MOSIP 1.1.3 succeeds 1.1.2 with enhancements and important defect fixes which were identified in Release 1.1.2.
Release Date: December 14, 2020
Key Highlights
Includes functional requirements, process flows, architecture and high level design.
All APIs are documented here.
Low level design documents for each module are available in the respective github repos.
Code needs to be deployed as per the procedure depicted in Sandbox Installer.
Basic integration testing was done covering the below modules.
The top issues identified in MOSIP 1.1.3 are listed below.
To see all open defects, see https://mosip.atlassian.net/issues/?filter=10709
Title | Description |
---|---|
Areas | Technology Used |
---|---|
Title | Description |
---|---|
Test Execution | Test Cases | Executed Tests | Pass | Fail | Pending Execution | Pass% | Fail% |
---|---|---|---|---|---|---|---|
Bug ID | Summary | Module |
---|---|---|
Acronyms | Full Form |
---|---|
Functional Testing
Pre-registration (Dynamic UI & APIs)
Registration Client (Dynamic UI, functionality and upgrade)
Kernel (APIs)
Registration Processor (All flows have been covered)
ID Authentication (APIs)
Partner Management (APIs)
ID Repository (APIs)
Resident Services (APIs)
Admin (UI & APIs)
Configuration Testing
Testing was done for default configuration (two languages) and single language with changed ui specification for pre-registration and registration client (Further more we have changed the seed data to single language).
Version Tested
v1.1.3
Types of testing
Smoke
Functional
Integration
Regression
Security
Browser
Pre-Registration and Admin UI (Tested with the latest version of Chrome browser)
OS Support
Registration Client on Windows 10, MOSIP server components run as micro-services encapsulated as docker images
Deployment Script Environment
CentOS on AWS
Registration Client with TPM 2.0
Windows 10
Biometrics Standard
CBEFF format (Version - 2.0)
MDS
MDS v0.9.5
ABIS
ABIS Spec Version v0.9
SDK
SDK Spec Version v0.9
Key-store
HSM
Anti-virus
ClamAV
Maps
OpenstreetMap
Transliteration
ICU4J (Library with French, Arabic languages)
Non-Functional Testing
Performance Testing
Reliability and Disaster recovery Testing
HSM
Testing was done using SoftHSM
Browser Support
Testing for Pre-registration and Admin UI was done using Chrome (latest version)
Pre-registration
111
107
103
4
4
96%
4%
Resident Services
47
37
34
3
10
92%
8%
Admin Services
165
160
153
7
5
96%
4%
Authentication
47
44
39
5
3
89%
11%
Partner Management
71
61
61
0
10
100%
0%
Registration
100
96
94
2
4
98%
2%
Integration Scenarios
27
20
17
3
7
85%
15%
Total
568
522
501
21
46
96%
4%
Wrong location data getting populated for demographic details in Reg-Client
Registration Client
Document upload page showing the Documents Categories even though they are inactive
Registration Client
In Update-UIN flow, if the Name fields are not filled and continued then "Mandatory Fields should be highlighted"
Registration Client
Incorrect error message while onboarding for "expired token"
Registration Client
UIN Update process should not make the DOB as mandatory field
Registration Client
Incorrect error message thrown for "Onboarding process" when RID is not assigned to user
Registration Client
DoB is not handled like the age for displaying Parent/Guardian details in an adult packet
Registration Client
Registration client Preview and acknowledgement pages have issues due to templates
Registration Client
In registration client packet upload page, packets uploaded from admin portal are not getting cleared leading to confusion
Registration Client
Sometimes images are displayed in inappropriate areas leading to restart of the registration client
Registration Client
Notification not working when a packet is reprocessed
Registration Processor
Double entries in Audit log for registration
Registration Client
Unable to upload more than 200 packets
Admin Services
Unable to create machine from admin console
Admin Services
While performing Bulk Upload for a table using Admin master Bulk Upload history table associated with it should also be updated
Admin Services
Unable to upload data in History tables via bulk Upload
Admin Services
Unable to upload the data using bulk upload from zoneUserHistory table
Admin Services
Incorrect role displayed in Admin UI when logged in as admin
Admin Services
API for Machine Master Create/Update doesn't handle the TPM Key updates
Admin Services
The centerType should not be removed from the already created center if it is deactivated
Admin Services
Unable to Activate or Deactivate the Holiday Master Data
Admin Services
The transaction is logged when only the table is selected with no csv and operation mentioned
Admin Services
Lunch Start time and Lunch End time is not visible in UI
Admin Services
Websub Subscription fails with error for one or more topics when 4 topics are subscribed in a row.
Commons
Updated keys are not present (updated keys) in the Key_Store table in derby DB
Commons
Able to do OTP authentication with a different partner
Authentication
Able to insert values as string in id repo when they are defined as simpleType in the ID schema
Authentication
Changes in IDA templates are not reflected until service restart
Authentication
Change in policy/partner is not notified to IDA
Partner Management
Booking are getting created for Non-working days but not Working days
Pre-registration
SEND OTP remains disabled even after entering Captcha if Captcha is enabled
Pre-registration
No email is received after booking appointment
Pre-registration
The preregistartion.identity.name property should be present under UI
Pre-registration
The Age field is populated as NaN when navigated using keyboard
Pre-registration
MOSIP
Modular Open Source Identity Platform
ABIS
Automated Biometric Identification System
API
Application Programming Interface
ID
Identity
IDA
Identity Authentication
NFR
Non-Functional Requirements
OTP
One Time Password
SDK
Software Development Kit
JWT
Java Web Token
K8
Kubernetes
UIN
Unique Identification Number
VID
Virtual ID
CBEFF
Common Biometric Exchange Formats Framework
CORS
Cross Origin Resource Sharing
HSM
Hardware Security Module
TPM
Trusted Platform Module
SDK
Software Development Kit
MDS
MOSIP Device Service
ICU4J
International Components for Unicode for Java
WIP
Work In Progress
TBD
To Be Determined/Done
MDS
MOSIP Device Specification
This document contains the features that were developed or enhanced as part of MOSIP 1.1.3 release.
Key Manager is now enhanced with the below features,
Key Manager now supports encryption and decryption of registration packets using the thumb-print.
JWT Sign and JWT Verify APIs have been introduced to support full JWT signature validation with proper header and additional parameters.
An API has been added to validate certificate trust path for a certificate and partner domain.
We have removed the get public key API, which was used to fetch the public key. We recommend to use our get certificate API to fetch MOSIP’s public certificate.
Data Share is now enhanced with the below features,
The expiry for the data share URL has been added. The data share URL will not be accessible if the expiry time for the URL has exceeded.
As the data share policy structure has been changes in partner management, subsequent changes have been incorporated in data share.
Mandatory field labels in Pre-registration UI are now dynamically appended with a red asterisk symbol (*).
Direct call to internal authentication API during operator on-boarding has been removed from registration client. This call is now being routed via. Registration Processor.
Issue with Biometric Stream API (for 0.9.2 MDS) has been fixed - Hence, Registration Client is compatible with MDS 0.9.2 and 0.9.5 specifications.
User Salt sync has been removed from Registration Client syncs. Now, the salt is being generated on the fly in Registration Client, its not being fetched from the server.
The client settings (master data) and configurations are now encrypted using the TPM public certificate of the Registration Client and synced.
Registration Client UI Specification is enhanced with the below features,
Support for alignment has been added
Support for multiple location hierarchy in case of present and permanent address has been added
APIs have been created in Registration Processor, to delegate the internal authentication request and fetch encryption certificate calls from Registration Client to IDA.
Print Service has been deprecated from Registration Processor. A new project has been created for Print Service.
Print Stage in Registration Processor now calls the credential request generator to send print requests via. web sub.
In our earlier releases all the data captured during registration was sent to ABIS systems, but now, we are reading the policy and sending specific biometrics to the ABIS Partners. This has been bought in after the changes in our data share policy changes in partner management.
Source and Process details are now added in the registration processor ID mapper, so that the Registration Processor stages can make a call to the packet manager based on the values mentioned in the ID mapper.
As part of the credential issuance, we are now sending an additional information to the partner stating which attributes are encrypted and which are not.
The credentials sent to the new print service will now be encrypted using print partner’s encryption certificate.
During e-UIN card request, if the user makes a request using a particular VID then the same VID would be sent to the Print Partner.
As part of credential issuance, MOSIP credential service will share data with partners (IDA Instances or Print Partners) on web sub as per our standard schema. A sample schema would be published so that the partners can easily integrate with MOSIP.
The entire credential details shared to partners in the web sub response will be encrypted using the partner encryption certificate.
As the data share policy structure has been changes in partner management, subsequent changes have been incorporated in credential issuance.
Data fetched from Partner management (partner and policy details) and stored in IDA using Spring Cache.
All the IDA APIs are modified to remove ID Type from them. We would be using the ID value to identify if the input id is a VID or UIN.
Notification templates and titles were earlier part of IDA configurations. Now they are fetched from master data and stored in IDA using spring cache.
APIs have been created to add or retrieve biometric extractor details based on policy.
The policies (authentication and data share policies) are now generated as per our new policy schema.
As the IDA APIs are now modified to remove ID Type from them, the APIs in Resident Services are also modified to remove ID Type from them.
For features such as request for e-UIN card and QR code the new print service implementation is now being called via credential issuance web sub to generate the e-UIN card and QR code (verifiable credentials).
Key Management UI has been added in Administration Portal.
A new implementation has been created to receive requests to generate e-UIN card or QR codes using input received from Credential Issuance via. Web Sub.
This document contains the bugs that were fixed as part of MOSIP 1.1.3 release.
Bug ID | Summary | Module |
---|
Password and Iris login screen overlay if auth token expires, and unbale to do password login to get fresh auth token | Registration Client |
Sync request Decryption Failure in Packet Validator Stage | Registration Processor |
Packet is getting failed at OSI (ida internal service time out error a OSI stage) | Registration Processor |
"Internal System Error" while trying to log in to the reg-client | Registration Client |
Packets are failing at validator stage(Unknownexception occured RPR-RCT-001 --> Unknown resource provided; nested exception is org.springframework.web.client.HttpServerErrorException: 500 ) | Registration Processor |
Packet approved using bio auth is failing at OSI stage | Registration Processor |
Acknowledgement page has alignment issues for the bio data | Registration Client |
Unable to add Userdetails from Admin console via BulkUpload data | Admin Services |
The email notification is not coming under pre-reg application | Pre-registration |
Unable to login to reg-client in offline mode. | Registration Client |
Getting technical error while uploading the Data | Admin Services |
1.1.3-On-boarding authentication is not working in Registration Client | Registration Client |
Unable to upload the machinemaster Bulk data as getting error | Admin Services |
Notification is not working and throwing exception under Regproc | Registration Processor |
Update packet is failing under VALIDATE_PACKET stage | Registration Processor |
User should have option to upload multiple packets | Admin Services |
1.1.3- A packet is getting failed at OSI stage stating that Unable to access API resourceRPR-RCT-001 --> Unknown resource provided; nested exception is org.springframework.web.client.HttpServerErrorException: 500 | Registration Processor |
Temporary VID gets consumed after OTP request | IDA / ID Repository |
Device Type column doesnot have value as API is not returning value | Admin Services |
center-id is not displayed in reg client | Registration Client |
Unable to Bulk upload the data for reg center | Admin Services |
Unable to book appointment as getting technical error on slot selection page | Pre-registration |
Unable to fetch packet status using the Admin | Admin Services |
Bio update packet is getting failed stating that UIN Updation failed - Invalid Input Parameter - documents - individualBiometrics | IDA / ID Repository |
EKYC encryption is not happening with the partner's key | IDA / ID Repository |
Reg-Client getting hanged when consent proof is selected for scan in Document upload page | Registration Client |
Photo not returned in eKYC response | IDA / ID Repository |
Unable to do auth/kyc after disabling cache | IDA / ID Repository |
Getting error "RES-SER-009" while trying to lock the Auth using Perpetual VID | Resident Services |
Unable to test update and child packet flow-Unable to access API resourceRPR-RCT-001 --> RPR-RCT-001; nested exception is org.springframework.web.client.HttpClientErrorException: 404 | Registration Processor |
Sync failure, refresh token API is failing | Registration Client |
Unable to do eKYC | IDA / ID Repository |
Unable to do biometric auth | IDA / ID Repository |
1.1.3:: Two instances of Reg Client are running, one is reg-client and another one is the launcher. | Registration Client |
Getting error RES-SER-020 while updating the resident demographic details from resident service | Resident Services |
While updating the Holiday the location field is coming as "undefined" | Admin Services |
Unable to deactivate/ Activate the machine while edit Machine page | Admin Services |
1.2 Reg Client with Mock MDS:: Biometric login, packet auth, and EOD auth are not working for the thumb. | Registration Client |
1.2 Reg Client with Mock MDS:: Biometric login, packet auth, and EOD auth are not working for Right Hand Fingerprint. | Registration Client |
Unable to do KYC auth with demographic Details , however Demo_Auth is working | IDA / ID Repository |
1.2 Reg Cli with Mock MDS :: Continue button is disabled if low threshold biometrics are captured with Mock MDS | Registration Client |
Packet created in Reg-Client is missing evidence.Json file | Registration Client |
Reg Client1.1.2 with Mock MDS:: Packet with Officer auth says Biometric file validation failed for officer in Reg Proc. | Registration Client |
1.1.2Reg Cli with Mock: only a little finger is captured for officer/supervisor packet auth. | Registration Client |
Child Packet failing in OSI stage with message "Biometric data - Iris did not match" | Registration Processor |
The none text does not appear under document upload page | Pre-registration |
Unable to sentOTP when user is performing send OTP with different transactionID | Resident Services |
The application still present on the Your application page even after discard | Pre-registration |
Admin page reloads if proper role is not provided | Admin Services |
Error during send a notification to resident after packet validation stage. | Registration Processor |
ObjectStore should return boolean instead of throwing exception when exists method is invoked | Commons |
1.1.2(MOCK MDS ): Packets are still displayed in the Pending approval list though EOD auth is successful (it mean EOD auth with a bio is not working as expected). | Registration Client |
Default list of Partners/Policies required | Partner Management |
On loading the Admin Page we get you are not authorized | Admin Services |
Operator is unable to create exception packet | Registration Client |
Actual face was not visible in bio section of acknowledgement screen | Registration Client |
Hide document screen if the entire document section is removed from UI spec. | Registration Client |
WebSub subscrtiption secret should be accepted from property in intent verification annotation | Commons |
Packet Status does not show all the stages under view more section | Admin Services |
Unable to continue to biometric screen after scanning the document ( workaround works) | Registration Client |
On click of logout the popup does not appear properly | Pre-registration |
The document upload page is not rendered properly for Applicant added | Pre-registration |
1.1.2 - Packet is failing at BIOGRAPHIC_VERIFICATION stage stating that Unknown exception occured null. | Registration Processor |
Not receiving failure notifications for OTP auth | IDA / ID Repository |
The id sent in the .csv file is getting save for the tables where unique id is generated when data is sent | Admin Services |
1.1.2 -Unable to Create New/Update Packet when Document Scanner is Enabled. | Registration Client |
1.1.2: Very frequently minio returns object as null ( during search and packet processing ) | Registration Processor |
Admin is picking lang value from configmaps | Admin Services |
The user is not redirected to list view page under center, device and machine | Admin Services |
The demo details filled during registration in Reg-client is not shown on the preview, acknowledgement and approval page. | Registration Client |
Post Holiday should return id field | Admin Services |
[Intermittent] Files are not stored in Object Store | IDA / ID Repository |
The search API is not giving the machineType name under response | Admin Services |
Getting error while trying to Lock and Unlock UIN | Resident Services |
Unable to Filter the location with the fields getting column not supported | Admin Services |
Getting error errorCode": "KER-MSD-311",while trying to search Location data | Admin Services |
Search API for Gender does not support name column as value | Admin Services |
1.2 DEV Real MDS- Face Capture Issue in Reg Client | Registration Client |
Getting error while trying to Download EUIN | Resident Services |
Unable to discard the application | Pre-registration |
Unable to update the Blacklisted word from UI | Admin Services |
We are able to change the status of the device which is in Revoked state to Registered | Admin Services |
Working Non Working Days API is giving incorrect response | Admin Services |
1.1.2: Sync failure as client id/secret key authentication is failed because the secret key is plaintext {Cipher}. | Registration Client |
1.1.2 -In All Env - All the reg proc pods need to be restarted multiple times to bring up reg proc completely (Packet stuck at any stage at any time). | Registration Processor |
Default name is missing in UIN update template when any demo filed is updated excluding name. | Registration Client |
Officer / Supervisor biometric data is not sent in the meta_info.json (Packet is getting failed in the OSI stage). | Registration Client |
Popup is retained though the application is logged out. | Registration Client |
MDS issue during biometric login using fingerprint. | Registration Client |
On every launch Reg Client asks for the update though no update is there. | Registration Client |
Unable to authenticate after a deactivated UIN is activated | IDA / ID Repository |
The inactive Center type is shown in the drop down Registration center type in center creation and Update form | Admin Services |