search

International-Data-Spaces-Association / metadata-broker-open-core

This is the repository of the open-core reference implementation of the IDS Metadata Broker.
Apache License 2.0
10 stars 17 forks source link

Latest version fails to get DAPS token #100

Open CapacitorSet opened 2 years ago

CapacitorSet commented 2 years ago

We've been trying to deploy a simple IDS configuration with a connector and a broker (starting respectively from the docker-compose files https://github.com/International-Data-Spaces-Association/IDS-Deployment-Examples/tree/main/dataspace-connector/full and https://github.com/International-Data-Spaces-Association/metadata-broker-open-core/tree/master/docker/composefiles/broker-localhost).

The connector seems to work fine, and we were able to use the UI to produce and then consume a resource. However we were not able to register the connector with the broker, as the broker fails to authenticate with DAPS and throws "TokenRetrievalException: Unable to retrieve DAPS token". This fails both with the default configuration and when passing a DAPS url from the command line.

We also tried deploying our own DAPS server and configuring the broker to use it, but the setting seems to be ignored as no request is logged on the DAPS server.

This is our docker-compose configuration:

version: '3'
services:
  broker-reverseproxy:
    image: registry.gitlab.cc-asp.fraunhofer.de/eis-ids/broker-open/reverseproxy
    volumes:
     - /c/topix/metadata-broker-open-core/cert/:/etc/cert/
    networks:
      broker:
        ipv4_address: 172.16.3.2
      public:
        ipv4_address: 172.16.1.32
    # ports:
    # - "443:443" # IDS-HTTP API
    # - "80:80"

  broker-core:
    image: registry.gitlab.cc-asp.fraunhofer.de/eis-ids/broker-open/core:latest
    # image: registry.gitlab.cc-asp.fraunhofer.de/eis-ids/broker-open/core:4.2.8
    volumes:
      - /c/topix/metadata-broker-open-core/cert/:/etc/cert/
    restart: always
    environment:
    - SPARQL_ENDPOINT=http://broker-fuseki:3030/connectorData
    # Dirty hack to pass extra args
    # - ELASTICSEARCH_HOSTNAME=broker-elasticsearch -Ddaps.url=http://172.16.4.2:4567/token -Ddaps.token.url=http://172.16.4.2:4567/token -Ddaps.key.url=http://172.16.4.2:4567/.well-known/jwks.json
    # - ELASTICSEARCH_HOSTNAME=broker-elasticsearch -Ddaps.url=https://daps.aisec.fraunhofer.de/v3/token -Ddaps.token.url=https://daps.aisec.fraunhofer.de/v3/token -Ddaps.key.url=https://daps.aisec.fraunhofer.de/.well-known/jwks.json
    - ELASTICSEARCH_HOSTNAME=broker-elasticsearch
    - SHACL_VALIDATION=true
    - DAPS_VALIDATE_INCOMING=false
    - IDENTITY_JAVAKEYSTORE=isstbroker-keystore.jks
    - COMPONENT_URI=https://localhost/
    - COMPONENT_CATALOGURI=https://localhost/connectors/
    - JWKS_TRUSTEDHOSTS=daps.aisec.fraunhofer.de,omejdn,daps-domain.example
    networks:
      broker:
        ipv4_address: 172.16.3.3
      public:
        ipv4_address: 172.16.1.33
      daps:
        ipv4_address: 172.16.4.33
    # expose:
    # - "8080"

  broker-fuseki:
    image: registry.gitlab.cc-asp.fraunhofer.de/eis-ids/broker-open/fuseki
    volumes:
      - broker-fuseki:/fuseki
    networks:
      broker:
        ipv4_address: 172.16.3.4
    # expose:
    # - "3030"

volumes:
  broker-fuseki:

networks:
  public:
    external: true
    name: topix_public
  daps:
    external: true
    name: daps_daps
  broker:
    ipam:
      driver: default
      config:
        - subnet: "172.16.3.0/24"

Version 4.2.8 on the other hand is able to connect to the Fraunhofer DAPS but not the custom DAPS.

Krieke commented 1 year ago

@CapacitorSet we are almost a year further. Were you able to resolve the issue?