.well-known/openid-configuration",
      "_label": "keycloak",
      "_grantTypes": [
        "password",
        "clientCredentials",
        "refreshToken",
        "authorizationCode",
        "implicit"
      ],
      "_issuer": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus",
      "_authorizationEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/auth",
      "_tokenEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/token",
      "_userInfoEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/userinfo",
      "_revocationEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/revoke",
      "_endSessionEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/logout",
      "_rev": 1,
      "_deprecated": false,
      "_createdAt": "2021-01-13T13:51:05.704Z",
      "_createdBy": "http://127.0.0.1:8080/v1/anonymous",
      "_updatedAt": "2021-01-13T13:51:05.704Z",
      "_updatedBy": "http://127.0.0.1:8080/v1/anonymous"
    }
  ]
}
Kenneth Pirman
@kenjinp
Ah thanks. Yeah this looks good to me
Another possibility is by installing the chrome redux devtools and trying to see the state that the app has https://chrome.google.com/webstore/detail/redux-devtools/lmhkpmbekcpmknklioeibfkpmmfibljd
image.png
if everything is working as intended the auth state tree should have some happy realms there
mukul ashok joshi
@mukulajoshi_twitter
@umbreak @kenjinp thanks. Will check with the Redux Devtools
Kenneth Pirman
@kenjinp
If i dispatch the action manually with your payload, I get a nice dropdown
image.png
Didac
@umbreak
@kenjinp it might be something about the Nexus-Web version he is using, or the way he is running it?
Kenneth Pirman
@kenjinp
I'll try again with the release he's using
mukul ashok joshi
@mukulajoshi_twitter
@kenjinp yes, but clicking that does not result in showing the Identity Provider login button in the main section
Didac
@umbreak
ah ok. So the nexus web shows the dropdown, but clicking on it does not result on anything?
Kenneth Pirman
@kenjinp
it should make a GET request to the url in the openIdConfig property of the realm "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/.well-known/openid-configuration" and then do some redirects and so on to get the user logged in
mukul ashok joshi
@mukulajoshi_twitter
Also tried with the latest Nexus-Web code base, but same result. Could be that there is something wrong with the Keycloak configuration. Will recheck the same
mukul ashok joshi
@mukulajoshi_twitter
One thing to note on the Sandbox environment, is that even though there are 3 realms returned, the login button gives option for only 2 (Github, Orcid) of the realms. The "Service Accounts" realm related Identity Provider is not available for login
mukul ashok joshi
@mukulajoshi_twitter
In the Sandbox environment, when i click the "login" in the header section, it triggers this URL: /login?destination=web%2F. So when i manually put this URL in my local Nexus-Web, am able to see the "Log in" button in the main section. There is still some redirect_uri issue, which is probably something to be configured in Keycloak. So that leaves us with the question as to why /login URL is not generated on clicking "login" in the header section
mukul ashok joshi
@mukulajoshi_twitter
@umbreak @kenjinp After fixing the redirect_uri error, there was another error related to unauthorized client/implicit flow disabled, which was also resolved. Now am able to see the "Admin" link. Not sure that i completely understand the authentication/authorization flow, but seems to be working now (though the "login" in header not working remains unresolved as yet). Will now try to setup the Org/Proj/Schemas with the Admin. Thanks
Kenneth Pirman
@kenjinp
great, I'm wondering after loging in the way you mentioned, do you see your user name in the header?
mukul ashok joshi
@mukulajoshi_twitter
@kenjinp good observation, no i do not see the User name in the Header. I was kind of going to mention that, but i thought let me check some of the functionality. Also probably everything is still getting created with the Anonymous user as the ACL for the project (for example) only shows Anonymous user and createdBy is also Anonymous user