BlueBrain Nexus Platform, migrated to: https://github.com/BlueBrain/nexus/discussions
Hi everyone. Is there a better way to create resources against a schema except from sending a "POST /v1/resources/{org_label}/{project_label}/{schema_id}"? I couldn't find any functionalities in Nexus Fusion or Nexus Forge. My use case would be e.g. that I have a pandas dataframe and I want to upload or validate it against the uploaded schema in Nexus Delta.
@PaulPawletta you can use the Nexus Forge to convert a data frame to a Resource object in the Forge, and then you can validate the Resource with the Forge too, but notice that you need to configure the Forge Model to have access to the Shacl Model you want to validate that against. Check the notebook 7 and 11 in https://github.com/BlueBrain/nexus-forge/tree/master/examples/notebooks/getting-started, and the doc of the Forge configuration here https://nexus-forge.readthedocs.io/en/latest/interaction.html#forge
Hi all. I'm running Nexus and Keycloak using docker swarm and I'm trying to set up ACLs for users. After creating a realm I'm able to create ACL for /org1 (still keeping all the rights for Annonymous at root - / ). Now when I try to modify the ACL at root using PATCH, I'm ending up removing all ACLs including Annonymous and the created ACLs for /org1. So I'm loosing all the permissions to do anything inside Nexus. How should I modify the ACLs at root level?
This is the response I'm receiving from http://localhost/v1/acls/org1?ancestors=true&self=false
And I'm not able to create anything now with my users from group1 (AuthorizationFailed -
"reason": "The supplied authentication is not authorized to access this resource."). Can you see anything that is wrong with my created ACLs?
"reason": "The supplied authentication is not authorized to access this resource."). Can you see anything that is wrong with my created ACLs?
When you did the first PATCH on
/ you should have done it for the identity:"realm": "nexusdev",
"subject": "user1"
Yes. I guess the groups are not linked to the users correctly. When dealing with groups you have 2 options:
- Adding the group information directly into the token. This is the most performant option if you don’t have too many groups in application. Otherwise don’t use it since the token is gonna get pretty big.
- Using the
/userinfoendpoint to fetch the group information.
I believe keycloack supports both, but I’m not well aware of the details. If you need some help with keycloak I could probably ask someone else on the team to help you. Let us know.
Hi everyone, we are planning on using BBN as a KG for our metadata at Charite Berlin. We envision a similar version to EBRAINS KG.
Right now, I'm looking for existing SHACL shapes that we could use and extend. I know about Neuroshapes, but it seems to me the metadata model for EBRAINS KG is more close to openMINDS v1. So my questions are:
- Are there any other SHACL constraints besides from Neuroshapes? e.g. Does anyone know what is used by EBRAINS KG?
- How is Neuroshapes related to openMINDS?
- Specifically is there SHACL shape that resembles a dataset as defined by openMINDS?
Thanks!
Hi Paul!
Thanks a lot for getting in touch!
Regarding your questions:
and 2. Unfortunately, we don't know details about the EBRAINS data model. Maybe best to get in touch with them directly!
Maybe have a look at the neuroshapes dataset schema: https://github.com/INCF/neuroshapes/blob/8f3ce6d1de892990bab4f36179300ba485341d80/shapes/neurosciencegraph/datashapes/core/dataset/schema.json which extends the neuroshapes minds schema: https://github.com/INCF/neuroshapes/blob/8f3ce6d1de892990bab4f36179300ba485341d80/shapes/neurosciencegraph/commons/minds/schema.json
Hello. I'm trying to install nexus on minikube, but got error because file missing - 404 https://bluebrainnexus.io/docs/getting-started/running-nexus/minikube/kg.yaml
@bogdanromanx
Hello. I'm trying to install nexus on minikube, but got error because file missing - 404 https://bluebrainnexus.io/docs/getting-started/running-nexus/minikube/kg.yaml
@niksub minikube documentation is at: https://bluebrainnexus.io/docs/getting-started/running-nexus.html#run-nexus-locally-with-minikube
the correct yaml file would be: https://bluebrainnexus.io/docs/getting-started/running-nexus/minikube/delta.yaml
Trying to use Nexus with manual build (outside docker). Using Nexus Release 1.4.2 for Delta and Nexus-Web. Have manually installed and started Cassandra, ElasticSearch, Blazegraph. Trying to use Keycloak both as Broker and Identity Provider with Client set to the Nexus-Web. Have created a Realm in Delta using the Delta API with OpenIDConfig of the Realm created in Keycloak. And then started Nexus-Web with API Endpoint of Delta API. When I access the Nexus-Web page, the login menu drop down does not result in creating the button for the Identity Provider login. Tried setting the Client ID in the command line of Nexus-Web, but that also does not change anything. Is there anything missing or wrong in either the Keycloak setup or starting of Nexus-Web or any other API update for Delta? Any pointers will be much appreciated. Thanks
3 replies
Nexus Web displays the login options based on the response from that request
@umbreak thanks. Yes, initially was not passing the API_Endpoint which showed requests failing in the Dev Tools Network tab. Then after passing the API_Endpoint can see this response when the /v1/realms gets invoked: *{"@context":["https://bluebrain.github.io/nexus/contexts/resource.json","https://bluebrain.github.io/nexus/contexts/iam.json","https://bluebrain.github.io/nexus/contexts/search.json"],"_total":1,"_results":[{"@id":"http://127.0.0.1:8080/v1/realms/keycloak","@type":"Realm","name":"Nexus Keycloak","openIdConfig":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/.well-known/openid-configuration","_label":"keycloak","_grantTypes":["password","clientCredentials","refreshToken","authorizationCode","implicit"],"_issuer":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus","_authorizationEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/auth","_tokenEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/token","_userInfoEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/userinfo","_revocationEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/revoke","_endSessionEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/logout","_rev":1,"_deprecated":false,"_createdAt":"2021-01-13T13:51:05.704Z","_createdBy":"http://127.0.0.1:8080/v1/anonymous","_updatedAt":"2021-01-13T13:51:05.704Z","_updatedBy":"http://127.0.0.1:8080/v1/anonymous"}]}*. I kind of tried to compare this with the response seen in the Sandbox environment, but did not see any glaring differences, though i could be wrong. Would be useful if you can give a look over and see if there anything patently wrong in the above response. Thanks
Nope. The login drop down in the header does not result in the button for Identity Provider login in the main section. Is it because the Broker and Identity Provider are the same? I can probably have 2 keycloak instances, one acting as Broker and the other as the Identity Provider
could you try to clear the cache and refresh the web page?
@umbreak thanks. Restarted the browser, but no luck. Clicking the "Login" in the header does not have any effect. Also I cannot see "Admin" link in the LHS section. I can see only "Home" and "Studios". Could that also be pointing to some issue? And the header section appears with black background, rather than the white background as seen in the Sandbox environment
also make sure you run the webapp with all caps ENV vars API_ENDPOINT=https://somehost/v1 (I guess you already did)
@umbreak these are details: Keycloak is version 12.0.1, Nexus Delta is Release version 1.4.2 (downloaded the tar and extracted the same for build with sbt dist), Nexus-Web downloaded as git clone with branch 1.4.2 (-b v1.4.2 --single-branch). Had to do the git clone for Nexus-Web since the yarn build was looking for .git when i tried the build with the tar extract of the Nexus-Web Release 1.4.2
@umbreak these are the details: starting the Nexus-Web like this "CLIENT_ID=nexus-web API_ENDPOINT=http://127.0.0.1:8080/v1 node dist/server.js > startup.log 2>&1 &". Also getting these errors in the delta log: "2021-01-15 19:23:34 ERROR c.e.b.nexus.delta.routes.ServiceInfo - Error while attempting to query for Blazegraph service description
ch.epfl.bluebrain.nexus.commons.http.UnexpectedUnsuccessfulHttpResponse: Received an unexpected http response while communicating with an external service" and "2021-01-15 19:23:49 ERROR I.e.b.n.s.c.t.ServiceDescription] - Unexpected response for Storage call. Request: 'HttpMethod(GET) http://localhost:8084'akka.stream.StreamTcpException: Tcp command [Connect(localhost:8084,None,List(),Some(10 seconds),true)] failed because of java.net.ConnectException: Connection refused". I do not have the storage service running. Will check the localStorage stuff. Thanks
ch.epfl.bluebrain.nexus.commons.http.UnexpectedUnsuccessfulHttpResponse: Received an unexpected http response while communicating with an external service" and "2021-01-15 19:23:49 ERROR I.e.b.n.s.c.t.ServiceDescription] - Unexpected response for Storage call. Request: 'HttpMethod(GET) http://localhost:8084'akka.stream.StreamTcpException: Tcp command [Connect(localhost:8084,None,List(),Some(10 seconds),true)] failed because of java.net.ConnectException: Connection refused". I do not have the storage service running. Will check the localStorage stuff. Thanks
Also see these errors: * "2021-01-15 20:47:21 INFO akka.actor.ActorSystemImpl - Request timeout encountered for request [GET /version Strict(0 bytes)]
2021-01-15 20:48:36 WARN c.d.o.d.a.c.a.PlainTextAuthProviderBase - [s0] /127.0.0.1:9042 did not send an authentication challenge; This is suspicious because the driver expects authentication"
2021-01-15 20:48:36 WARN c.d.o.d.a.c.a.PlainTextAuthProviderBase - [s0] /127.0.0.1:9042 did not send an authentication challenge; This is suspicious because the driver expects authentication"
@kenjinp his response from realms endpoint it this:
{
"@context": [
"https://bluebrain.github.io/nexus/contexts/resource.json",
"https://bluebrain.github.io/nexus/contexts/iam.json",
"https://bluebrain.github.io/nexus/contexts/search.json"
],
"_total": 1,
"_results": [
{
"@id": "http://127.0.0.1:8080/v1/realms/keycloak",
"@type": "Realm",
"name": "Nexus Keycloak",
"openIdConfig": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/.well-known/openid-configuration",
"_label": "keycloak",
"_grantTypes": [
"password",
"clientCredentials",
"refreshToken",
"authorizationCode",
"implicit"
],
"_issuer": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus",
"_authorizationEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/auth",
"_tokenEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/token",
"_userInfoEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/userinfo",
"_revocationEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/revoke",
"_endSessionEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/logout",
"_rev": 1,
"_deprecated": false,
"_createdAt": "2021-01-13T13:51:05.704Z",
"_createdBy": "http://127.0.0.1:8080/v1/anonymous",
"_updatedAt": "2021-01-13T13:51:05.704Z",
"_updatedBy": "http://127.0.0.1:8080/v1/anonymous"
}
]
}
Another possibility is by installing the chrome redux devtools and trying to see the state that the app has https://chrome.google.com/webstore/detail/redux-devtools/lmhkpmbekcpmknklioeibfkpmmfibljd