Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jun 28 20:09
    samuel-kerrien edited #3387
  • Jun 27 13:43
    dhaneshnm closed #3391
  • Jun 27 12:43
    samuel-kerrien labeled #3396
  • Jun 27 12:43
    samuel-kerrien labeled #3396
  • Jun 27 12:43
    samuel-kerrien assigned #3396
  • Jun 27 12:43
    samuel-kerrien labeled #3396
  • Jun 27 12:43
    samuel-kerrien opened #3396
  • Jun 27 12:05
    samuel-kerrien labeled #3395
  • Jun 27 12:05
    samuel-kerrien labeled #3395
  • Jun 27 12:05
    samuel-kerrien labeled #3395
  • Jun 27 12:05
    samuel-kerrien opened #3395
  • Jun 27 12:01
    samuel-kerrien edited #3325
  • Jun 27 12:00
    samuel-kerrien edited #3325
  • Jun 27 11:47
    samuel-kerrien edited #3387
  • Jun 27 11:26
    samuel-kerrien labeled #3394
  • Jun 27 11:26
    samuel-kerrien opened #3394
  • Jun 27 11:26
    samuel-kerrien labeled #3394
  • Jun 27 09:39
    nicwells labeled #3393
  • Jun 27 09:39
    nicwells labeled #3393
  • Jun 27 09:39
    nicwells labeled #3393
mukul ashok joshi
@mukulajoshi_twitter
@bogdanromanx thanks again for the detailed replies. These are really helpful insights!
Bogdan Roman
@bogdanromanx
👍
Paul Pawletta
@PaulPawletta
Hi everyone. Is there a better way to create resources against a schema except from sending a "POST /v1/resources/{org_label}/{project_label}/{schema_id}"? I couldn't find any functionalities in Nexus Fusion or Nexus Forge. My use case would be e.g. that I have a pandas dataframe and I want to upload or validate it against the uploaded schema in Nexus Delta.
Alejandra Garcia Rojas M
@alegrm
@PaulPawletta you can use the Nexus Forge to convert a data frame to a Resource object in the Forge, and then you can validate the Resource with the Forge too, but notice that you need to configure the Forge Model to have access to the Shacl Model you want to validate that against. Check the notebook 7 and 11 in https://github.com/BlueBrain/nexus-forge/tree/master/examples/notebooks/getting-started, and the doc of the Forge configuration here https://nexus-forge.readthedocs.io/en/latest/interaction.html#forge
Paul Pawletta
@PaulPawletta
@alegrm Thank you! Notebook 11 was exactly what I was looking for.
Paul Pawletta
@PaulPawletta
Hi all. I'm running Nexus and Keycloak using docker swarm and I'm trying to set up ACLs for users. After creating a realm I'm able to create ACL for /org1 (still keeping all the rights for Annonymous at root - / ). Now when I try to modify the ACL at root using PATCH, I'm ending up removing all ACLs including Annonymous and the created ACLs for /org1. So I'm loosing all the permissions to do anything inside Nexus. How should I modify the ACLs at root level?
Screenshot 2020-09-21 at 17.52.08.png
Didac
@umbreak
As soon as you replace the ACLs for /, the previous Anonymous ACLs get overriden, yes. So whenever you change the ACLs, make sure you set an identity that you can login from
Paul Pawletta
@PaulPawletta
This is the response I'm receiving from http://localhost/v1/acls/org1?ancestors=true&self=false
And I'm not able to create anything now with my users from group1 (AuthorizationFailed -
"reason": "The supplied authentication is not authorized to access this resource."). Can you see anything that is wrong with my created ACLs?
Paul Pawletta
@PaulPawletta
In Nexus-Web I can login with my users from group1, but I loose all functionalities for reading and writing.
Didac
@umbreak
what do you get as a response from the identities endpoint when using your TOKEN?
curl -s -H "Authorization: Bearer $TOKEN" "https://{host}/v1/identities
Paul Pawletta
@PaulPawletta
Screenshot 2020-09-22 at 14.53.58.png
Didac
@umbreak
as you can see, there is nothing like group1 in this list, and you set ACLs in / for group1
When you did the first PATCH on / you should have done it for the identity:
"realm": "nexusdev",
"subject": "user1"
Paul Pawletta
@PaulPawletta
Thanks @umbreak that works! I guess my error is then related to how I configure the groups in keycloak
Didac
@umbreak

Yes. I guess the groups are not linked to the users correctly. When dealing with groups you have 2 options:

  • Adding the group information directly into the token. This is the most performant option if you don’t have too many groups in application. Otherwise don’t use it since the token is gonna get pretty big.
  • Using the /userinfo endpoint to fetch the group information.

I believe keycloack supports both, but I’m not well aware of the details. If you need some help with keycloak I could probably ask someone else on the team to help you. Let us know.

Paul Pawletta
@PaulPawletta
Exactly. The problem was the missing group information. Now it works with group ACLs. Thanks @umbreak ,we probably need help in the future for a proper production setup. For now I'm just playing :)
Paul Pawletta
@PaulPawletta

Hi everyone, we are planning on using BBN as a KG for our metadata at Charite Berlin. We envision a similar version to EBRAINS KG.
Right now, I'm looking for existing SHACL shapes that we could use and extend. I know about Neuroshapes, but it seems to me the metadata model for EBRAINS KG is more close to openMINDS v1. So my questions are:

  1. Are there any other SHACL constraints besides from Neuroshapes? e.g. Does anyone know what is used by EBRAINS KG?
  2. How is Neuroshapes related to openMINDS?
  3. Specifically is there SHACL shape that resembles a dataset as defined by openMINDS?

Thanks!

Anna
@annakristinkaufmann

Hi Paul!

Thanks a lot for getting in touch!

Regarding your questions:

  1. and 2. Unfortunately, we don't know details about the EBRAINS data model. Maybe best to get in touch with them directly!

  2. Maybe have a look at the neuroshapes dataset schema: https://github.com/INCF/neuroshapes/blob/8f3ce6d1de892990bab4f36179300ba485341d80/shapes/neurosciencegraph/datashapes/core/dataset/schema.json which extends the neuroshapes minds schema: https://github.com/INCF/neuroshapes/blob/8f3ce6d1de892990bab4f36179300ba485341d80/shapes/neurosciencegraph/commons/minds/schema.json

niksub
@niksub
Hello. I'm trying to install nexus on minikube, but got error because file missing - 404 https://bluebrainnexus.io/docs/getting-started/running-nexus/minikube/kg.yaml
niksub
@niksub

@bogdanromanx

Hello. I'm trying to install nexus on minikube, but got error because file missing - 404 https://bluebrainnexus.io/docs/getting-started/running-nexus/minikube/kg.yaml

Bogdan Roman
@bogdanromanx
mukul ashok joshi
@mukulajoshi_twitter
Trying to use Nexus with manual build (outside docker). Using Nexus Release 1.4.2 for Delta and Nexus-Web. Have manually installed and started Cassandra, ElasticSearch, Blazegraph. Trying to use Keycloak both as Broker and Identity Provider with Client set to the Nexus-Web. Have created a Realm in Delta using the Delta API with OpenIDConfig of the Realm created in Keycloak. And then started Nexus-Web with API Endpoint of Delta API. When I access the Nexus-Web page, the login menu drop down does not result in creating the button for the Identity Provider login. Tried setting the Client ID in the command line of Nexus-Web, but that also does not change anything. Is there anything missing or wrong in either the Keycloak setup or starting of Nexus-Web or any other API update for Delta? Any pointers will be much appreciated. Thanks
3 replies
Didac
@umbreak

@mukulajoshi_twitter what do you get when you perform the following request:

curl -s 'http://{endpoint}/v1/realms'

…where {endpoint} is the address (and port) where your nexus deployment is running.

Nexus Web displays the login options based on the response from that request
Didac
@umbreak
You can also just open nexus web on the browser and through the browser development tools Inspect element -> Network you can see there the requests nexus web is doing to the nexus delta (backend) component and check what’s the response to that realms request.
mukul ashok joshi
@mukulajoshi_twitter
@umbreak thanks. Yes, initially was not passing the API_Endpoint which showed requests failing in the Dev Tools Network tab. Then after passing the API_Endpoint can see this response when the /v1/realms gets invoked: *{"@context":["https://bluebrain.github.io/nexus/contexts/resource.json","https://bluebrain.github.io/nexus/contexts/iam.json","https://bluebrain.github.io/nexus/contexts/search.json"],"_total":1,"_results":[{"@id":"http://127.0.0.1:8080/v1/realms/keycloak","@type":"Realm","name":"Nexus Keycloak","openIdConfig":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/.well-known/openid-configuration","_label":"keycloak","_grantTypes":["password","clientCredentials","refreshToken","authorizationCode","implicit"],"_issuer":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus","_authorizationEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/auth","_tokenEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/token","_userInfoEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/userinfo","_revocationEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/revoke","_endSessionEndpoint":"http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/logout","_rev":1,"_deprecated":false,"_createdAt":"2021-01-13T13:51:05.704Z","_createdBy":"http://127.0.0.1:8080/v1/anonymous","_updatedAt":"2021-01-13T13:51:05.704Z","_updatedBy":"http://127.0.0.1:8080/v1/anonymous"}]}*. I kind of tried to compare this with the response seen in the Sandbox environment, but did not see any glaring differences, though i could be wrong. Would be useful if you can give a look over and see if there anything patently wrong in the above response. Thanks
Nope. The login drop down in the header does not result in the button for Identity Provider login in the main section. Is it because the Broker and Identity Provider are the same? I can probably have 2 keycloak instances, one acting as Broker and the other as the Identity Provider
Didac
@umbreak
that shouldn’t be necessary
Bogdan Roman
@bogdanromanx
I remember seeing this before because of a browser caching issue
could you try to clear the cache and refresh the web page?
mukul ashok joshi
@mukulajoshi_twitter
@umbreak thanks. Restarted the browser, but no luck. Clicking the "Login" in the header does not have any effect. Also I cannot see "Admin" link in the LHS section. I can see only "Home" and "Studios". Could that also be pointing to some issue? And the header section appears with black background, rather than the white background as seen in the Sandbox environment
Didac
@umbreak
@mukulajoshi_twitter what version of keycloak, nexus-delta and nexus-web have you installed?
Kenneth Pirman
@kenjinp
@mukulajoshi_twitter perhaps you can try to remove the elements in localStorage by going to the browser inspector / Storage and removing any of the items there
also make sure you run the webapp with all caps ENV vars API_ENDPOINT=https://somehost/v1 (I guess you already did)
mukul ashok joshi
@mukulajoshi_twitter
@umbreak these are details: Keycloak is version 12.0.1, Nexus Delta is Release version 1.4.2 (downloaded the tar and extracted the same for build with sbt dist), Nexus-Web downloaded as git clone with branch 1.4.2 (-b v1.4.2 --single-branch). Had to do the git clone for Nexus-Web since the yarn build was looking for .git when i tried the build with the tar extract of the Nexus-Web Release 1.4.2
mukul ashok joshi
@mukulajoshi_twitter
@umbreak these are the details: starting the Nexus-Web like this "CLIENT_ID=nexus-web API_ENDPOINT=http://127.0.0.1:8080/v1 node dist/server.js > startup.log 2>&1 &". Also getting these errors in the delta log: "2021-01-15 19:23:34 ERROR c.e.b.nexus.delta.routes.ServiceInfo - Error while attempting to query for Blazegraph service description
ch.epfl.bluebrain.nexus.commons.http.UnexpectedUnsuccessfulHttpResponse: Received an unexpected http response while communicating with an external service" and
"2021-01-15 19:23:49 ERROR I.e.b.n.s.c.t.ServiceDescription] - Unexpected response for Storage call. Request: 'HttpMethod(GET) http://localhost:8084'akka.stream.StreamTcpException: Tcp command [Connect(localhost:8084,None,List(),Some(10 seconds),true)] failed because of java.net.ConnectException: Connection refused". I do not have the storage service running. Will check the localStorage stuff. Thanks
mukul ashok joshi
@mukulajoshi_twitter
@umbreak there are no key/value pairs in the Chrome Browser DevTools Inspector - Application/Local Storage
Also see these errors: * "2021-01-15 20:47:21 INFO akka.actor.ActorSystemImpl - Request timeout encountered for request [GET /version Strict(0 bytes)]
2021-01-15 20:48:36 WARN c.d.o.d.a.c.a.PlainTextAuthProviderBase - [s0] /127.0.0.1:9042 did not send an authentication challenge; This is suspicious because the driver expects authentication"
Didac
@umbreak
the version endpoint is not working because the storage service is probably not up and running, whcih does not matter for your deployment. So that one you can ignore
Didac
@umbreak
I’m not sure on the Nexus-Web side of things. The API seems to at least return the right realms
Kenneth Pirman
@kenjinp
I'm having trouble with that part, as far as I can see as long as the realms returns _results > 0, and if none of them are service accounts, then it should render them in the dropdown
Didac
@umbreak
@kenjinp if there is just one entry it will display a dropdown or one will just need to click on login?
Kenneth Pirman
@kenjinp
I think it will still display a dropdown. Is it possible that __results will not be an array if there's only one item?
Didac
@umbreak
@kenjinp his response from realms endpoint it this:
{
  "@context": [
    "https://bluebrain.github.io/nexus/contexts/resource.json",
    "https://bluebrain.github.io/nexus/contexts/iam.json",
    "https://bluebrain.github.io/nexus/contexts/search.json"
  ],
  "_total": 1,
  "_results": [
    {
      "@id": "http://127.0.0.1:8080/v1/realms/keycloak",
      "@type": "Realm",
      "name": "Nexus Keycloak",
      "openIdConfig": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/.well-known/openid-configuration",
      "_label": "keycloak",
      "_grantTypes": [
        "password",
        "clientCredentials",
        "refreshToken",
        "authorizationCode",
        "implicit"
      ],
      "_issuer": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus",
      "_authorizationEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/auth",
      "_tokenEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/token",
      "_userInfoEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/userinfo",
      "_revocationEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/revoke",
      "_endSessionEndpoint": "http://127.0.0.1:8180/auth/realms/blue-brain-nexus/protocol/openid-connect/logout",
      "_rev": 1,
      "_deprecated": false,
      "_createdAt": "2021-01-13T13:51:05.704Z",
      "_createdBy": "http://127.0.0.1:8080/v1/anonymous",
      "_updatedAt": "2021-01-13T13:51:05.704Z",
      "_updatedBy": "http://127.0.0.1:8080/v1/anonymous"
    }
  ]
}
Kenneth Pirman
@kenjinp
Ah thanks. Yeah this looks good to me
Another possibility is by installing the chrome redux devtools and trying to see the state that the app has https://chrome.google.com/webstore/detail/redux-devtools/lmhkpmbekcpmknklioeibfkpmmfibljd