Partner Management System (PMS) module provides the following services:
Partner Management Service
Policy Management Service
For an overview of role of partners in MOSIP, refer .
Provides various partner services like onboarding partners and providing partner data to other modules.
The diagram below illustrates the relationship of this service to other MOSIP services.
Certificates of partner are uploaded to as part of onboarding.
Registration processor fetches ABIS datashare policy from PMS.
PMS sends notification messages to partners via notification service (of Kernel).
Audit logs are logged into Auditmanager.
This service manages partner policies.
Audit logs are logged into Auditmanager.
All policies are stored stored in mosip_pms DB.
Datashare service fetches partner policies and shares data with partners accordingly.
To know more about the partner portal, refer .
To know more about the developer setup, read .
Refer .
.
ID Repository fetches credential data share partners and their polices from PMS.
All PMS data is stored in mosip_pms DB.
Certificates of Authentication Partners are sent to IDA module as IDA runs independently. The certs are shared using Datashare (which futher uses Websub to share data with IDA).
Partner management portal allows the partners to register themselves in MOSIP. With LTS release, the following types of partners can register themselves:
Authentication Partners
Credential Partners(with limited features)
Device Providers
FTM Provider
A Partner Admin can create Policies that are required for Authentication and Credential partners. The section below describes the types of policies that are supported by MOSIP.
To create policies, policy groups should be defined. Policy groups can be considered as the regulatory bodies in a country, examples could be Telecom, Insurance, Banking, etc.
Login as Partner Admin into the PMS portal.
After successful login, on the left navigation pane, click on Policy -> Policy Group.
The existing policy groups are listed on the screen and the new ones can be created.
To create Policy groups
Click Policy -> Policy Group -> +Create Policy Group
Enter the Policy group Name and Description and click Save.
To search or filter any data pertaining to policy groups, use the filter menu.
You can also change the status of policy group(Deactivate/Re-activate) or edit it using the Action menu as shown below.
On successful creation of Policy groups, polices can be created under that group. MOSIP supports two types of policies, i.e., Auth policy and Datashare policy.
By default, on clicking Auth policy, the screen displays the list of existing auth .
Click Auth Policy -> Create Policy.
Add the Name and Description.
From the dropdown, select the Policy group.
Add the Policies Data.
Note: Once the policy is created, it will be in Inactive state. You have to activate it before using it for a partner.
Select the policy you want to activate or edit.
From the Actions menu, select Activate/Edit.
Use the filter menu.
Data Share policy can be created/edited in the same way as the steps mentioned in the previous section on Auth policy by using Data Share Policy menu options.
Partners in MOSIP are created in a self-service mode. The partner visits the MOSIP partner management portal and requests for collaborating with MOSIP by providing basic details such as organization name and email-id, purpose of registration (how they want to collaborate with MOSIP - as a device provider, authentication partner, print partner, etc), basic credentials and performing an OTP based verification. Once these details are filled by the partner and a request is sent to MOSIP, the Partner Admin verifies the details of the partners and allows the partner to integrate with MOSIP.
To know more about each of the partners, click:
This guide enables the Foundational Trust providers to use the PMP portal effectively. Below is the workflow:
Partner self-register through the portal.
Partner admin and uploads CA certificate.
Partner admin/ Partner uploads partner certificate.
Partner admin/ Partner creates FTM.
Partner admin/ Partner uploads certificate from the menu before approval/ rejection.
Partner admin approves/ rejects the FTM.
The partner can register themselves on the MOSIP PMP portal by clicking Register on the landing page.
They need to fill up a form with the details below:
First and Last name
To view the details entered, click Home to see the dashboard.
The Partner admin needs to upload the CA certificate to enable the partner to use the portal. To do so, the Partner admin:
Clicks Upload CA Certificate option on the left navigation pane of the partner portal.
Selects the Partner Domain as FTM.
Chooses the certificate to upload (only files with extensions such as .cer or .pem).
Clicks Upload
The uploaded certificates can be viewed by clicking on View Certificates-> View.
Similarly, the Partner certificates can be added by the Partner admin or partner.
The certificate can be uploaded by clicking Home-> Upload Certificate -> Upload.
The certificate can be viewed by clicking Home-> View Certificate ->View.
The partner can create FTM details by,
Clicking FTM Details -> Create FTM
Fill up the information like Partner Name, Make and Model.
Clicking Save.
The partner can upload FTM certificates by,
Selecting Upload Certificate option from the Actions menu against the FTM created.
Entering the Partner Domain as FTM and choosing the certificate file.
Clicking Upload.
The Partner Admin can choose to approve or reject the FTM certificate uploaded. Below illustrates the workflow:
Finally, you can see the FTM activated.
Partner type (Device Provider)
Address, e-mail, phone number
Username and password
Click Save.
Partner Admin
PARTNER_ADMIN
Policy Manager
POLICYMANAGER
Authentication Partner
AUTH_PARTNER
Credential Partner
CREDENTIAL_PARTNER
Device Provider
DEVICE_PROVIDER
FTM Provider
FTM_PROVIDER
Partner Management Services are the self-services which are used by the partners themselves via a portal. Partner Management Portal is a web based UI application that provides services to various types of partners.
Partner Management module has two services:
Policy Management service
Partner Management service
The documentation here will guide you through the prerequisites required for the developer's setup.
Below are a list of tools required in Partner Management Services setup:
JDK 11
Any IDE (like Eclipse, IntelliJ IDEA)
Apache Maven (zip folder)
pgAdmin
Follow the steps below to set up Partner Management Services on your local system:
Download lombok.jar and settings.xml from .
Unzip Apache Maven and move the unzipped folder in C:\Program Files and settings.xml to conf folder C:\Program Files\apache-maven-3.8.4\conf.
Check the Eclipse installation folder C:\Users\userName\eclipse\jee-2021-12\eclipse to see if the lombok.jar is added. By doing this, you don't have to add the dependency of lombok in your pom.xml file separately as it is auto-configured by Eclipse.
Configure the JDK (Standard VM) with your Eclipse by traversing through Preferences → Java → Installed JREs.
For the code setup, clone the repository and follow the guidelines mentioned in the .
Open the project folder where pom.xml is present.
Open command prompt from the same folder.
Run the command mvn clean install -Dgpg.skip=true -DskipTests=true to build the project and wait for the build to complete successfully.
For the environment setup, you need an external JAR that is available with different versions. (E.g.: You can download kernel-auth-adapter.jar and add to project Libraries → Classpath → Add External JARs → Select Downloaded JAR → Add → Apply and Close).
Clone .
Create an empty folder inside the mosip-config with sandbox-local name and then copy and paste all config files inside sandbox-local folder except .gitignore, README and LICENSE.
Example:
java -jar -Dspring.profiles.active=native -Dspring.cloud.config.server.native.search-locations=file:C:\Users\myDell\mosipProject\mosip-config\sandbox-local -Dspring.cloud.config.server.accept-empty=true -Dspring.cloud.config.server.git.force-pull=false -Dspring.cloud.config.server.git.cloneOnStart=false -Dspring.cloud.config.server.git.refreshRate=0 kernel-config-server-1.2.0-20201016.134941-57.jar.
As mentioned in the steps above, you may have to make some changes in the two properties files as per your environment.
Run the server by opening the config-server-start.bat file.
The server should now be up and running.
Below are the configurations to be done in Eclipse:
1. Open Eclipse and run the project for one time as Java application, so that it will create a Java application which you can see in debug configurations and then change its name. (e.g.: project name with environment - "partner-management-dev").
2. Open the arguments and pass this -Ddomain.url=dev.mosip.net -Dapplication.base.url=http://localhost:8090 -Dspring.profiles.active=default -Dspring.cloud.config.uri=http://localhost:51000/config -Dspring.cloud.config.label=master in VM arguments.
3. Here, the domain URL represents the environment on which you are working (eg., it can be dev2.mosip.net or qa3.mosip.net).
4. Click Apply and then debug it (starts running). In the console, you can see a message like "Started PartnerManagementService in 34.078 seconds (JVM running for 38.361)".
Policy management service also can run by following the above steps.
For API documentation, refer .
The APIs can be tested with the help of Swagger-UI and Postman.
Swagger is an interface description language for describing restful APIs expressed using JSON. Can access Swagger-UI of partner-management-services for dev-environment from https://dev.mosip.net/v1/partnermanager/swagger-ui/index.html?configUrl=/v1/partnermanager/v3/api-docs/swagger-config and localhost from http://localhost:9109/v1/partnermanager/swagger-ui/index.html?configUrl=/v1/partnermanager/v3/api-docs/swagger-config
Postman
Git
Notepad++ (optional)
lombok.jar (file)
settings.xml (document)
Install Eclipse, open the lombok.jar file and wait for some time until it completes the scan for Eclipse IDE and then click Install/Update.
After building of a project, open Eclipse and select Import Projects → Maven → Existing Maven Projects → Next → Browse to project directory → Finish.
After successful importing of project, update the project by right-click on Project → Maven → Update Project.
partner-management-default and application-default, you will have to configure them according to your environment. The same files are available here for reference.To run the server, two files are required- kernel-config-server.jar and config-server-start.bat.
Put both the files in the same folder and change the location attribute to sandbox-local folder in config-server-start.bat file and also check the version of kernel-config-server.jar towards the end of the command.
Can access Swagger-UI of policy-management-services for dev-environment from https://dev.mosip.net/v1/policymanager/swagger-ui/index.html?configUrl=/v1/policymanager/v3/api-docs/swagger-config and localhost from http://localhost:9107/v1/policymanager/swagger-ui/index.html?configUrl=/v1/policymanager/v3/api-docs/swagger-config.
Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster. It is widely used tool for API testing.
Download the JSON collection and then import it in your postman.
Below is the workflow that includes the registration process for an Auth or Credential partner and the steps that need to be followed for using the partner portal.
The partner self-registers through the portal.
Partner selects the relevant Policy Group.
Partner admin uploads the CA certificate.
Partner admin or partner uploads the partner certificate.
Partner admin or Partner maps the Partner Policy.
Partner admin approves or rejects partner policy mapping.
Partner logins after the approval and generates the API key for the approved partner policy mapping using an unique label.
The Auth/ Credential partner can register themselves on MOSIP PMS portal by clicking Register on the landing page.
They need to fill up a form with the details below:
First and Last name
To view the details entered, click Home to see the dashboard.
On successful registration, the partner can see their username displayed on the top right corner.
Partner selects the relevant Policy Group from Map Policy Group dropdown.
Clicks Save.
The Partner admin needs to upload the CA certificate to enable the partner for using the portal. To do so, the Partner admin:
Clicks Upload CA Certificate option on the left navigation pane of the partner portal.
Selects the Partner Domain.
Chooses the certificate to upload (only files with extensions as .cer or .pem).
Clicks Upload.
The uploaded certificates can be viewed by clicking on View Certificates-> View.
Similarly, the Partner certificates can be added by the Partner admin/ partner.
Once the certificates are uploaded,
Partner maps the policy to the Policy group by clicking on Partner Policy Mapping -> +Map Policy.
Partner enters the Partner Name.
Selects the Auth Policy Name from the dropdown.
Enters a value for the Request Details (unique value) and clicks Save
Once this is done, you will see a message saying Policy mapping grequest submitted successfully.
Also, the status is displayed as "In progress" and this means that the partner cannot generate the API key until the request is approved by the Partner admin.
Once the Partner Policy Mapping request is raised by the partner, the Partner admin has the privilege to approve/ reject the mapping. To do so,
Partner admin logs into the PMS portal and clicks on Partner Policy Mapping in the left navigation pane.
Selects the policy mapping that needs an approval.
From the action menu against the policy mapping, selects Manage Policy.
Once the request is approved, the partner can view the status being updated to Approved instead of InProgress.
Partner logins after the Partner Policy Mapping is approved by the Partner admin and generates the API key with an unique label. To do so,
Partner clicks Partner Policy Mapping on the left navigation pane.
From the actions menu, click Generate API Key.
Partner enters a unique value for the Label field.
The API key is generated and can be used by the partner.
The partner can also deactivate a particular API Key by clicking on the cross-mark (X) next to it. Please note, once deactivated, it cannot be activated again. You may need to generate a new API key as per requirement.
Partner type (Authentication Partner/ Credential Partner)
Address, e-mail, phone number
Username and password
Click Generate.
This guide enables the Device provider partner to use the partner portal effectively. Below is the workflow:
The partner self-registers through the portal.
Partner admin uploads the CA certificate.
Partner admin or Partner uploads the partner certificate.
Partner admin or Partner creates device details.
Partner admin approves or rejects device details.
Partner admin or Partner creates SBI details.
Partner admin approves or rejects SBI details.
Partner admin or Partner maps devices and SBI.
The Device Provider partner can register themselves on the MOSIP PMS portal by clicking Register on the landing page.
They need to fill up a form with the details below:
First and Last name
To view the details entered, click Home to see the dashboard.
The Partner admin needs to upload the CA certificate to enable the partner for using the portal. To do so, the Partner admin:
Clicks Upload CA Certificate option on the left navigation pane of the partner portal.
Selects the Partner Domain.
Chooses the certificate to upload (only files with extensions such as .cer or .pem).
Clicks Upload.
The uploaded certificates can be viewed by clicking on View Certificates-> View.
Similarly, the Partner certificates can be added by the Partner admin/ partner.
The certificate can be uploaded by clicking Home-> Upload Certificate -> Upload.
The certificate can be viewed by clicking Home-> View Certificate ->View.
The partner can add devices to the portal. To do so,
Partner clicks Device details-> Create Device.
Enters the necessary details to create/add devices like:
Partner Name
The Partner Admin can choose to approve/reject the device details entered by the partner.
The Partner can create SBI by filling in the required details.
The Partner Admin can choose to approve/reject the SBI details entered by the partner.
The partner can map the device with an SBI.
Partner type (Device Provider)
Address, e-mail, phone number
Username and password
Make and Model
Click Save.