Help with ParticipantID based policies

[panosprotopapas]

Hi,

I've setup two productive sovity EDC CE and Ketycloak-DAPS. After creating client-ids and the keystores required in Keycloak I'm deploying the 2 connectors using these and everything seems to work fine. Connectors are requesting tokens from DAPS, can retrieve any assets with "accept-all" policies from each other and consume them.

However, I'm trying now trying to create an asset in "connector1" (id used as participant id and client id in Keycloak) with a policy restricted to only be consumed by "connector2", i.e., participant-id = connector2 (id used as participant id and client id in Keycloak). However, when doing this the asset does not appear on connector2's side when requesting connector1's catalogue.

If instead I create an asset with an "always true" access policy and a "only connector2" contract policy, the asset appears on connector2's side but the negotiation fails with a "Contract offer is not valid: Policy only_connector2 not fulfilled" error.

Am I missing something here? Any help on the matter, also in terms of ways to debug this would help.

Versions I've tried are:

EDC_IMAGE=ghcr.io/sovity/edc-ce:10.0.0
EDC_UI_IMAGE=ghcr.io/sovity/edc-ui:4.1.0

and

EDC_IMAGE=ghcr.io/sovity/edc-ce:10.4.2
EDC_UI_IMAGE=ghcr.io/sovity/edc-ui:4.1.63

Many thanks in advance.

[tmberthold]

Hi, this is typically the case, when not the correct participant-id is used in the policies so the other connector can not see the offer (e.g. access policy in this example) or when the DAPS is not configured correctly (claim value).

In short:

The configured value of MY_EDC_PARTICIPANT_ID will now be validated via the DAPS:
The configured value of MY_EDC_PARTICIPANT_ID must coincide with the claim value referringConnector as configured for this Connector in the DAPS.

[tmberthold]

So in short at first glance it look like something is wrong in the following chain:
DAPS config referringConnector -> MY_EDC_PARTICIPANT_ID in Connector setup -> participant id in policy

[panosprotopapas]

Hello again. Many thanks for the quick reply, this did solve the issue for me. Closing the discussion.

[tmberthold]

Hello and thank you for the feedback and great that it has been resolved. I'll just reopen the discussion so we have the discussion on the front page of the discussion in the repo so others can find and see it easily when going through the list of discussions.