Open pacog1994 opened 1 month ago
I have figured out how to DEBUG the authorization process flow. Based off the debug stack trace it looks like my issue is that I can't successfully authenticate as a specific user in my KeyCloak instances via the OTDFCTL tool. Maybe this issue can be solved with #170.
Debug Log:
When I attempt to decrypt a TDF with a FQDN "https://example.com/attr/attr1/value/value1" using the otdfctl tool and authenticated as a Keycloak User with the KV pair: { Attr1: Value1 } I get the following error:
Platform Output Log For Otdfctl Decrypt:
What I Expected: Given a Keycloak user with the same keys and values of TDF's FQDN, the user should be able to decrypt it.
Environment:
./service start
./service provision keycloak-from-config
to provision default user sampleuserSteps to Reproduce:
echo "Hello World" > test.txt
and./otdfctl encrypt test.txt -o testWithAttribute.txt.tdf -a "https://example.com/attr/attr1/value/value1"
./otdfctl decrypt testWithAttribute.txt.tdf
My Theory: I tried editing the entitlement.rego file with no success. I think I have to get the right rego conditions to get this working but I don't know how to DEBUG the rego policy. I don't actually know what is in the ers_request and I don't think I need to use the otdfdb subject_mappings for such a simple comparison.
I would just like to compare SampleUser attribute to the attribute attached to the TDF file.
If I could get help with this that would be amazing, also please let me know if there is additional information I can provide.
Thanks.