Overview

Partner policies control the data that needs to be shared with a partner. The policies reside in auth_policy table of mosip_pms DB.

Policy types

Policies are not applicable for Device Provider, FTM Provider and MISP Partner as data is not shared with them.

Refer to the default policies loaded while installing MOSIP.

Policy group

Common policies are grouped example 'Telecom', 'Banking', 'Insurance' etc.

Overview

Partner Management Services (PMS) module provides the following services:

1. Partner Management Service

2. Policy Management Service

For an overview of role of partners in MOSIP, refer .

Partner Management Service

Provides various partner services like onboarding partners and providing partner data to other modules.

The diagram below illustrates the relationship of this service to other MOSIP services.

2. Registration processor fetches ABIS datashare policy from PMS.

3. PMS sends notification messages to partners via notification service (of Kernel).

4. Audit logs are logged into Auditmanager.

6. All PMS data is stored in mosip_pms DB.

Policy Management Service

This service manages partner policies.

1. Audit logs are logged into Auditmanager.

2. All policies are stored stored in mosip_pms DB.

3. Datashare service fetches partner policies and shares data with partners accordingly.

Partner portal

Developer Guide

API

Source code

Overview

This guide enables the Device provider partner to use the partner portal effectively. Below is the workflow:

• The partner self-registers through the portal.

• Partner admin uploads the CA certificate.

• Partner admin or Partner uploads the partner certificate.

• Partner admin or Partner creates device details.

• Partner admin approves or rejects device details.

• Partner admin or Partner creates SBI details.

• Partner admin approves or rejects SBI details.

• Partner admin or Partner maps devices and SBI.

Self-registration

• The Device Provider partner can register themselves on the MOSIP PMS portal by clicking Register on the landing page.

• They need to fill up a form with the details below:

  • First and Last name

  • Organization Name

  • Partner type (Device Provider)

  • Address, e-mail, phone number

  • Username and password

To view the details entered, click Home to see the dashboard.

Upload of Certificates

CA Certificate upload

The Partner admin needs to upload the CA certificate to enable the partner for using the portal. To do so, the Partner admin:

1. Clicks Upload CA Certificate option on the left navigation pane of the partner portal.

2. Selects the Partner Domain.

3. Chooses the certificate to upload (only files with extensions such as .cer or .pem).

4. Clicks Upload.

The uploaded certificates can be viewed by clicking on View Certificates-> View.

Partner Certificate upload

Similarly, the Partner certificates can be added by the Partner admin/ partner.

The certificate can be uploaded by clicking Home-> Upload Certificate -> Upload.

The certificate can be viewed by clicking Home-> View Certificate ->View.

Device make and model

Creating Device details

The partner can add devices to the portal. To do so,

1. Partner clicks Device details-> Create Device.

2. Enters the necessary details to create/add devices like:

   • Partner Name

   • Device Type and Sub Type

   • Make and Model

3. Click Save.

Approval/ Rejection of Device details

The Partner Admin can choose to approve/reject the device details entered by the partner.

SBI (Secure Biometric Interface)

Creating SBI

The Partner can create SBI by filling in the required details.

Approval/Rejection of SBI

The Partner Admin can choose to approve/reject the SBI details entered by the partner.

Mapping Device make and model with SBI

The partner can map the device with an SBI.

Overview

Below is the workflow that includes the registration process for an Auth or Credential partner and the steps that need to be followed for using the partner portal.

• The partner self-registers through the portal.

• Partner selects the relevant Policy Group.

• Partner admin uploads the CA certificate.

• Partner admin or partner uploads the partner certificate.

• Partner admin or Partner maps the Partner Policy.

• Partner admin approves or rejects partner policy mapping.

• Partner logins after the approval and generates the API key for the approved partner policy mapping using an unique label.

Self-registration

• The Auth/ Credential partner can register themselves on MOSIP PMS portal by clicking Register on the landing page.

• They need to fill up a form with the details below:

  • First and Last name

  • Organization Name

  • Partner type (Authentication Partner/ Credential Partner)

  • Address, e-mail, phone number

  • Username and password

To view the details entered, click Home to see the dashboard.

Policy Group mapping

On successful registration, the partner can see their username displayed on the top right corner.

1. Partner selects the relevant Policy Group from Map Policy Group dropdown.

2. Clicks Save.

Upload of Certificates

CA Certificate upload

The Partner admin needs to upload the CA certificate to enable the partner for using the portal. To do so, the Partner admin:

1. Clicks Upload CA Certificate option on the left navigation pane of the partner portal.

2. Selects the Partner Domain.

3. Chooses the certificate to upload (only files with extensions as .cer or .pem).

4. Clicks Upload.

The uploaded certificates can be viewed by clicking on View Certificates-> View.

Partner Certificate upload

Similarly, the Partner certificates can be added by the Partner admin/ partner.

Mapping policy to policy group

Once the certificates are uploaded,

1. Partner maps the policy to the Policy group by clicking on Partner Policy Mapping -> +Map Policy.

2. Partner enters the Partner Name.

3. Selects the Auth Policy Name from the dropdown.

4. Enters a value for the Request Details (unique value) and clicks Save.

• Once this is done, you will see a message saying Policy mapping grequest submitted successfully.

• Also, the status is displayed as "In progress" and this means that the partner cannot generate the API key until the request is approved by the Partner admin.

Approval/ Rejection of partner policy mapping

Once the Partner Policy Mapping request is raised by the partner, the Partner admin has the privilege to approve/ reject the mapping. To do so,

1. Partner admin logs into the PMS portal and clicks on Partner Policy Mapping in the left navigation pane.

2. Selects the policy mapping that needs an approval.

3. From the action menu against the policy mapping, selects Manage Policy.

4. Clicks Approve.

Once the request is approved, the partner can view the status being updated to Approved instead of InProgress.

Generating the API Key

Partner logins after the Partner Policy Mapping is approved by the Partner admin and generates the API key with an unique label. To do so,

1. Partner clicks Partner Policy Mapping on the left navigation pane.

2. From the actions menu, click Generate API Key.

3. Partner enters a unique value for the Label field.

4. Click Generate.

The API key is generated and can be used by the partner.

The partner can also deactivate a particular API Key by clicking on the cross-mark (X) next to it. Please note, once deactivated, it cannot be activated again. You may need to generate a new API key as per requirement.

Overview

This guide enables the Foundational Trust providers to use the PMP portal effectively. Below is the workflow:

• Partner self-register through the portal.

• Partner admin and uploads CA certificate.

• Partner admin/ Partner uploads partner certificate.

• Partner admin/ Partner creates FTM.

• Partner admin/ Partner uploads certificate from the menu before approval/ rejection.

• Partner admin approves/ rejects the FTM.

Self-registration

• The partner can register themselves on the MOSIP PMP portal by clicking Register on the landing page.

• They need to fill up a form with the details below:

  • First and Last name

  • Organization Name

  • Partner type (Device Provider)

  • Address, e-mail, phone number

  • Username and password

To view the details entered, click Home to see the dashboard.

Upload of Certificates

CA Certificate upload

The Partner admin needs to upload the CA certificate to enable the partner to use the portal. To do so, the Partner admin:

1. Clicks Upload CA Certificate option on the left navigation pane of the partner portal.

2. Selects the Partner Domain as FTM.

3. Chooses the certificate to upload (only files with extensions such as .cer or .pem).

4. Clicks Upload.

The uploaded certificates can be viewed by clicking on View Certificates-> View.

Partner Certificate upload

Similarly, the Partner certificates can be added by the Partner admin or partner.

The certificate can be uploaded by clicking Home-> Upload Certificate -> Upload.

The certificate can be viewed by clicking Home-> View Certificate ->View.

FTM Details

Creating FTM Details

The partner can create FTM details by,

1. Clicking FTM Details -> Create FTM

2. Fill up the information like Partner Name, Make and Model.

3. Clicking Save.

FTM Certificate Upload

The partner can upload FTM certificates by,

1. Selecting Upload Certificate option from the Actions menu against the FTM created.

2. Entering the Partner Domain as FTM and choosing the certificate file.

3. Clicking Upload.

Approval or rejection of the certificate

The Partner Admin can choose to approve or reject the FTM certificate uploaded. Below illustrates the workflow:

Finally, you can see the FTM activated.

Overview

Partner management portal allows the partners to register themselves in MOSIP. With LTS release, the following types of partners can register themselves:

1. Authentication Partners

2. Credential Partners(with limited features)

3. Device Providers

4. FTM Provider

Partner roles

A Partner Admin can create Policies that are required for Authentication and Credential partners. The section below describes the types of policies that are supported by MOSIP.

Home page

Policies

To create policies, policy groups should be defined. Policy groups can be considered as the regulatory bodies in a country, examples could be Telecom, Insurance, Banking, etc.

Creation of Policy group

• Login as Partner Admin into the PMS portal.

• After successful login, on the left navigation pane, click on Policy -> Policy Group.

• The existing policy groups are listed on the screen and the new ones can be created.

To create Policy groups

• Click Policy -> Policy Group -> +Create Policy Group

• Enter the Policy group Name and Description and click Save.

To search or filter any data pertaining to policy groups, use the filter menu.

You can also change the status of policy group(Deactivate/Re-activate) or edit it using the Action menu as shown below.

On successful creation of Policy groups, polices can be created under that group. MOSIP supports two types of policies, i.e., Auth policy and Datashare policy.

Auth Policy

Create an Auth policy

1. Click Auth Policy -> Create Policy.

2. Add the Name and Description.

3. From the dropdown, select the Policy group.

4. Add the Policies Data.

5. Click Save.

Note: Once the policy is created, it will be in Inactive state. You have to activate it before using it for a partner.

Activate/edit Auth policy

1. Select the policy you want to activate or edit.

2. From the Actions menu, select Activate/Edit.

Search or filter data

1. Use the filter menu.

Data Share Policy

Data Share policy can be created/edited in the same way as the steps mentioned in the previous section on Auth policy by using Data Share Policy menu options.

Partner

Self Registration

Partners in MOSIP are created in a self-service mode. The partner visits the MOSIP partner management portal and requests for collaborating with MOSIP by providing basic details such as organization name and email-id, purpose of registration (how they want to collaborate with MOSIP - as a device provider, authentication partner, print partner, etc), basic credentials and performing an OTP based verification. Once these details are filled by the partner and a request is sent to MOSIP, the Partner Admin verifies the details of the partners and allows the partner to integrate with MOSIP.

To know more about each of the partners, click:

Overview

are the self-services which are used by the partners themselves via a portal. Partner Management Portal is a web based UI application that provides services to various types of partners.

Partner Management module has two services:

• Policy Management service

• Partner Management service

The documentation here will guide you through the prerequisites required for the developer's setup.

Software setup

Below are a list of tools required in Partner Management Services setup:

1. JDK 11

2. Any IDE (like Eclipse, IntelliJ IDEA)

3. Apache Maven (zip folder)

4. pgAdmin

5. Postman

6. Git

7. Notepad++ (optional)

8. lombok.jar (file)

9. settings.xml (document)

Follow the steps below to set up Partner Management Services on your local system:

• Unzip Apache Maven and move the unzipped folder in C:\Program Files and settings.xml to conf folder C:\Program Files\apache-maven-3.8.4\conf.

• Install Eclipse, open the lombok.jar file and wait for some time until it completes the scan for Eclipse IDE and then click Install/Update.

• Check the Eclipse installation folder C:\Users\userName\eclipse\jee-2021-12\eclipse to see if the lombok.jar is added. By doing this, you don't have to add the dependency of lombok in your pom.xml file separately as it is auto-configured by Eclipse.

• Configure the JDK (Standard VM) with your Eclipse by traversing through Preferences → Java → Installed JREs.

Code setup

Importing and building of a project

1. Open the project folder where pom.xml is present.

2. Open command prompt from the same folder.

3. Run the command mvn clean install -Dgpg.skip=true -DskipTests=true to build the project and wait for the build to complete successfully.

4. After building of a project, open Eclipse and select Import Projects → Maven → Existing Maven Projects → Next → Browse to project directory → Finish.

5. After successful importing of project, update the project by right-click on Project → Maven → Update Project.

Environment setup

• Create an empty folder inside the mosip-config with sandbox-local name and then copy and paste all config files inside sandbox-local folder except .gitignore, README and LICENSE.

• Put both the files in the same folder and change the location attribute to sandbox-local folder in config-server-start.bat file and also check the version of kernel-config-server.jar towards the end of the command.

Example:

java -jar -Dspring.profiles.active=native -Dspring.cloud.config.server.native.search-locations=file:C:\Users\myDell\mosipProject\mosip-config\sandbox-local -Dspring.cloud.config.server.accept-empty=true -Dspring.cloud.config.server.git.force-pull=false -Dspring.cloud.config.server.git.cloneOnStart=false -Dspring.cloud.config.server.git.refreshRate=0 kernel-config-server-1.2.0-20201016.134941-57.jar.

As mentioned in the steps above, you may have to make some changes in the two properties files as per your environment.

• Run the server by opening the config-server-start.bat file.

The server should now be up and running.

Below are the configurations to be done in Eclipse:

1. Open Eclipse and run the project for one time as Java application, so that it will create a Java application which you can see in debug configurations and then change its name. (e.g.: project name with environment - "partner-management-dev").

2. Open the arguments and pass this -Ddomain.url=dev.mosip.net -Dapplication.base.url=http://localhost:8090 -Dspring.profiles.active=default -Dspring.cloud.config.uri=http://localhost:51000/config -Dspring.cloud.config.label=master in VM arguments.

3. Here, the domain URL represents the environment on which you are working (eg., it can be dev2.mosip.net or qa3.mosip.net).

4. Click Apply and then debug it (starts running). In the console, you can see a message like "Started PartnerManagementService in 34.078 seconds (JVM running for 38.361)".

Policy management service also can run by following the above steps.

Partner management services API

• The APIs can be tested with the help of Swagger-UI and Postman.

• Swagger is an interface description language for describing restful APIs expressed using JSON. Can access Swagger-UI of partner-management-services for dev-environment from https://dev.mosip.net/v1/partnermanager/swagger-ui/index.html?configUrl=/v1/partnermanager/v3/api-docs/swagger-config and localhost from http://localhost:9109/v1/partnermanager/swagger-ui/index.html?configUrl=/v1/partnermanager/v3/api-docs/swagger-config.

• Can access Swagger-UI of policy-management-services for dev-environment from https://dev.mosip.net/v1/policymanager/swagger-ui/index.html?configUrl=/v1/policymanager/v3/api-docs/swagger-config and localhost from http://localhost:9107/v1/policymanager/swagger-ui/index.html?configUrl=/v1/policymanager/v3/api-docs/swagger-config.

• Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster. It is widely used tool for API testing.