International-Data-Spaces-Association / omejdn-daps

Open Source implementation of the Dynamic Attribute Provisioning Service based on http://github.com/Fraunhofer-AISEC/omejdn-server
Apache License 2.0
7 stars 10 forks source link

Problem executing the test for the omejdn and generating the token #8

Closed aetxeberriasqs closed 3 years ago

aetxeberriasqs commented 3 years ago

The Problem

An error has occurred when trying to execute the testo for the omejdn and generating a token.

My Setup

The latest version of ruby and the software that states the README

What I have done up front

After checking in the browser that the omejdn and the ruby commands have been succesfull, i have instaled the jq JSON to pass the test.sh file. At the same time, i have executed the ruby create_test_token.rb and insert it in the following line. curl localhost:4567/token --data "grant_type=client_credentials&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion={token_here}&scope=ids_connector security_level"

This makes an error i can not happen to find.

The error for the token: curl localhost:4567/token --data "grant_type=client_credentials&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion={token_here}&scope=ids_connector security_level"

The error when I try to run the scritp for the tests:

curl localhost:4567/token --data "grant_type=client_credentials&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion={token_here}&scope=ids_connector security_level"

What I expected to happen

To pass onto the next step of the documentation

What actually happened

The error messages above appear

The quest of trying to solve it

I have tried following the messages that appears and to look why the client is unknown.

What were the results of searching for the error on the internet?

I didnt appear any information i found useful

What is your best guess as to what might have happened?

some of my setup is not correct

bellebaum commented 3 years ago

The script should actually generate the token for you. Two problems I can see immediately:

bellebaum commented 3 years ago

Btw, why are you using a browser for this?

aetxeberriasqs commented 3 years ago

Thanks,

I have launched the test with IDS_CONNECTOR_ATTRIBUTES_ALL and the test have started, but it says that only 66.667% have passed and that Test tests/test_oauth2.rb is unsucessful

I dont know if this test is suppossed to fail or not.

The browser is just for checking that that after the ruby omedjn.rb line it is running correctly

bellebaum commented 3 years ago

You are executing the wrong script. As the README states:

A script to quickly test your setup can be found in scripts (requires jq to be installed to format JSON). Be aware that Omejdn has its own folder labeled scripts, which is not the one mentioned here.

The actual script is located in omejdn-daps/scripts/, not omejdn-daps/omejdn-server/scripts/

aetxeberriasqs commented 3 years ago

It is just that when i try to execute it in the omejdn-daps/scripts/ folder, it doesnt find the client , and this error is found

cripts/test.sh daps Found client 90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81:keyid:90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81 Here is the DAT Header: parse error: Invalid numeric literal at EOF at line 1, column 3 Here is the DAT Body: parse error: Invalid numeric literal at EOF at line 1, column 3

And when I insert the Found client to the line :

scripts/test.sh 90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81:keyid:90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81 Can't open ../omejdn-server/keys/90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81:keyid:90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81.cert for reading, No such file or directory 139634450076992:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('../omejdn-server/keys/90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81:keyid:90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81.cert','r') 139634450076992:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76: unable to load certificate Error: Could not load client certificate. Are you sure you copied it into omejdn-server/keys?

This error pops up

bellebaum commented 3 years ago

It did find your client in the first run. The printed name is the connector's ID (c.t. IDS-G).

Please try to use this modified version, copied into the same place and send its output: https://gist.github.com/bellebaum/8393645f6ba7b846ec4d814696c590fc

aetxeberriasqs commented 3 years ago

Hello,

I have tried your solution and it does not work. The logs tell me this:

image

And the script shows this:

image

I have changed the audience from http://localhost:4567 to idsc:IDS_CONNECTORS_ALL. With this change your script test.sh is working but I believe that in the documentation this change should be specified and the script changed accordingly so that the user does not have to modify anything.

Thanks for the support and please notify me when the script test.sh and the documentation are changed.

aetxeberriasqs commented 3 years ago

By the way, this is the output when I run the modified script test.sh :

image

With the test.sh you provided in this issue, this is the answer after changing the audience, as you can see, the output is more complete. This should be the final test.sh script available.

sqs@Virtual-Ubuntu-20:~/ALEX_DAPS_2/omejdn-daps$ sudo scripts/test.sh daps Found client 90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81:keyid:90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81 eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiI5MDo2QzowRDpGQzo1NzpDODpCNzo3Mzo4ODpDQTo2ODpCMDo4QTowNjpCMzo2QzoyNTo5MTo2OTo4MTprZXlpZDo5MDo2QzowRDpGQzo1NzpDODpCNzo3Mzo4ODpDQTo2ODpCMDo4QTowNjpCMzo2QzoyNTo5MTo2OTo4MSIsInN1YiI6IjkwOjZDOjBEOkZDOjU3OkM4OkI3OjczOjg4OkNBOjY4OkIwOjhBOjA2OkIzOjZDOjI1OjkxOjY5OjgxOmtleWlkOjkwOjZDOjBEOkZDOjU3OkM4OkI3OjczOjg4OkNBOjY4OkIwOjhBOjA2OkIzOjZDOjI1OjkxOjY5OjgxIiwiZXhwIjoxNjM3MjM2MDMzLCJuYmYiOjE2MzcyMzI0MzMsImlhdCI6MTYzNzIzMjQzMywiYXVkIjoiaWRzYzpJRFNfQ09OTkVDVE9SU19BTEwifQ.hlNXihCvZaeQ0xSQFeg6-AKBFROHKy1Q2hEO498rqAsTZiOdG1VFwSbWAE0lisum8hrpibcWfxlUEa4E6Dobo1kkuC-nZcLbhHomlgHJ1MShcVNw6iFI5ir-HWaIkoPRuBCLT1c8GawguMcgVVS-lnLT4D5LOHIeIlRR-8QDumjl1-S3SlPKrXGA7UraL5ta7ocmAz7sKlJEANm4ntKalvq4Mnb-xl9bLC8Xg9_UEUw0RnMHXRRD6M66h5Bg9Qiu8LEpzpIYqThMaKJj5wtssRjQKqN2ObPMe2wLwEMpZCM12Jew87LvInPA72UnBdV-FkCteBfasgzOfetuEypR8A {"access_token":"eyJ0eXAiOiJhdCtqd3QiLCJraWQiOiJkZWZhdWx0IiwiYWxnIjoiUlMyNTYifQ.eyJzY29wZSI6Imlkc2M6SURTX0NPTk5FQ1RPUl9BVFRSSUJVVEVTX0FMTCIsImF1ZCI6WyJpZHNjOklEU19DT05ORUNUT1JTX0FMTCJdLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0NDU2NyIsIm5iZiI6MTYzNzIzMjQzMywiaWF0IjoxNjM3MjMyNDMzLCJqdGkiOiJNVFV5TURNMU9UZ3dPREk1TWpBeU1URXhNekE9IiwiZXhwIjoxNjM3MjM2MDMzLCJjbGllbnRfaWQiOiI5MDo2QzowRDpGQzo1NzpDODpCNzo3Mzo4ODpDQTo2ODpCMDo4QTowNjpCMzo2QzoyNTo5MTo2OTo4MTprZXlpZDo5MDo2QzowRDpGQzo1NzpDODpCNzo3Mzo4ODpDQTo2ODpCMDo4QTowNjpCMzo2QzoyNTo5MTo2OTo4MSIsInNlY3VyaXR5UHJvZmlsZSI6Imlkc2M6QkFTRV9TRUNVUklUWV9QUk9GSUxFIiwicmVmZXJyaW5nQ29ubmVjdG9yIjoiaHR0cDovL2RhcHMuZGVtbyIsIkB0eXBlIjoiaWRzOkRhdFBheWxvYWQiLCJAY29udGV4dCI6Imh0dHBzOi8vdzNpZC5vcmcvaWRzYS9jb250ZXh0cy9jb250ZXh0Lmpzb25sZCIsInRyYW5zcG9ydENlcnRzU2hhMjU2IjoiNDRjMjBkZTljYjAxMWU5MjM5N2ZkOWFkMzM2ZmY2YmFhY2Y3NmM1YmY4YjFkYjhhMmIyMjQzMTcwMTcwZjYyNCIsInN1YiI6IjkwOjZDOjBEOkZDOjU3OkM4OkI3OjczOjg4OkNBOjY4OkIwOjhBOjA2OkIzOjZDOjI1OjkxOjY5OjgxOmtleWlkOjkwOjZDOjBEOkZDOjU3OkM4OkI3OjczOjg4OkNBOjY4OkIwOjhBOjA2OkIzOjZDOjI1OjkxOjY5OjgxIn0.kyYdvkB5iq7Scx5lA8zzAAC8iefLnIiBgWRo8OUv_OELC2wmdtPzbL_SWSfNBJU8USYz4UzhZI1wuh51ju5zDKyU7EouJbzrQTu7wFB2yZAQ2KpBlY2XI8DlOVyZVh9xjqhHwsYhqyNB5H5ChxDFEHYC4YHNZYulGOMwZhx7WYI3YJg18sdqIsGytqJ2nvdayie90drHHv-nJTbEn9rtRjTxDLleYxS76yNSAP6ZXO5Im_3z7nSXjyjOzJIkNCmyn5MRDN8Nbm-bZu0b91BfJb9LiBsdCdDWylPnWP_I7gxrBchvy7yCEHp-X2FgI-Ut-Cf-OL3lLibdS4AHLex0vA","expires_in":3600,"token_type":"bearer","scope":"idsc:IDS_CONNECTOR_ATTRIBUTES_ALL"} eyJ0eXAiOiJhdCtqd3QiLCJraWQiOiJkZWZhdWx0IiwiYWxnIjoiUlMyNTYifQ.eyJzY29wZSI6Imlkc2M6SURTX0NPTk5FQ1RPUl9BVFRSSUJVVEVTX0FMTCIsImF1ZCI6WyJpZHNjOklEU19DT05ORUNUT1JTX0FMTCJdLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0NDU2NyIsIm5iZiI6MTYzNzIzMjQzMywiaWF0IjoxNjM3MjMyNDMzLCJqdGkiOiJNVFV5TURNMU9UZ3dPREk1TWpBeU1URXhNekE9IiwiZXhwIjoxNjM3MjM2MDMzLCJjbGllbnRfaWQiOiI5MDo2QzowRDpGQzo1NzpDODpCNzo3Mzo4ODpDQTo2ODpCMDo4QTowNjpCMzo2QzoyNTo5MTo2OTo4MTprZXlpZDo5MDo2QzowRDpGQzo1NzpDODpCNzo3Mzo4ODpDQTo2ODpCMDo4QTowNjpCMzo2QzoyNTo5MTo2OTo4MSIsInNlY3VyaXR5UHJvZmlsZSI6Imlkc2M6QkFTRV9TRUNVUklUWV9QUk9GSUxFIiwicmVmZXJyaW5nQ29ubmVjdG9yIjoiaHR0cDovL2RhcHMuZGVtbyIsIkB0eXBlIjoiaWRzOkRhdFBheWxvYWQiLCJAY29udGV4dCI6Imh0dHBzOi8vdzNpZC5vcmcvaWRzYS9jb250ZXh0cy9jb250ZXh0Lmpzb25sZCIsInRyYW5zcG9ydENlcnRzU2hhMjU2IjoiNDRjMjBkZTljYjAxMWU5MjM5N2ZkOWFkMzM2ZmY2YmFhY2Y3NmM1YmY4YjFkYjhhMmIyMjQzMTcwMTcwZjYyNCIsInN1YiI6IjkwOjZDOjBEOkZDOjU3OkM4OkI3OjczOjg4OkNBOjY4OkIwOjhBOjA2OkIzOjZDOjI1OjkxOjY5OjgxOmtleWlkOjkwOjZDOjBEOkZDOjU3OkM4OkI3OjczOjg4OkNBOjY4OkIwOjhBOjA2OkIzOjZDOjI1OjkxOjY5OjgxIn0.kyYdvkB5iq7Scx5lA8zzAAC8iefLnIiBgWRo8OUv_OELC2wmdtPzbL_SWSfNBJU8USYz4UzhZI1wuh51ju5zDKyU7EouJbzrQTu7wFB2yZAQ2KpBlY2XI8DlOVyZVh9xjqhHwsYhqyNB5H5ChxDFEHYC4YHNZYulGOMwZhx7WYI3YJg18sdqIsGytqJ2nvdayie90drHHv-nJTbEn9rtRjTxDLleYxS76yNSAP6ZXO5Im_3z7nSXjyjOzJIkNCmyn5MRDN8Nbm-bZu0b91BfJb9LiBsdCdDWylPnWP_I7gxrBchvy7yCEHp-X2FgI-Ut-Cf-OL3lLibdS4AHLex0vA Here is the DAT Header: { "typ": "at+jwt", "kid": "default", "alg": "RS256" } Here is the DAT Body: { "scope": "idsc:IDS_CONNECTOR_ATTRIBUTES_ALL", "aud": [ "idsc:IDS_CONNECTORS_ALL" ], "iss": "http://localhost4567", "nbf": 1637232433, "iat": 1637232433, "jti": "MTUyMDM1OTgwODI5MjAyMTExMzA=", "exp": 1637236033, "client_id": "90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81:keyid:90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81", "securityProfile": "idsc:BASE_SECURITY_PROFILE", "referringConnector": "http://daps.demo", "@type": "ids:DatPayload", "@context": "https://w3id.org/idsa/contexts/context.jsonld", "transportCertsSha256": "44c20de9cb011e92397fd9ad336ff6baacf76c5bf8b1db8a2b2243170170f624", "sub": "90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81:keyid:90:6C:0D:FC:57:C8:B7:73:88:CA:68:B0:8A:06:B3:6C:25:91:69:81" }

bellebaum commented 3 years ago

Yes, this was indeed a bug. Thank you. As the problem seems to be resolved I will close this issue after I have pushed the changes

bellebaum commented 3 years ago

Done