search

International-Data-Spaces-Association / metadata-broker-open-core

This is the repository of the open-core reference implementation of the IDS Metadata Broker.
Apache License 2.0
10 stars 17 forks source link

Reference Testbed #43

Closed aitorcelaya closed 2 years ago

aitorcelaya commented 3 years ago

I am trying to make a local testbed with the following components:

So far we have achieved the following interoperability:

I am not able to have our Omejdn DAPS connect to the Metadata Broker. I have gathered a couple screenshots from the different sides to get a better look at the picture:

This is the how we are telling the Broker to connect to our DAPS as specified to us in another issue in this repo: DSCDAPSMB5

This is the answer we get on the Dataspace Connect UI: DSCDAPSMB2

It shows that the rejection reason is NOT_AUTHENTICATED. This NOT_AUTHENTICATED message persists whether we change line 21's value in the previous image true/false. Both of them show the same NOT_AUTHENTICATED message.

On the Metadata Broker's side, I obtain the following: DSCDAPSMB

"Token needs to be fetched anew from DAPS". I am not sure how to fix this, as it is unable to fetch the DAPS with the current configuration.

I also noticed a difference between the DAT our local DAPS provides and the DAT the public DAPS provides. I am not sure if the Broker expects any of the fields that our DAPS is not currently providing.

Our DAPS: DSCDAPSMB3

Public DAPS (default when installing the Broker) DSCDAPSMB4

Thank you!

sebbader commented 3 years ago

Hello Aitor! We have noted your report, @NehaThawani44 will shortly keep you updated.

sebbader commented 3 years ago

Hello @aitorce ! I think I understand your problem. Your DAPS is not known to the Broker, therefore it doesn't trust its signiture. I assume we need to add your public key to the Broker truststore. @NehaThawani44 can you please help @aitorce to add it?

sebbader commented 3 years ago

@NehaThawani44 and @TasneemRashid that sounds exactly like the problem we are currently facing with our own DSC instance and its truststore. Can you please give an update here as soon as the problem is solved in our testbed?

gbrost commented 2 years ago

Sounds about right :)

sebbader commented 2 years ago

Hello @aitorce, I think I have better understand the problem (I thought in a different one before). Our Broker Images are delivered with a specific IDS Identity Certificate (the current file is isst-broker.jks in the generated JAR inside the image). I assume that your local Omejdn instance does not know the contained certificate, right?

If so, we have a few possibilities:

  1. Can you add the given certificate into your DAPS DB? I will then send you this Keystore, which was created by Fraunhofer AISEC.
  2. We can add a feature to integrate the IDS Identity Certificate as a file on the hosting system. This will take a bit longer, as we would need to adjust our code on several locations but have rather limited free capacity at the moment.

Therefore, would (1) work for you (for now)?

NehaThawani44 commented 2 years ago

@aitorce @gbrost @sebbader Finally after a long struggle we have finally resolved this ticket, hence I am closing it.