ID-Authentication
This repository contains the source code and design documents for MOSIP ID-Authentication module. ID-Authentication module enables a Partner to authenticate an individual. To know more about MOSIP, its architecture, external integrations, releases, etc..., please check the Platform Documentation
Dependencies
ID-Authentication services' dependencies are mentioned below. For all Kernel services refer to commons repo
-
Common dependencies for all IDA services:
- kernel-auditmanager-service
- kernel-authmanager-service
- kernel-config-server
- id-repository-identity-service
- id-repository-vid-service
-
authentication-service
- kernel-otpmanager-service - For OTP validation
- kernel-smsnotification-service
- kernel-emailnotification-service
- kernel-masterdata-service
-
authentication-internal-service
- kernel-otpmanager-service - For OTP validation
- kernel-masterdata-service
-
authentication-otp-service
- kernel-otpmanager-service - Transient Dependency invoked using kernel-authmanager-service's sendOTP service
-
authentication-kyc-service
- kernel-otpmanager-service - For OTP validation
- kernel-masterdata-service
-
Other Dependencies:
- Bio-SDK used by IDA for Biometric Authentication
- Soft HSM
-
Transient Dependencies
- kernel-otpmanager-service - Transient Dependency invoked by kernel-authmanager-service's sendOTP service
- kernel-smsnotification - Transient Dependency invoked by kernel-otpmanager-service
- kernel-emailnotification-service - Transient Dependency invoked by kernel-otpmanager-service
-
Other Transient Dependencies
- HDFS - used by ID-Repository
- Keycloak/LDAP - Used by kernel-authmanager-service
- SMTP/SMSE - for email/sms notification by kernel-emailnitification-service and kernel-smsnotification-service
Build
The following commands should be run in the parent project to build all the modules - mvn clean install
The above command can be used to build individual modules when run in their respective folders
Deploy
Pre-requesites to run ID-Authentication services in an environment setup
Following two pre-requisites things needs to be run only once when setting up an environment. It is not required to run them whenever any ID-Authentication service is re-deployed in the same environment.
- ID-Authentication Keys Generator:
This is used to generate the encryption/decrption keys used in ID-Authentication services and populate them to the tables in ID-Authentication database. Below is the command to run the ID-Authentication Keys Generator
docker run -it -e artifactory_url_env=<artifactory-url> -e PKCS11_PROXY_SOCKET=<softhsm-url> -e spring_config_label_env=<config-label> -e active_profile_env=<profile> -e spring_config_url_env=<config-url> <docker-registry-IP:docker-registry-port>/authentication-keys-generator:<image_tag>
For example,
docker run -it -e artifactory_url_env="http://artifcatory-url:8040" -e PKCS11_PROXY_SOCKET="tcp://softhsm-server:5666" -e spring_config_label_env="master" -e active_profile_env="dev" -e spring_config_url_env="http://config-server/config" mosipdev/authentication-keys-generator:1.0.9
- ID-Authentication Salt Generator:
This is used to generate the salts used in ID-Authentication services and populate them to the tables in ID-Authentication database. Below is the command to run the ID-Authentication Salt Generator.
docker run -it -e active_profile_env=<profile> -e spring_config_label_env=<config-label> -e spring_config_url_env=<config-url> -e spring_config_name_env=id-authentication -e table_name=<property_defining_the_table_name> <docker-registry-IP:docker-registry-port>/kernel-salt-generator:<image_tag>
Salts for ID-Authentication need to be populated in two tables- uin_hash_salt and uin_encrypt_salt, as below:
i. Sample command to populate salt in uin_hash_salt Table:
docker run -it -e active_profile_env=dev -e spring_config_label_env=master -e spring_config_url_env=http://config-server/config -e spring_config_name_env=id-authentication -e table_name=javax.persistence.jdbc.uinHashTable mosipdev/kernel-salt-generator:1.0.9
ii. Sample command to populate salt in uin_encrypt_salt Table:
docker run -it -e active_profile_env=dev -e spring_config_label_env=master -e spring_config_url_env=http://104.211.212.28:51000 -e spring_config_name_env=id-authentication -e table_name=javax.persistence.jdbc.uinEncryptTable mosipdev/kernel-salt-generator:1.0.9
Running ID-Authentication services
- The following command should be executed to run any service locally in specific profile and local configurations
java -Dspring.profiles.active=<profile> -jar <jar-name>.jar
- The following command should be executed to run any service locally in specific profile and
remote
configurations
java -Dspring.profiles.active=<profile> -Dspring.cloud.config.uri=<config-url> -Dspring.cloud.config.label=<config-label> -jar <jar-name>.jar
- The following command should be executed to run a docker image
docker run --rm -d -p <host-port>:<container-port> -e active_profile_env={profile} -e spring_config_label_env={branch} -e spring_config_url_env={config_server_url} <docker-registry-IP:docker-registry-port>/<dcker-image>
For example,
- Command run authentication-service
docker run --rm -d -p 8090:8090 -v /softhsm:/softhsm/var/lib/softhsm/ -e spring_config_label_env=master -e active_profile_env=dev -e spring_config_url_env=http://config-server/config mosipdev/authentication-service:latest
- Command run authentication-internal-service
docker run --rm -d -p 8093:8093 -v /softhsm:/softhsm/var/lib/softhsm/ -e spring_config_label_env=master -e active_profile_env=dev -e spring_config_url_env=http://config-server/config mosipdev/authentication-internal-service:latest
- Command run authentication-kyc-service
docker run --rm -d -p 8091:8091 -v /softhsm:/softhsm/var/lib/softhsm/ -e spring_config_label_env=master -e active_profile_env=dev -e spring_config_url_env=http://config-server/config mosipdev/authentication-otp-service:latest
- Command run authentication-otp-service
docker run --rm -d -p 8092:8092 -v /softhsm:/softhsm/var/lib/softhsm/ -e spring_config_label_env=master -e active_profile_env=dev -e spring_config_url_env=http://config-server/config mosipdev/authentication-otp-service:latest
Configurations
All the configurations used by the codebase in mosip-platform
is present in mosip-config repository.
Functional Test-cases
Functional tests run against the codebase in mosip-platform
is present in mosip-functional-tests repository.
Documentation
Relevant documents to get started with MOSIP can be found in mosip-docs repository. In order to get started, please refer to the Getting-Started guide.
Infra
Automated scripts to build and deploy MOSIP modules are present in mosip-infra repository.
Contribute
You can contribute to MOSIP!
We want to engage constructively with the community. If you find a vulnerability or issue, please file a bug with the respective repository. We welcome pull requests with fixes too. Please see the Contributor Guide on how to file bugs, contribute code, and more.
License
This project is licensed under the terms of Mozilla Public License 2.0
Communication
Join the developer mailing list
You may also be interested in joining our community room on Gitter via where you could get some great community support