Symptom: Access to Main ("index") Page Denied for Owner's WebID When Setting Up a Solid Server on a Windows Machine


#5

Would this make it possible to you to see the whole story?: nssforum.durdik.ch


#6

The working hypothesis is that the symptomatic NSS for some reason did not consistently initialize itself with the owner's WebID when installed, cf. nssforum.durdik.ch.


#7

The updated reference working hypothesis is that the symptomatic NSS for some reason did not consistently initialize itself, possibly with the owner's WebID using WebID-OIDC protocol when installed. Apart from this, preliminary analysis revealed that the culprit variable (alternatively) could be a flaw in symptomatic NSS scripts involved in dynamically reading out pages index.html. Anyway, take note of the favicon.ico read out as expected and displayed in the upper left corner of the web browser's window.

With full details cf. Section Initial Access Authorization presented on an intermittently with intermediate interruptions, as a general rule between 20:00 and 07:00 GMT/UTC o'clock, and temporarily operated web server.


#8

The installation of the symptomatic NSS is at least with regard to some CSS files incomplete, cf. nssforum.durdik.ch.


#9

After belated (non-NPM) manual correction of the NSS installation by copying the directory common from C:\Users\solid.durdik.ch\AppData\Roaming\npm\node_modules\solid-server, the index.html stored in the NSS's filesystem root can be displayed via the NSS.

Web Access Control (WAC) works for this particular reading out as expected.

However, this does not solve the issue at hand, intermittently cf. nssforum.durdik.ch/.


#10

Just to recap where you’re getting stuck. You are getting an authorization error when using your solid.community webid?

Does your ACL file give permission to that webid?

I see in your examples you specified [site URL]/profile/card#me, but if you are using your solid.community webid, then [site URL] in your ACL examples would need to be your solid.community URL.


#11

Apart from my appreciation, still nothing has changed with the symptom so far: Using any WebID I know, I am still hitting a solid:server Error page because of: { [HTTPError: Access to https://solid.durdik.ch:8443\index.html requires authorization]..., cf. Fig.8a, eventually making for No permission to access this resource: You are currently logged in as https://solid.durdik.ch:8443/profile/card#me, but do not have permission to access https://solid.durdik.ch:8443/, cf. Fig.13.

With full details, straight after its installation by the npm package manager, a command line client included as a recommended feature in Node.js installer that interacts with a remote registry, and starting the NSS prototype, it is asking the owner for log in and implicitly lets it seem like his (possibly alternative) registration was an option. Playing with it around, you are inter alia presented with a webpage with URI https://solid.durdik.ch:8443/common/popup.html and a button labeled Log in with solid.durdik.ch:8443. However, the button is dead preposterous to reason. Whatever else you do and wherever you go, the NSS at its best keeps insisting on No permission to access this resource: You are currently logged in as https://solid.durdik.ch:8443/profile/card#me, but do not have permission to access https://solid.durdik.ch:8443/.

Now, this message is incorporated also in intermittently operated nssforum.durdik.ch/. Take note of the fact that references (links) above still may shift over time.

Before extending this topic at Setting Up a Solid Server on a Windows Machine - Server Administration - Solid Community Forum.htm to the intermittently operated nssforum.durdik.ch/, I reported on unsuccessful switching to my WebID https://[user name].solid.community/profile/card#me after redefining the Web Access Control (WAC) acl:agent in the relevant *.acl files, i. e. [site URL] being my solid.community URL, when trying enlivening the cryptic NSS.

In fact, it was not me who wanted to use a solid.community WebID with the symptomatic NSS. The NSS does not authorize me as owner with https://solid.durdik.ch:8443/ based WebID to access it, so I just tried what came to my mind at that time. I did not incorporate this attempt in the aforementioned intermittently presented authoritative symptom description, since I feel in the meantime that using other than https://solid.durdik.ch:8443/ based owner's WebID is not what the poet meant to say. However, you better ask the poet, Justin.

Take note of the fact that new users as me can only put one image and only 2 links in a post.


#12

Take note of the fact that Fig.8 was divided to make for more feasible comparison with another figure. Hence, the link in the post above shifted from Fig.8 to Fig.8a.

I appreciate being promoted up a trust level. Nevertheless, it is below the line definitely not reasonable to move nssforum.durdik.ch/ here.


#13

Take note of the fact that the links below are presented on an intermittently with intermediate interruptions, as a general rule between 20:00 and 07:00 GMT/UTC o'clock, and temporarily operated web server.

This is an update of the reference symptom overview: After the installation of a NSS prototype by the npm package manager, a command line client included as a recommended feature in Node.js; run-time environment installer that interacts with a remote registry, and independent of the server TLS/SSL certificate, I am hitting a solid:server Error page because of: { [HTTPError: Access to https://solid.durdik.ch:8443\index.html requires authorization]..., cf. Fig.8a and solid:server Error page because of: { [HTTPError: Access to https://solid.durdik.ch:8443\index.html denied for https://solid.durdik.ch:8443/profile/card#me]..., cf. Fig.14, eventually making for No permission to access this resource: You are currently logged in as https://solid.durdik.ch:8443/profile/card#me, but do not have permission to access https://solid.durdik.ch:8443/, cf. Fig.13.


Pell-Mell on Setting Up a Solid Server on Windows
Pell-Mell on Setting Up a Solid Server on Windows
Basic question about authentication
#14

@gandalfprime How did you set up your SSL? I’m also getting the not allowed permission - I wonder if it has to do with self generated SSL Certs.


#15

I don't make use of a self-signed server TLS/SSL certificate and I haven't tried to. Thanks to you, now I also need not try.

Assuming you also are making use of Node.js v8.12.0-x64, take note of the fact that in the meantime there is a new Node.js installer installing non-beta Node.js v10.13.0(-x64) Long Term Support (LTS) including the npm package manager, a command line client included as a recommended feature in Node.js installer that interacts with a remote registry. The installation got much more sophisticated since mid-October 2018 and at least visually makes a professional impression. However, as expected, it does not do everything it is promising.

With full details cf. Section Installing Node.js v10.13.0(-x64) presented on an intermittently with intermediate interruptions, as a general rule between 20:00 and 07:00 GMT/UTC o'clock, and temporarily operated web server.

After involving the updated Node.js run-time environment, the reference symptom overview, slightly extended based on @Mordax's post, hasn't changed significantly after all.

As a result, current reference working hypothesis is still valid. However, assuming no coding flaw in the NSS scripts themselves, I'm in the meantime slowly coming to conclusion that the NSS consistently initialized itself with the owner's WebID when installed and that the owner's WebID-OIDC protocol installation hardly is the culprit variable.

I'm hardly going to build Node.js from source in this reincarnation of myself.

The last resort would be trying to contact the authoring poets and asking them to at least buy a beer for each of us for—no offense meant—lavishing their poem on us and for (to an extent) wasting my youth on it.


Hit a wall with SSL certification on single user servers
#16

How did you create the private key and certificate pem files in Windows? Most forums and tutorials will use openssl and other external libs. Did you also use any external libs? I am using a university system and it does not allow installations. It does however have PowerShell.


#17

For other projects I’ve used java to make the key and pem. Over Thanksgiving I’ll try setting up solid on my Windows box


#18

Thanks for the suggestion. Will try Java.


#19

Did someone say PowerShell? Try https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps - it will create all the certificates you want. But they are stored in the Windows Certificate Store, so you need to export them afterwards as PEM-files (which apparently also is what Windows call CER-file) - see https://certsimple.com/help/windows-export-pem-private-key


#20

@DameLyngdoh, on the one hand, should you ask about PEM PKI public key TLS/SSL server certificate and TLS/SSL server private key file format because you want to contribute adding your two cents to solve the symptom at hand, take note of the fact that PEM X.509 public key certificate and private key files format is nothing special and is in form identical with some public key certificate files formats or at least with Base64 alternatives of some public key certificate and private key files formats on Windows. Hence, this and on an intermittently with intermediate interruptions, as a general rule between 20:00 and 07:00 GMT/UTC o'clock, and temporarily operated web server presented Fig.8 obviate that these formats are not a culprit variable in the symptom at hand...

Take note of the fact that I moved a symptom unrelated part of this post to the topic Pell-Mell on Setting Up a Solid Server on Windows.

I am looking forward to hearing of anybody who can reproduce the symptom at hand or who can contribute to solving it.


Pell-Mell on Setting Up a Solid Server on Windows
#21

well java way still needs a conversion to pem so it isn’t the way to go


Pell-Mell on Setting Up a Solid Server on Windows
#22

Which cmdlets exactly do you mean?

As far as I do not understand, there is one and only one (Windows) command, an npm command line client cmdlet with the parameter test and, insofar as apparent, with input from a correctly located JSON file, for (self)testing the Solid server installation as a PODS instance; for Node Solid Server (NSS) 4.2.0-rc.0 cf. this reference post, crashing with 12 info lifecycle solid-server@4.2.0-rc.0~standard: Failed to exec standard script, cf. ibidem.


#23

In my fork of node-solid-server


which calls

for running in a developer environment https://github.com/rimmartin/node-solid-server#running-in-development-environments

call .\bin\solid-test.cmd start --multiuser --port 8443 --ssl-cert C:\NodeProjects\pmc.cert --ssl-key C:\NodeProjects\pmc.key --root .\data

Pell-Mell on Setting Up a Solid Server on Windows
#24

@rimmartin, good morning… As far as I can say, you can run your Solid installation, can you?

If so,

  1. You have locally tested the installation.

    Is this correct? If so, what was the test result?

  2. Can you reproduce the symptom at hand?