Build and Development Guide

This guide contains all the information required for successful deployment and running of Partner Management Portal. It includes information about the Database and roles.

DB scripts

Partner Management Service DB Scripts to be run: DB scripts

Keycloak Roles

mosip-pms-client needs to have below roles in keycloak:

  • CREATE_SHARE

  • DEVICE_PROVIDER

  • PARTNER

  • PARTNER_ADMIN

  • PMS_ADMIN

  • PMS_USER

  • PUBLISH_APIKEY_APPROVED_GENERAL

  • PUBLISH_APIKEY_UPDATED_GENERAL

  • PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL

  • PUBLISH_MISP_LICENSE_GENERATED_GENERAL

  • PUBLISH_MISP_LICENSE_UPDATED_GENERAL

  • PUBLISH_OIDC_CLIENT_CREATED_GENERAL

  • PUBLISH_OIDC_CLIENT_UPDATED_GENERAL

  • PUBLISH_PARTNER_UPDATED_GENERAL

  • PUBLISH_POLICY_UPDATED_GENERAL

  • REGISTRATION_PROCESSOR

  • SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL

  • ZONAL_ADMIN

  • view-users (from realm-management roles)

  • view-realm (from realm-management roles)

Config Changes

Add below property to partner-management-default.properties file in mosip-config repository to Deploy PMS Revamp 1.3.0-beta.1 release in your env.

## This property is used by kernel-authcodeflowproxy-api to check request is coming from allowed urls not.
auth.allowed.urls=https://${mosip.pmp.host}/

Setup guide for PMS Revamp with different Keymanager versions

Keymanager - v1.1.5

Features
Feature Availability
Action Required

Download originally uploaded CA certificate

A new endpoint /v1/keymanager/getPartnerSignedCertificate/{partnerCertId} has been introduced in Key Manager to download the original CA certificate. However, this endpoint is only available in the latest version of Key Manager. Therefore, this feature must be disabled in PMS to avoid failures or inconsistencies.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.ca.signed.partner.certificate.available=false

Download uploaded FTM Certificate

A new endpoint /v1/keymanager/getPartnerSignedCertificate/{partnerCertId} has been introduced in Key Manager to download the original CA certificate. However, this endpoint is only available in the latest version of Key Manager. Therefore, this feature must be disabled in PMS to avoid failures or inconsistencies.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.ca.signed.partner.certificate.available=false

Trust Certificates List

The endpoint /v1/keymanager/getCaCertificates was added in the latest version of Key Manager to get the list of trusted certificates. It is not available in v1.1.5, so this feature must be disabled in PMS to avoid failures.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.root.and.intermediate.certificates.available=false

Download Trust Certificate

The endpoint /v1/keymanager/getCACertificateTrustPath/{caCertId} was introduced in the latest version of Key Manager to download the trust certificate. Since it is not available in v1.1.5, this feature must be disabled in PMS to avoid failures.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.root.and.intermediate.certificates.available=false

OIDC

Since Esignet is not included in this version, the related feature should be disabled in PMS.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.oidc.client.available=false

Email Templates

Email templates are not pre-loaded in Master Data Service. Global Admin must load the necessary templates manually as part of deployment process.

To load the email templates manually, please refer to the steps here.

Keymanager - v1.2.0.1

Features
Feature Availability
Action Required

Download originally uploaded CA certificate

A new endpoint /v1/keymanager/getPartnerSignedCertificate/{partnerCertId} has been introduced in Key Manager to download the original CA certificate. However, this endpoint is only available in the latest version of Key Manager. Therefore, this feature has to disabled in PMS to avoid failures.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.ca.signed.partner.certificate.available=false

Download uploaded FTM Certificate

A new endpoint /v1/keymanager/getPartnerSignedCertificate/{partnerCertId} has been introduced in Key Manager to download the original CA certificate. However, this endpoint is only available in the latest version of Key Manager. Therefore, this feature must be disabled in PMS to avoid failures or inconsistencies.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.ca.signed.partner.certificate.available=false

Trust Certificates List

The endpoint /v1/keymanager/getCaCertificates was added in the latest version of Key Manager to get the list of trusted certificates. It is not available in v1.2.0.1, So this feature must be disabled in PMS to avoid failures or inconsistencies.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.root.and.intermediate.certificates.available=false

Download Trust Certificate

The endpoint /v1/keymanager/getCACertificateTrustPath/{caCertId} was introduced in the latest version of Key Manager to download the trust certificate. Since it is not available in v1.2.0.1, this feature must be disabled in PMS to avoid failures or inconsistencies.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.root.and.intermediate.certificates.available=false

OIDC

Esignet is available in this version, the related feature is enabled in PMS.

Email Templates

Email templates are not pre-loaded in Master Data Service. Global Admin must load the necessary templates manually as part of deployment process.

To load the email templates manually, please refer to the steps here.

Keymanager - v1.2.1.0

Features
Feature Availability
Action Required

Download originally uploaded CA certificate

The endpoint /v1/keymanager/getPartnerSignedCertificate/{partnerCertId} is available in keymanager v1.3.0-beta.2. So this feature is enabled in PMS.

Download uploaded FTM Certificate

The endpoint /v1/keymanager/getPartnerSignedCertificate/{partnerCertId} is available in keymanager v1.3.0-beta.2. So this feature is enabled in PMS.

Trust Certificates List

The endpoint /v1/keymanager/getCaCertificates was added in the latest version of Key Manager to get the list of trusted certificates. It is not available in v1.2.1.0, so this feature must be disabled in PMS to avoid failures or inconsistencies.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.root.and.intermediate.certificates.available=false

Download Trust Certificate

The endpoint /v1/keymanager/getCACertificateTrustPath/{caCertId} was introduced in the latest version of Key Manager to download the trust certificate. Since it is not available in v1.2.1.0, this feature must be disabled in PMS to avoid failures or inconsistencies.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.root.and.intermediate.certificates.available=false

OIDC

Esignet is available in this version, the related feature is enabled in PMS.

Email Templates

Email templates are not pre-loaded in Master Data Service. Global Admin must load the necessary templates manually as part of deployment process.

To load the email templates manually, please refer to the steps here.

Keymanager - v1.3.0-beta.1

Features
Feature Availability
Action Required

Download originally uploaded CA certificate

A new endpoint /v1/keymanager/getPartnerSignedCertificate/{partnerCertId} has been introduced in Key Manager to download the original CA certificate. However, this endpoint is only available in the latest version of Key Manager. Therefore, this feature must be disabled in PMS to avoid failures.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.ca.signed.partner.certificate.available=false

Download uploaded FTM Certificate

A new endpoint /v1/keymanager/getPartnerSignedCertificate/{partnerCertId} has been introduced in Key Manager to download the original CA certificate. However, this endpoint is only available in the latest version of Key Manager. Therefore, this feature must be disabled in PMS to avoid failures.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.ca.signed.partner.certificate.available=false

Trust Certificates List

The endpoint /v1/keymanager/getCaCertificates was added in the latest version of Key Manager to get the list of trusted certificates. It is not available in v1.3.0-beta.1, so this feature must be disabled in PMS to avoid failures.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.root.and.intermediate.certificates.available=false

Download Trust Certificate

The endpoint /v1/keymanager/getCACertificateTrustPath/{caCertId} was introduced in the latest version of Key Manager to download the trust certificate. Since it is not available in v1.3.0-beta.1, this feature must be disabled in PMS to avoid failures.

To disable this feature, add the following property to the partner-management-default.properties file in the MOSIP config during deployment.

mosip.pms.root.and.intermediate.certificates.available=false

OIDC

Esignet is available in this version, the related feature is enabled in PMS.

Email Templates

Email templates are not pre-loaded in Master Data Service. Global Admin must load the necessary templates manually as part of deployment process.

To load the email templates manually, please refer to the steps here.

Keymanager - v1.3.0-beta.2

Features
Feature Availability
Action Required

Download originally uploaded CA certificate

The endpoint /v1/keymanager/getPartnerSignedCertificate/{partnerCertId} is available in keymanager v1.3.0-beta.2. So this feature is enabled in PMS.

Download uploaded FTM Certificate

The endpoint /v1/keymanager/getPartnerSignedCertificate/{partnerCertId} is available in keymanager v1.3.0-beta.2. So this feature is enabled in PMS.

Trust Certificates List

The endpoint /v1/keymanager/getCaCertificates is available in keymanager v1.3.0-beta.2. So this feature is enabled in PMS.

Download Trust Certificate

The endpoint /v1/keymanager/getCACertificateTrustPath/{caCertId} is available in keymanager v1.3.0-beta.2. So this feature is enabled in PMS.

OIDC

Esignet is available in this version, the related feature is enabled in PMS.

Email Templates

Email templates are not pre-loaded in Master Data Service. Global Admin must load the necessary templates manually as part of deployment process.

To load the email templates manually, please refer to the steps here.

Last updated

Was this helpful?