PMS Configuration Guide

Overview

The following guide outlines some important properties that can be customized for a given installation. Please note that this list is not exhaustive but serves as a checklist for reviewing properties that are likely to differ from the default settings. For a complete list of properties, refer to the files listed below.

Configuration files

Partner Management Services uses the following configuration files:

application-default.properties
partner-management-default.properties

Auth allowed urls

This property is used by kernel-authcodeflowproxy-api to check request is coming from allowed urls not.

auth.allowed.urls=https://${mosip.pmp.host}/

Key manager API calls

These properties are used to specify the keymanager API to upload certificates and get original partner uploaded certificates.

mosip.kernel.sign-url=${mosip.kernel.keymanager.url}/v1/keymanager/jwtSign
pms.cert.service.token.request.clientId=${mosip.pmp.auth.clientId}
pms.cert.service.token.request.issuerUrl=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey
pmp.ca.certificaticate.upload.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/uploadCACertificate
pmp.partner.certificaticate.upload.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/uploadPartnerCertificate
pmp.partner.certificaticate.get.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/getPartnerCertificate/{partnerCertId}
pmp.partner.original.certificate.get.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/getPartnerSignedCertificate/{partnerCertId}
pmp-keymanager.upload.other.domain.cert.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/uploadOtherDomainCertificate
pmp.trust.certificates.post.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/getCaCertificates
pmp.download.trust.certificates.get.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/getCACertificateTrustPath/{caCertId}
pmp.encrypt.data.post.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt
pmp.decrypt.data.post.rest.uri=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt

Auth Adapter rest template authentication configs

These properties are used to set attributes for partner management services.

• app id : ApplicationId for partner

• client id : Kernel auth client ID for partner management services

• client secret : Kernel auth secret key for partner management services

Keycloak Configurations

These configurations are used to create user in keycloak and map to a role.

Auth Services API calls

These properties are used to specify the auth manager API to validate the token.

UI allowed roles

This property is used to populate required roles which should be allowed in UI.(Roles are nothing but partner types)

URL to redirect after logout

These properties specify the url to redirect after logout and the end session endpoint in OIDC.

MOSIP E-Signet config

These configurations specify the E-Signet claims mapping file url, amr-acr mapping file url and the service apis for create and update OIDC and OAuth Client.

User Session Idle Timeout

These properties are used to set the user inactivity idle time.

• Inactivity Timer : Specifies the duration (in minutes) before the session is timed out due to inactivity.

• Prompt Timer : Specifies the duration (in minutes) before the user is prompted about the impending session timeout.

Axios Timeout

This property is used to set the server request and response time(in minutes) for Axios.

OIDC Client Attributes

These properties are used to set attributes for OIDC client creation and update.

• Grant Types : Specifies the grant types used by the OIDC client.

• Client Authentication Methods : Specifies the client authentication methods.

Maximum allowed years for SBI Created and Expiry Date

These properties are used to set maximum number of year to be allowed for SBI created date and expiry date.

Item per page configuration

This property is used to set the maximum number of items to be displayed per page in the pagination.

Configurations for Email Notifications

1. This property is used to set the interval (in seconds) at which notifications are automatically refreshed.

1. This property specifies the Keycloak URL used to retrieve all users assigned to a specific role within the mosiprealm.

   • The {userRole} placeholder should be replaced with the role name.

   • The max=-1 query parameter ensures that all users associated with the role are fetched without any pagination or limit.

1. These properties are used to schedule the batch job that generates notifications. This job runs daily at midnight.

1. This properties is used to schedule the batch job that delete past notifications.

1. These properties define the configuration for automatic deletion of past notifications in the system.

   • Specifies the number of days to retain past notifications. Notifications older than this period will be deleted by the scheduled deletion job.

   • Enables or disables the scheduled job that performs the deletion of past notifications.

1. These properties specify the number of days before certificate expiry when notifications should be triggered.

1. This property specifies the list of partner IDs for which certificate expiry notifications should be skipped. These IDs are excluded from the notification generation process.

1. These properties is used to schedule the batch job that deactivate the expired SBI, API Key and MISP license key.

Templates for Email Notifications

Specifies the template names used for sending email notifications. Each template corresponds to a different type of notification and its email subject line.

Configuration for Data Encryption and Decryption

Defines the configuration properties used for secure data encryption and decryption through the Key Manager service.

Legacy Support Configuration Flags

These properties indicate the availability of specific endpoints and the OIDC client within the MOSIP platform. They are used to enable or disable certain features based on configurations.

Regex Patterns

These regular expressions are used to validate various IDs and inputs within the PMS.

• FTM ID (Allows only digits (0–9), with a length between 1 to 36 characters.)

• Certificate ID (Allows letters, digits, and hyphens (-), with a length between 1 to 36 characters.)

• OIDC Client ID (Allows letters, digits, underscores (_) and hyphens (-), with a length between 1 to 36 characters.)

• Request Input Validation (Accepts a wide range of readable characters, including Letters, Numbers, Spaces and Special characters: .,@#&()-'?_!":;=\)

Unique ID generation retry configuration

This property specifies the maximum attempts to generate a unique ID (for example, policies, API keys).

If the generated ID already exists (a collision), the system retries until it finds a unique one or reaches this limit. When the maximum retries are reached, the process stops and reports failure.

Supported Languages Configuration

This property lists the supported languages for creating a MISP partner. Each language uses its standard code (for example, eng for English, hin for Hindi).

Partner Mobile Number Configuration

This property defines the maximum allowed length for a partner's mobile number. The configured value must be less than or equal to 16 digits.

Supported Languages for OIDC Client

This property specifies the list of supported languages for OIDC client attributes such as client name and description. The values must be provided as a comma-separated list of supported language codes.

OIDC Client – Additional Info Requirement

This property specifies whether additional information fields (supported in eSignet v1.6.2) are required for OIDC client.

Partner Type Roles

These properties specify partner type roles that are used to grant access to various APIs in partner management service.