This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Help with ParticipantID based policies #1078
Comments
|
Hi, this is typically the case, when not the correct participant-id is used in the policies so the other connector can not see the offer (e.g. access policy in this example) or when the DAPS is not configured correctly (claim value). In short: |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Hi,
I've setup two productive sovity EDC CE and Ketycloak-DAPS. After creating client-ids and the keystores required in Keycloak I'm deploying the 2 connectors using these and everything seems to work fine. Connectors are requesting tokens from DAPS, can retrieve any assets with "accept-all" policies from each other and consume them.
However, I'm trying now trying to create an asset in "connector1" (id used as participant id and client id in Keycloak) with a policy restricted to only be consumed by "connector2", i.e., participant-id = connector2 (id used as participant id and client id in Keycloak). However, when doing this the asset does not appear on connector2's side when requesting connector1's catalogue.
If instead I create an asset with an "always true" access policy and a "only connector2" contract policy, the asset appears on connector2's side but the negotiation fails with a "Contract offer is not valid: Policy only_connector2 not fulfilled" error.
Am I missing something here? Any help on the matter, also in terms of ways to debug this would help.
Versions I've tried are:
EDC_IMAGE=ghcr.io/sovity/edc-ce:10.0.0
EDC_UI_IMAGE=ghcr.io/sovity/edc-ui:4.1.0
and
EDC_IMAGE=ghcr.io/sovity/edc-ce:10.4.2
EDC_UI_IMAGE=ghcr.io/sovity/edc-ui:4.1.63
Many thanks in advance.
The text was updated successfully, but these errors were encountered: