-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DAPS token generation #16
Conversation
@gboege if you could please test this on your side too as documented in the README. You first try taming the beast in your local Minikube cluster using the provided spoof DAPS server. Then you can try reconfiguring the adapter to make it hook up with Fraunhofer's DAPS at |
@gboege just following up on our chat the other day. I implemented the two changes you requested and pushed them to the Server headerThe header the adapter outputs that will be added to the headers returned to the client is now called Response message UUIDThe
|
This PR implements #3 and #7, providing a configurable mechanism to request identity tokens from a DAPS server and using them to generate the context broker response header.
Functionality overview
When an external request for Orion hits the Istio mesh gateway, it gets routed to our adapter where we check there's a valid IDS header (see PR about client token validation) and then, if valid, we go on to requesting an ID token from the configured DAPS server. With that ID token in hand, we generate an IDS response header (
fiware-ids-server-token
) holding the ID.The adapter sets up mTLS with DAPS. Hostname, certificates, etc. can be configured in Istio---for an example look at the
daps
block indeployment/sample_operator_cfg.yaml
. Also through Istio config, you can control the format of the IDS JSON object holding the DAPS ID token---again, have a look at the above YAML file. This comes in handy to change e.g. connector ID, model version, etc.