# Build and Development Guide

This guide contains all the information required for successful deployment and running of Partner Management Portal. It includes information about the Database and roles.

### DB scripts

Partner Management Service DB Scripts to be run: [DB scripts](https://github.com/mosip/partner-management-services/tree/develop-pmp-revamp/db_scripts/mosip_pms)

### Keycloak Roles

`mosip-pms-client` needs to have below roles in keycloak:

* `CREATE_SHARE`
* `DEVICE_PROVIDER`
* `PARTNER`
* `PARTNER_ADMIN`
* `PMS_ADMIN`
* `PMS_USER`
* `PUBLISH_APIKEY_APPROVED_GENERAL`
* `PUBLISH_APIKEY_UPDATED_GENERAL`
* `PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL`
* `PUBLISH_MISP_LICENSE_GENERATED_GENERAL`
* `PUBLISH_MISP_LICENSE_UPDATED_GENERAL`
* `PUBLISH_OIDC_CLIENT_CREATED_GENERAL`
* `PUBLISH_OIDC_CLIENT_UPDATED_GENERAL`
* `PUBLISH_PARTNER_UPDATED_GENERAL`
* `PUBLISH_POLICY_UPDATED_GENERAL`
* `REGISTRATION_PROCESSOR`
* `SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL`
* `ZONAL_ADMIN`
* `view-users` (from realm-management roles)
* `view-realm` (from realm-management roles)

{% hint style="warning" %}
**Note**: To add realm-management roles, you need to run the [keycloak-init](https://github.com/mosip/partner-management-services/blob/release-1.3.x/deploy/keycloak/keycloak-init.sh) job
{% endhint %}

#### **Config Changes**

\
Add below property to partner-management-default.properties file in mosip-config repository to Deploy PMS Revamp 1.3.0-beta.4 release in your env.

```
## This property is used by kernel-authcodeflowproxy-api to check request is coming from allowed urls not.
auth.allowed.urls=https://${mosip.pmp.host}/
```

#### Setup guide for PMS Revamp with different Keymanager versions

{% hint style="warning" %}
This guide outlines the features available in PMS with different Keymanager versions. Features are enabled or disabled based on the specific Keymanager version.
{% endhint %}

### **Keymanager - v1.1.5**

<table><thead><tr><th width="152.45526123046875">Features</th><th>Feature Availability</th><th>Action Required</th></tr></thead><tbody><tr><td>Download originally uploaded CA certificate</td><td>A new endpoint <code>/v1/keymanager/getPartnerSignedCertificate/{partnerCertId}</code> has been introduced in Key Manager to download the original CA certificate. However, this endpoint is only available in the latest version of Key Manager. Therefore, this feature must be disabled in PMS to avoid failures or inconsistencies.</td><td><p>To disable this feature, add the following property to the <code>partner-management-default.properties</code> file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.ca.signed.partner.certificate.available=false</code></p></td></tr><tr><td>Download uploaded FTM Certificate</td><td>A new endpoint <code>/v1/keymanager/getPartnerSignedCertificate/{partnerCertId}</code> has been introduced in Key Manager to download the original CA certificate. However, this endpoint is only available in the latest version of Key Manager. Therefore, this feature must be disabled in PMS to avoid failures or inconsistencies.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.ca.signed.partner.certificate.available=false</code></p></td></tr><tr><td>Trust Certificates List</td><td>The endpoint <code>/v1/keymanager/getCaCertificates</code> was added in the latest version of Key Manager to get the list of trusted certificates. It is not available in v1.1.5, so this feature must be disabled in PMS to avoid failures.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.root.and.intermediate.certificates.available=false</code></p></td></tr><tr><td>Download Trust Certificate</td><td>The endpoint <code>/v1/keymanager/getCACertificateTrustPath/{caCertId}</code> was introduced in the latest version of Key Manager to download the trust certificate. Since it is not available in v1.1.5, this feature must be disabled in PMS to avoid failures.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.root.and.intermediate.certificates.available=false</code></p></td></tr><tr><td>OIDC</td><td>Since Esignet is not included in this version, the related feature should be disabled in PMS.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.oidc.client.available=false</code></p></td></tr><tr><td>Email Templates</td><td>Email templates are not pre-loaded in Master Data Service. Global Admin must load the necessary templates manually as part of deployment process.</td><td>To load the email templates manually, please refer to the steps <a href="/pages/tbWlyHTOPKPbBLtFVXS7">here</a>.</td></tr></tbody></table>

### **Keymanager - v1.2.0.1**

<table><thead><tr><th width="164.1953125">Features</th><th>Feature Availability</th><th>Action Required</th></tr></thead><tbody><tr><td>Download originally uploaded CA certificate</td><td>A new endpoint <code>/v1/keymanager/getPartnerSignedCertificate/{partnerCertId}</code> has been introduced in Key Manager to download the original CA certificate. However, this endpoint is only available in the latest version of Key Manager. Therefore, this feature has to disabled in PMS to avoid failures.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.ca.signed.partner.certificate.available=false</code></p></td></tr><tr><td>Download uploaded FTM Certificate</td><td>A new endpoint <code>/v1/keymanager/getPartnerSignedCertificate/{partnerCertId}</code> has been introduced in Key Manager to download the original CA certificate. However, this endpoint is only available in the latest version of Key Manager. Therefore, this feature must be disabled in PMS to avoid failures or inconsistencies.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.ca.signed.partner.certificate.available=false</code></p></td></tr><tr><td>Trust Certificates List</td><td>The endpoint <code>/v1/keymanager/getCaCertificates</code> was added in the latest version of Key Manager to get the list of trusted certificates. It is not available in v1.2.0.1, So this feature must be disabled in PMS to avoid failures or inconsistencies.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.root.and.intermediate.certificates.available=false</code></p></td></tr><tr><td>Download Trust Certificate</td><td>The endpoint <code>/v1/keymanager/getCACertificateTrustPath/{caCertId}</code> was introduced in the latest version of Key Manager to download the trust certificate. Since it is not available in v1.2.0.1, this feature must be disabled in PMS to avoid failures or inconsistencies.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.root.and.intermediate.certificates.available=false</code></p></td></tr><tr><td>OIDC</td><td>Esignet is available in this version, the related feature is enabled in PMS.</td><td></td></tr><tr><td>Email Templates</td><td>Email templates are not pre-loaded in Master Data Service. Global Admin must load the necessary templates manually as part of deployment process.</td><td>To load the email templates manually, please refer to the steps <a href="/pages/tbWlyHTOPKPbBLtFVXS7">here</a>.</td></tr></tbody></table>

### **Keymanager - v1.2.1.0**

<table><thead><tr><th width="178.2222900390625">Features</th><th>Feature Availability</th><th>Action Required</th></tr></thead><tbody><tr><td>Download originally uploaded CA certificate</td><td>The endpoint <code>/v1/keymanager/getPartnerSignedCertificate/{partnerCertId}</code> is available in keymanager v1.3.0-beta.2. So this feature is enabled in PMS.</td><td></td></tr><tr><td>Download uploaded FTM Certificate</td><td>The endpoint <code>/v1/keymanager/getPartnerSignedCertificate/{partnerCertId}</code> is available in keymanager v1.3.0-beta.2. So this feature is enabled in PMS.</td><td></td></tr><tr><td>Trust Certificates List</td><td>The endpoint <code>/v1/keymanager/getCaCertificates</code> was added in the latest version of Key Manager to get the list of trusted certificates. It is not available in v1.2.1.0, so this feature must be disabled in PMS to avoid failures or inconsistencies.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.root.and.intermediate.certificates.available=false</code></p></td></tr><tr><td>Download Trust Certificate</td><td>The endpoint <code>/v1/keymanager/getCACertificateTrustPath/{caCertId}</code> was introduced in the latest version of Key Manager to download the trust certificate. Since it is not available in v1.2.1.0, this feature must be disabled in PMS to avoid failures or inconsistencies.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.root.and.intermediate.certificates.available=false</code></p></td></tr><tr><td>OIDC</td><td>Esignet is available in this version, the related feature is enabled in PMS.</td><td></td></tr><tr><td>Email Templates</td><td>Email templates are not pre-loaded in Master Data Service. Global Admin must load the necessary templates manually as part of deployment process.</td><td>To load the email templates manually, please refer to the steps <a href="/pages/tbWlyHTOPKPbBLtFVXS7">here</a>.</td></tr></tbody></table>

### **Keymanager - v1.3.0-beta.1**

<table><thead><tr><th width="180.97088623046875">Features</th><th>Feature Availability</th><th>Action Required</th></tr></thead><tbody><tr><td>Download originally uploaded CA certificate</td><td>A new endpoint <code>/v1/keymanager/getPartnerSignedCertificate/{partnerCertId}</code> has been introduced in Key Manager to download the original CA certificate. However, this endpoint is only available in the latest version of Key Manager. Therefore, this feature must be disabled in PMS to avoid failures.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.ca.signed.partner.certificate.available=false</code></p></td></tr><tr><td>Download uploaded FTM Certificate</td><td>A new endpoint <code>/v1/keymanager/getPartnerSignedCertificate/{partnerCertId}</code> has been introduced in Key Manager to download the original CA certificate. However, this endpoint is only available in the latest version of Key Manager. Therefore, this feature must be disabled in PMS to avoid failures.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.ca.signed.partner.certificate.available=false</code></p></td></tr><tr><td>Trust Certificates List</td><td>The endpoint <code>/v1/keymanager/getCaCertificates</code> was added in the latest version of Key Manager to get the list of trusted certificates. It is not available in v1.3.0-beta.1, so this feature must be disabled in PMS to avoid failures.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.root.and.intermediate.certificates.available=false</code></p></td></tr><tr><td>Download Trust Certificate</td><td>The endpoint <code>/v1/keymanager/getCACertificateTrustPath/{caCertId}</code> was introduced in the latest version of Key Manager to download the trust certificate. Since it is not available in v1.3.0-beta.1, this feature must be disabled in PMS to avoid failures.</td><td><p>To disable this feature, add the following property to the partner-management-default.properties file in the <strong>MOSIP config</strong> during deployment.</p><p><code>mosip.pms.root.and.intermediate.certificates.available=false</code></p></td></tr><tr><td>OIDC</td><td>Esignet is available in this version, the related feature is enabled in PMS.</td><td></td></tr><tr><td>Email Templates</td><td>Email templates are not pre-loaded in Master Data Service. Global Admin must load the necessary templates manually as part of deployment process.</td><td>To load the email templates manually, please refer to the steps <a href="/pages/tbWlyHTOPKPbBLtFVXS7">here</a>.</td></tr></tbody></table>

### **Keymanager - v1.3.0-beta.2**

<table><thead><tr><th width="180.999267578125">Features</th><th>Feature Availability</th><th>Action Required</th></tr></thead><tbody><tr><td>Download originally uploaded CA certificate</td><td>The endpoint <code>/v1/keymanager/getPartnerSignedCertificate/{partnerCertId}</code> is available in keymanager v1.3.0-beta.2. So this feature is enabled in PMS.</td><td></td></tr><tr><td>Download uploaded FTM Certificate</td><td>The endpoint <code>/v1/keymanager/getPartnerSignedCertificate/{partnerCertId}</code> is available in keymanager v1.3.0-beta.2. So this feature is enabled in PMS.</td><td></td></tr><tr><td>Trust Certificates List</td><td>The endpoint <code>/v1/keymanager/getCaCertificates</code> is available in keymanager v1.3.0-beta.2. So this feature is enabled in PMS.</td><td></td></tr><tr><td>Download Trust Certificate</td><td>The endpoint <code>/v1/keymanager/getCACertificateTrustPath/{caCertId}</code> is available in keymanager v1.3.0-beta.2. So this feature is enabled in PMS.</td><td></td></tr><tr><td>OIDC</td><td>Esignet is available in this version, the related feature is enabled in PMS.</td><td></td></tr><tr><td>Email Templates</td><td>Email templates are not pre-loaded in Master Data Service. Global Admin must load the necessary templates manually as part of deployment process.</td><td>To load the email templates manually, please refer to the steps <a href="/pages/tbWlyHTOPKPbBLtFVXS7">here</a>.</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mosip.io/1.2.0/id-lifecycle-management/support-systems/partner-management-services/develop/build-and-development-guide.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.