Skip to content

catenax-ng/tx-daps-registration-service

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

480 Commits
.github/workflows
.github/workflows
 
 
.mvn/wrapper
.mvn/wrapper
 
 
charts
charts
 
 
docs
docs
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.tractusx
.tractusx
 
 
AUTHORS.md
AUTHORS.md
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
DEPENDENCIES
DEPENDENCIES
 
 
Dockerfile
Dockerfile
 
 
INSTALL.md
INSTALL.md
 
 
LICENSE
LICENSE
 
 
NOTICE.md
NOTICE.md
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Catena-X DAPS Registration Service

DAPS Registration Service is a security mediator sitting between DAPS service and an admin user responsible for registering new clients (EDCs) to the DAPS. The admin user is protected with keycloak bearer token and shall have appropriate role to create records at DAPS side. Therefore, the secrets for admin interface of the DAPS are not disclosed to the requester.

Software Version

Helm version is v2.1.0
Application version is v2.1.0

Solution Strategy

For user authentication, Connector Registration Service relies on the Catena-X identity provider (keycloak). Connector Registration Service has access to a secret which allows using the remote administration plugin of the DAPS.

Process Flow

  1. An admin user holding a bearer token with appropriate privileges calls REST interface of the service providing necessary information for registering new client (e.g. the client certificate)
  2. The Service converts the request to the format acceptable by DAPS admin plugin and sends registration calls to that plugin. DAPS plugin secret is used for authentication. This secret is not disclosed to the caller.

REST Interface

Here is definition of the interface in Java:

    public void createClient(@RequestParam String clientName, @RequestParam(required = false) String securityProfile,
                             @RequestParam(required = false) String referringConnector, @RequestPart("file") MultipartFile file);

Two parameters are mandatory:

  • clientName: name of client
  • file: Connector's certificate (public part)

Other parameters are optional:

  • securityProfile: security profile. Default Value is idsc:BASE_SECURITY_PROFILE
  • referringConnector: url of the Connector. By convention, we add BPN number at the end of the URL to keep reference to the BPN inside of DAT token

Example:

POST api/v1/daps?clientName=MyCompany HTTP/1.1
Content-Type: multipart/form-data; boundary=---------------------------9051914041544843365972754266
-----------------------------9051914041544843365972754266
Content-Disposition: form-data; name="file"; filename="certificate.crt"
Content-Type: text/plain

CONTENT OF A CERTIFICATE
-----------------------------9051914041544843365972754266

Configuration

The configuration property file is located under resources folder and is incorporated into the fat jar during build process. It can be customized before building if needed. Or,the another one can be used as its location can be overridden:

java -jar dapsreg-0.0.1-SNAPSHOT.jar --spring.config.location=file:./custom-config/

Here application.yaml will be searched in custom-config dir.

DAPS Registration service Property file

An example of application.yaml for Daps registration service is given bellow:

keycloak:
  auth-server-url: https://centralidp.demo.catena-x.net/auth
  realm: CX-Central
  resource: Cl2-CX-Portal
  bearer-only: true
  use-resource-role-mappings: true
  principal-attribute: preferred_username
app:
  build:
    version: ^project.version^
  daps:
    apiUri: https://daps-pen.int.demo.catena-x.net/api/v1
    tokenUri: https://daps-pen.int.demo.catena-x.net/token
    clientId: <ClientId>
    clientSecret: <ClientSecret>
  security:
    createRole: create_daps_client
    updateRole: update_daps_client
    deleteRole: delete_daps_client

Here keycloak section defines keycloak's parameters for authentication client requests.

app.daps.apiUri specifies URI of the API for the Admin pluging of the omejdn DAPS service. This API DAPS registration service uses for registering clients on DAPS side.

app.daps.tokenUri is an endpoint used to fetch authorization token. This token is used for calling omejdn admin API plugin.

app.daps.clientId is the client ID of the admin account registerd at DAPS

app.daps.clientSecret is client secret of the admin account

app.security - sets the roles a user must hold for creating, updating and removing clients at DAPS side.

Building

Daps registration service use Maven for building process. To build a service from sources one need to go to the project directory and trigger building process:

cd tx-daps-registration-service
./mvnw clean install

Please note, the test process uses Docker for performing the tests. An image with Omejdn DAPS server is expected to exist. The name of the image shall be provided in the app.daps.imageName section of the test configuration file (application-test.yml) located at test/resources directory.

Then fat jar file can be found in target folder as well as in local Maven repository. it can be run with this command:

java -jar target/dapsreg-2.0.0.jar

Please note the name of jar-file as it may differ if version is changed.

Installation Steps

INSTALL.md

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 13

daps-reg-service-2.1.0 Latest
Jun 29, 2023
+ 12 releases

Packages

 
 
 

Languages

  • Java 95.0%
  • Smarty 3.5%
  • Dockerfile 1.5%