How can an Application Server send a downlink message to a LoRaWAN end device connected to Actility ThingPark Community platform?
ThingPark Community Platform offers a REST API to allow Application Servers sending a downlink message to an end-device. Every http request sent to that API need to be validated by a one-time token so that ThingPark can verify the integrity of the request.
The interface between ThingPark Enterprise Network Server and an external Application Server is described in the TPE LRC AS tunnel interface development guide.
For a quick test please check our simple javascript example.
Don't forget to update the constants at the beginning of the script.
The AS_KEY is the Tunnel Interface Authentication Key that you set on the
CREATE HTTP APPLICATION form.
The AS_ID is the Application ID that you can see once you have creeted the application.
If you prefer testing with curl see our curl test shell script.
Please note that this script does not calculate the one-time token. You need to calculate it yourself according to the Tunnel interface development guide or by studying the former javascript code.
Related
In Hyperledger composer rest api (composer-rest-server) are secure with Enabling authentication for the REST server. but in http://localhost:3000/explorer, All sensitive data is not encryption. Could i use cryptography or other approach to encrypt and decrypt like Zero Knowledge Proof to prevent data privacy (sensitive data)?
And I see Securing the REST server using HTTPS and TLS, when i run command composer-rest-server -c alice1#my-network -t and then open browser https://localhost:3000/explorer, but I don't know how to use it?
Thank you in advance!
Firstly, you would use TLS between the REST client and REST server - see https://hyperledger.github.io/composer/latest/integrating/securing-the-rest-server and general/useful info on TLS with diagrams here
You would really need to set up authentication (known user identities that are using it) with TLS like discussed here then connect to the authentication path for your application to authenticate the user using the REST APIs https://localhost:3000/auth/github: ((or whatever the authPath is for your implemented strategy)) and then interactions/ data in transit between client and server will be encrypted.
Once the REST server is up and running and TLS enabled - you will authenticate at your REST client as the user in question: once authenticated, that user gets an access token or similar. In terms of Composer and the deployed business network / smart contract - that user will (already) have been issued a business network card - that includes the user's blockchain identity (key/cert) and contain connection info/metadata (ie how to connect to the deployed/runtime business network out on the Fabric network). This access may be programmatically, from an application client that's using REST APIs (ie the app user that's logged in to the app, has been assigned this business network card) or indeed - a user is using the REST API client in a browser for example (eg. he/she would import it into their Wallet in the REST client then that would be the default identity in the REST API session, and which interacts / signs transactions that update the business network (create asset, update asset etc), as REST API operations to the REST Server (over TLS) that interacts with the Fabric network (over TLS).
I am mobile iOS developer and need a demo environment while making a Proof Of Concept app that will run against SAP Mobile Platform 3.0 (SMP) and Netweaver Endpoint using OData service. I need to be testing against SMP Server 3.0 SP05 or SP06 as I need to work with Offline mode as well.
I have setup SAP HANA Cloud Platform Mobile Services on CAL (https://cal.sap.com), configured my application and can successfully execute user registration and on-boarding against the SMP. I am using one of SAP-provided Netweaver demo endpoints, but then I am getting http errors when further making HTTP requests from SMP to the Netweaver endpoint.
The SMP uses HTTPS protocol.
The Netweaver demo endpoint is at https://sapes1.sapdevcenter.com/sap/opu/odata/IWFND/RMTSAMPLEFLIGHT/
It gives me errors like:
Unable to extract request URI: URI must contain a port: https://hcpms-p1941221453trial.hanatrial.ondemand.com/com.sap.flight/
or
Cannot open tunnel with id account:///p1941221453trial
or
HTTPS proxying is not supported. Use HTTP instead. HTTPS is not needed because communication is already secured by the tunnel.
Can somebody please sugest the correct configuration of the end point - Authentication Type, Rewrite Mode, Proxy Type - to get the SMP working with the demo endpoint?
If it is not possible to connect to this NW endpoint from HANA Cloud SMP, can you please sugest another way how to get a demo NW Endpoint with one of SAP sample OData applications? Many thanks.
This may help you for a subset of your issues:
Regarding the HTTPS error, have a look here:
https://help.hana.ondemand.com/help/frameset.htm?9d0e9e8397f544d9a5de5df52fd1e757.html
It mentions: The communication between the XS application and the proxy listening on localhost is always via HTTP. Whether the connection to the on-premise back-end should be HTTP or HTTPS is a matter of access control configuration in the Cloud connector. For more information, see Configuring Access Control (HTTP).
Basically, when something goes through the Cloud Connector, the HANA server uses a the proxy localhost:20003 in HTTP
I am attempting to setup a freeradius server to authenticate against a web service. The reason for this is that there is a complicated workflow involving account status and mac address. The workflow seemed out of place to be in freeradius. So my user names, and encrypted passwords are stored remotely to the radius server. Everything works fine using radclient to test. When I started using the the Access Point, I learned it only communicates with the radius server via eap-tls. This means that the User-Password argument is not available for my script.
Is there a way to have eap auth check for user authentication against my script? By this i mean, can i get the password to send to my secondary service?
Alternately, is there a way to get the User-Password from the encrypted eap-message data?
Access points don't usually place restrictions on the EAP type. The device connecting to the AP negotiates an EAP type with FreeRADIUS. If it's using EAP-TLS it's probably a windows machine that hasn't been configured to do anything different.
Investigate EAP flavours to find out which ones are available. If you have EAP-TTLS-PAP you can send the plaintext password from the wireless client, and user it to authenticate against the web service.
In FreeRADIUS v3.0.x there's a rlm_rest module, which can perform basic auth on behalf of the user, with very little configuration.
We have used Erlang/Cowboy to develop a simple chatting service based on WebSockets. Right now, We are using localhost:8080 to connect server.
I want to do user authentication, that will be done based on the URL parameter, and it will return user id or none for the connection.
How to do that?
Before the websocket exchange, you can ask a token to your application and use it with your websocket client.
I'm building a messaging app like WhatsApp. My goal is to expose only REST API through Rails and "push notifications" to connected clients via websockets. So clients communicate with server only with the REST API. Only the server sends data through the websocket. Clients can only receive data from it.
Currently I've built an eventmachine server listening for websocket connections and Unix domain socket connections. When a client performs a request on the REST API, Rails connects to the Unix domain socket to tell the eventmachine what connected client needs to be notified through the websocket.
My concern is about how it will behave in production (my server runs Apache Passenger). So I'm looking for some project to solve my problem. I had a look at Faye but I can't understand how to force it to send notifications to connected clients from an external process (that might be rails while is performing a request). Any ideas?
Have you looked at the sync gem I am doing something similar and that is what i use
https://github.com/chrismccord/sync
They have a really good video on integration and a example https://github.com/chrismccord/sync_example
and this fully supports Faye and Pusher.
I use Faye for dev and Pusher for production