search

Fraunhofer-AISEC / ids-clearing-house-service

This is an implementation of the IDS Clearing House
Apache License 2.0
0 stars 11 forks source link

Consumer is not authorized to write to pid (ids:rejectionmessage) #12

Closed jfernandezsqs closed 2 years ago

jfernandezsqs commented 2 years ago

I have deployed two dataspace connector (DSC A acting as provider and DSC B acting as consumer), both of them have the Clearing House configured at the application.properties file. I create a complete resource at provider and I negotiate a contract agreement between provider and consumer. When I access the data from consumer I am obtaining the following rejection message at the Clearing House logs.

clearing-house-api      | [2022-02-21][14:36:10][ch_lib::db][DEBUG] Trying to get process with id 7522f798-f27e-4ebf-bff5-f6ce61af717c...
clearing-house-api      | [2022-02-21][14:36:10][ch_lib::db][DEBUG] ... found it.
clearing-house-api      | [2022-02-21][14:36:10][ch_lib::db][DEBUG] found owner B2:50:A7:55:D1:C8:04:93:01:78:DE:94:EE:C9:D9:14:48:2C:35:8D:keyid:CB:8C:C7:B6:85:79:A8:23:A6:CB:15:AB:17:50:2F:E6:65:43:5D:E8
clearing-house-api      | [2022-02-21][14:36:10][clearing_house_api::clearing_house_api][WARN] User is not authorized to write to pid '7522f798-f27e-4ebf-bff5-f6ce61af717c'
clearing-house-api      | [2022-02-21][14:36:10][ch_lib::model::ids::response][DEBUG] ids-response: {"@context":{"idsc":"https://w3id.org/idsa/code/","ids":"https://w3id.org/idsa/core/"},"@type":"ids:RejectionMessage","@id":"https://w3id.org/idsa/autogen/RejectionMessage/b08dbdde-f8aa-4f57-b78f-e8ad719b6f56","ids:modelVersion":"4.0.0","ids:correlationMessage":"https://w3id.org/idsa/autogen/logMessage/a99a2805-7016-413d-9dc2-cc6aeadb4437","ids:issued":"2022-02-21T14:36:10.290096066+00:00","ids:issuerConnector":"https://clearing_house/","ids:senderAgent":"https://clearing_house","ids:recipientConnector":["https://connector_A"],"ids:recipientAgent":["https://connector_A"]}

I assume this is because the consumer is not set as a pid owner as explained in the closed issue https://github.com/Fraunhofer-AISEC/ids-clearing-house-service/issues/10 I have tried to follow the proposed solution but I did not manage to fix this issue.

How can I solve it? so that DSC B (consumer) has right permission to the pid and therefore the clearing-house-api can sign the receipt and store the transaction from the consumer side.

I attach the logs obtained from the clearing house at the following document. ClearingHouseLogs.docx

kragall commented 2 years ago

This is most likely the same problem as described in this issue: https://github.com/International-Data-Spaces-Association/DataspaceConnector/issues/885

You will need to upgrade your DSC in order to solve this problem.

jfernandezsqs commented 2 years ago

Thanks for the quick response. Do you know which version of the DSC will solve this issue? I am currently using version 7.0.1

kragall commented 2 years ago

Since the issue at the DSC is not yet closed, I'm not even sure that if the fix for this problem is already released in the DSC

kragall commented 2 years ago

The issue at DSC has been closed, so I assume this is fixed.

jfernandezsqs commented 2 years ago

I have tested the proposed solution from the DSC team and it is not working in my environment. I have opened the following issue at DSC official repository https://github.com/International-Data-Spaces-Association/DataspaceConnector/issues/955 Could you please reopen this issue until the problem with the consumer logs is resolved?

jfernandezsqs commented 2 years ago

I have checked it with TC_CH_ISSUER_CONNECTOR and TC_CH_AGENT variables configured and the issue is fixed.