GitHub Community Tech Blogs What's New ChatBot

Configuring eSignet

This document detail steps to configure eSignet for MOSIP.

eSignet as MISP Partner

Once, both MOSIP and eSignet are deployed, eSignet needs to be onboarded in MOSIP as a MISP partner and a new policy called the MISP policy needs to be mapped to the eSignet MISP partner.

Below is the policy that should be mapped to the eSignet MISP partner.

{
  "allowAuthRequestDelegation":true,
  "allowKycRequestDelegation":true,
  "trustBindedAuthVerificationToken":true,
  "allowKeyBindingDelegation":true
}

Once the MISP is created and mapped to the above policy, a license key for the eSignet should be created and it should be updated in the esignet-default.properties against the property name : mosip.esignet.misp.license.key.

This license key would be used when the MOSIP IDA APIs are called for eSignet based authentication or exchange.

Configuring OIDC claims and KYC attributes

During the initial setup, the default OIDC claims should to be mapped with the allowed KYC attributes in the relying party policy in the identity-mapping.json of MOSIP's configurations.

Below is sample how this mapping file is added to the default mapping file of MOSIP.

{
  "identity":{
    "name":{
      "value":"fullName"
    },
    "gender":{
      "value":"gender"
    },
    "birthdate":{
      "value":"dateOfBirth"
    },
    "picture":{
      "value":"face"
    },
    "individual_id":{
      "value":"individual_id"
    },
    "street_address":{
      "value":"addressLine1,addressLine2,addressLine3"
    },
    "locality":{
      "value":"city"
    },
    "region":{
      "value":"region"
    },
    "postal_code":{
      "value":"postalCode"
    },
    "country":{
      "value":"province"
    }
  }
}

Configuring ACR and AMR values

During the initial setup, the ACR and AMR values needs to be mapped to the MOSIP authentication types in the amr-acr-mapping.json.

{
  "amr" : {
    "PWD" :  [{ "type": "PWD" }],
    "PIN" :  [{ "type": "PIN" }],
    "OTP" :  [{ "type": "OTP" }],
    "Wallet" :  [{ "type": "WLA" }],
    "L1-bio-device" :  [{ "type": "BIO", "count": 1 }]
  },
  "acr_amr" : {
    "mosip:idp:acr:password" : ["PWD"],
    "mosip:idp:acr:static-code" : ["PIN"],
    "mosip:idp:acr:generated-code" : ["OTP"],
    "mosip:idp:acr:linked-wallet" : [ "Wallet" ],
    "mosip:idp:acr:biometrics" : [ "L1-bio-device" ]
  }
}

Plugin Configurations

The package and the implementation class names for the plugins needs to be configured in the esignet-default.properties file.

mosip.esignet.integration.scan-base-package=io.mosip.authentication.esignet.integration
mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl
mosip.esignet.integration.authenticator=IdaAuthenticatorImpl
mosip.esignet.integration.key-binder=IdaKeyBinderImpl
mosip.esignet.integration.audit-plugin=IdaAuditPluginImpl
mosip.esignet.integration.vci-plugin=IdaVCIssuancePluginImpl

ID Authentication Integration Configurations

The below configurations related to MOSIP IDA integration should be updated in the esignet-default.properties for KYC authentication, exchange, key binding and VCI exchange.

mosip.esignet.authenticator.ida-auth-id=mosip.identity.kycauth
mosip.esignet.authenticator.ida-exchange-id=mosip.identity.kycexchange
mosip.esignet.authenticator.ida-send-otp-id=mosip.identity.otp
mosip.esignet.authenticator.ida-version=1.0
mosip.esignet.authenticator.ida-domainUri=https://${mosip.esignet.host}
mosip.esignet.authenticator.ida.cert-url=https://${mosip.api.public.host}/mosip-certs/ida-partner.cer
mosip.esignet.authenticator.ida.kyc-auth-url=https://${mosip.api.internal.host}/idauthentication/v1/kyc-auth/delegated/${mosip.esignet.misp.license.key}/
mosip.esignet.authenticator.ida.kyc-exchange-url=https://${mosip.api.internal.host}/idauthentication/v1/kyc-exchange/delegated/${mosip.esignet.misp.license.key}/
mosip.esignet.authenticator.ida.send-otp-url=https://${mosip.api.internal.host}/idauthentication/v1/otp/${mosip.esignet.misp.license.key}/
mosip.esignet.binder.ida.key-binding-url=https://${mosip.api.internal.host}/idauthentication/v1/identity-key-binding/delegated/${mosip.esignet.misp.license.key}/
mosip.esignet.authenticator.ida.get-certificates-url=https://${mosip.api.internal.host}/idauthentication/v1/internal/getAllCertificates
mosip.esignet.authenticator.ida.auth-token-url=https://${mosip.api.internal.host}/v1/authmanager/authenticate/clientidsecretkey
mosip.esignet.authenticator.ida.audit-manager-url=https://${mosip.api.internal.host}/v1/auditmanager/audits
mosip.esignet.authenticator.ida.client-id=mosip-ida-client
mosip.esignet.authenticator.ida.secret-key=${mosip.ida.client.secret}
mosip.esignet.authenticator.ida.app-id=ida
mosip.esignet.authenticator.ida-env=Developer
mosip.esignet.authenticator.ida.otp-channels=email,phone

mosip.esignet.ida.vci-user-info-cache=userinfo
mosip.esignet.ida.vci-exchange-id=mosip.identity.vciexchange
mosip.esignet.ida.vci-exchange-version=1.0
mosip.esignet.ida.vci-exchange-url=https://${mosip.api.internal.host}/idauthentication/v1/vci-exchange/delegated/${mosip.esignet.misp.license.key}/

Last updated

Copyright © 2021 MOSIP. This work is licensed under a Creative Commons Attribution (CC-BY-4.0) International License unless otherwise noted.