1 of 7

Technical Overview

Technology Stack

PMS Portal UI:

The table below outlines the frameworks, tools, and technologies used in PMS Portal.

Partner Management Services:

The table below outlines the frameworks, tools, and technologies employed by Partner Management Services.

Browsers Supported

PMS Revamp Portal web application is currently compatible and certified with the following list of browsers:

Scope for Release 1.3.0-dp.1 - Compatible on standard browser size (laptop/desktop) and UI responsiveness in laptop/desktop.

Compatibility on Mobile and also on specific tablet and mobile sizes will be taken up only after Release 1.3.0-dp.1.

PMS Configuration Guide

Overview

The following guide outlines some important properties that can be customized for a given installation. Please note that this list is not exhaustive but serves as a checklist for reviewing properties that are likely to differ from the default settings. For a complete list of properties, refer to the files listed below.

Configuration files

Partner Management Services uses the following configuration files:

Copy

Auth allowed urls

This property is used by kernel-authcodeflowproxy-api to check request is coming from allowed urls not.

Key manager API calls

These properties are used to specify the keymanager API to upload certificates and get original partner uploaded certificates.

Auth Adapter rest template authentication configs

These properties are used to set attributes for partner management services.

app id : ApplicationId for partner
client id : Kernel auth client ID for partner management services
client secret : Kernel auth secret key for partner management services

Keycloak Configurations

These configurations are used to create user in keycloak and map to a role.

Note : All partner types should be created as roles in keycloak.

Auth Services API calls

These properties are used to specify the auth manager API to validate the token.

UI allowed roles

This property is used to populate required roles which should be allowed in UI.(Roles are nothing but partner types)

URL to redirect after logout

These properties specify the url to redirect after logout and the end session endpoint in OIDC.

MOSIP E-Signet config

These configurations specify the E-Signet claims mapping file url, amr-acr mapping file url and the service apis for create and update OIDC and OAuth Client.

User Session Idle Timeout

These properties are used to set the user inactivity idle time.

Inactivity Timer : Specifies the duration (in minutes) before the session is timed out due to inactivity.
Prompt Timer : Specifies the duration (in minutes) before the user is prompted about the impending session timeout.

Copy

Axios Timeout

This property is used to set the server request and response time(in minutes) for Axios.

Copy

OIDC Client Attributes

These properties are used to set attributes for OIDC client creation and update.

Grant Types : Specifies the grant types used by the OIDC client.
Client Authentication Methods : Specifies the client authentication methods.

Copy

Partner Type Roles

These properties specify partner type roles that are used to grant access to various APIs in partner management service.

Copy

Backend Developers Guide

Overview

PMS Portal is used by the Partners to onboard with MOSIP and manage Devices, FTM, Create API Keys and Create OIDC clients etc.

Partner Management module has two services:

Partner Management service
Policy Management service

The documentation here will guide you through the prerequisites required for the developer's setup.

Software setup

Below is a list of tools required in Partner Management Services:

JDK 11
Any IDE (like Eclipse, IntelliJ IDEA)
Apache Maven (zip folder)
pgAdmin
Postman
Git
Notepad++ (optional)
lombok.jar (file)
settings.xml (document)

Follow the steps below to set up Partner Management Services on your local system:

Download lombok.jarand settings.xml from here.
Install Apache Maven.
Copy the settings.xml to ".m2" folder C:\Users\<username>\.m2.
Install Eclipse.
Open the lombok.jar file and wait for some time until it completes the scan for Eclipse IDE and then click Install/Update. Specify the eclipse installation location if required by clicking the ‘Specify location…’ button. Then, click Install/Update the button to proceed.

Check the Eclipse installation folder C:\Users\userName\eclipse\jee-2021-12\eclipse to see if lombok.jar is added. By doing this, you will not have to add the dependency of lombok in your pom.xml file separately as it is auto-configured by Eclipse.
Configure the JDK (Standard VM) with your Eclipse by traversing through Preferences → Java → Installed JREs.

Code setup

For the code setup, clone the repository and follow the guidelines mentioned in the Code Contributions.

Importing and building a project

Open the project folder partner-management-services\partner where pom.xml is present.
Open the command prompt from the same folder.
Run the command mvn clean install -Dgpg.skip=true to build the project and wait for the build to complete successfully.
After building a project, open Eclipse and select Import Projects → Maven → Existing Maven Projects → Next → Browse to project directory → Finish
This will import 5 projects into Eclipse: partner, partner-management-service, pms-common, policy-management-service and policy-validator

After successful importing of all the projects, update each project by right-clicking on Project → Maven → Update Project.

Environment setup

For the environment setup, you need an external JAR that is available here with different versions. Download the below-mentioned JARs with appropriate latest/appropriate versions. You will need to input the appropriate artifact ID and version and other inputs. kernel-auth-adapter.jar
E.g.: You can download kernel-auth-adapter.jar and add to the project Libraries → Classpath → Add External JARs → Select Downloaded JAR → Add → Apply and Close).

Properties Files - Update application-dev.properties and bootstrap.properties files in below folder partner-management-services\partner\partner-management-service\src\main\resources to run the Partner Management Service locally

Click the "run" option, the service will start locally on port 9109.

Policy management service also can run by following the above steps.

Partner Management Services API

For API documentation, refer here.
The APIs can be tested with the help of Postman or Swagger-UI.
Swagger is an interface description language for describing restful APIs expressed using JSON. Can access Swagger-UI of partner-management-services for dev-environment from https://dev.mosip.net/v1/partnermanager/swagger-ui/index.html?configUrl=/v1/partnermanager/v3/api-docs/swagger-config and localhost from http://localhost:9109/v1/partnermanager/swagger-ui/index.html?configUrl=/v1/partnermanager/v3/api-docs/swagger-config.
Can access Swagger-UI of policy-management-services for dev-environment from https://dev.mosip.net/v1/policymanager/swagger-ui/index.html?configUrl=/v1/policymanager/v3/api-docs/swagger-config and localhost from http://localhost:9107/v1/policymanager/swagger-ui/index.html?configUrl=/v1/policymanager/v3/api-docs/swagger-config.
Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster. It is widely used tool for API testing.
Download the JSON collection and then import it in your postman.

UI Developers Guide

This repository contains the UI code for Partner Management portal. To know more about the features and functions present on the portal, refer here.

Build and Deployment

Note: The code is written in React JS.

Install node.js- To build the react JS code that runs on node, recommended Node: 21.7.3, Package Manager: npm 5.2+
Check out the source code from GIT – To download the source code from git, follow the steps below to download source code on your local system.
- git clone https://github.com/mosip/partner-management-portal (to clone the source code repository from git)

For Production build

Build the code
Follow the steps below to build the source code on your system.
- Navigate to the pmp-reactjs-ui directory inside the cloned repository.
- Run the command npm run build in that directory to build the code.
Build Docker image
Follow the steps below to build the docker image on your system.
- docker build -t name . (replace name with the name of the image you want, "." signifies the current directory from where the docker file has to be read.)
- Example: docker build -t pmp-reactjs-ui .
Run the Docker image
Follow the steps to build docker image on your system.
- docker run –d –p 80:80 --name container-name image-name (to run the docker image created with the previous step,-d signifies to run the container in detached mode, -p signifies the port mapping left side of the":" is the external port that will be exposed to the outside world and right side is the internal port of the container that is mapped with the external port. Replace container-name with the name of your choice for the container, replace image-name with the name of the image specified in the previous step)
- Example: docker run -d -p 3000:3000--name nginx pmp-reactjs-ui
Now you can access the user interface over the internet via browser.
- Example: http://localhost:3000

For Local build

Build & deploy the code locally
Follow the steps below to build the source code on your system.
- Navigate to the pmp-reactjs-ui directory inside the cloned repository. Then, run the following command in that directory:
  - npm install
  - npm start
Now, you can access the user interface via browser.
- Example: http://localhost:3000

Build and Development Guide

This guide contains all the information required for successful deployment and running of Partner Management Portal. It includes information about the Database and roles.

DB scripts

Partner Management Service DB Scripts to be run: DB scripts

Keycloak Roles

mosip-pms-client needs to have below roles in keycloak:

CREATE_SHARE`
DEVICE_PROVIDER
PARTNER
PARTNER_ADMIN
PMS_ADMIN
PMS_USER
PUBLISH_APIKEY_APPROVED_GENERAL
PUBLISH_APIKEY_UPDATED_GENERAL
PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL
PUBLISH_MISP_LICENSE_GENERATED_GENERAL
PUBLISH_MISP_LICENSE_UPDATED_GENERAL
PUBLISH_OIDC_CLIENT_CREATED_GENERAL
PUBLISH_OIDC_CLIENT_UPDATED_GENERAL
PUBLISH_PARTNER_UPDATED_GENERAL
PUBLISH_POLICY_UPDATED_GENERAL
REGISTRATION_PROCESSOR
SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL
ZONAL_ADMIN

Config Changes:

Add below property to partner-management-default.properties file in mosip-config repository to Deploy PMS Revamp 1.3.0-DP.1 release in your env.

## This property is used by kernel-authcodeflowproxy-api to check request is coming from allowed urls not.
auth.allowed.urls=https://${mosip.pmp.host}/,https://${mosip.pmp.reactjs.ui.host}/

PMS Configuration Guide

Overview

Configuration files

Partner Management Services uses the following configuration files:

Copy

Auth allowed urls

This property is used by kernel-authcodeflowproxy-api to check request is coming from allowed urls not.

Key manager API calls

These properties are used to specify the keymanager API to upload certificates and get original partner uploaded certificates.

Auth Adapter rest template authentication configs

These properties are used to set attributes for partner management services.

app id : ApplicationId for partner
client id : Kernel auth client ID for partner management services
client secret : Kernel auth secret key for partner management services

mosip.iam.adapter.clientid=${mosip.pmp.auth.clientId}
mosip.iam.adapter.clientsecret=${mosip.pmp.auth.secretKey}
mosip.iam.adapter.appid=${mosip.pmp.auth.appId}

Keycloak Configurations

These configurations are used to create user in keycloak and map to a role.

Note : All partner types should be created as roles in keycloak.

mosip.iam.realm.operations.base-url = ${keycloak.internal.url}/auth/admin/realms/{realmId}
mosip.iam.admin-url =${keycloak.internal.url}/auth/admin/
mosip.iam.admin-realm-id =admin
mosip.iam.roles-extn-url =realms/mosip/roles
mosip.iam.users-extn-url = realms/mosip/users
mosip.iam.role-user-mapping-url =/{userId}/role-mappings/realm
mosip.iam.open-id-url =${keycloak.internal.url}/auth/realms/{realmId}/protocol/openid-connect/
mosip.iam.master.realm-id=master
mosip.iam.default.realm-id=mosip
mosip.keycloak.admin.client.id=admin-cli
mosip.keycloak.admin.user.id=admin
mosip.keycloak.admin.secret.key=${keycloak.admin.password}

Auth Services API calls

These properties are used to specify the auth manager API to validate the token.

auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken
auth.server.admin.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken
auth.server.admin.allowed.audience=mosip-creser-client,mosip-datsha-client,mosip-ida-client,mosip-regproc-client,mosip-admin-client,mosip-reg-client,mosip-pms-client,mosip-resident-client,mosip-idrepo-client,mosip-deployment-client
auth.jwt.secret=authjwtsecret
auth.jwt.base=Mosip-Token

mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip
mosip.authmanager.client-token-endpoint=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey

UI allowed roles

This property is used to populate required roles which should be allowed in UI.(Roles are nothing but partner types)

mosip.pms.ui.required.roles=AUTH_PARTNER,DEVICE_PROVIDER,CREDENTIAL_PARTNER,FTM_PROVIDER,MISP_PARTNER,POLICYMANAGER,PARTNER_ADMIN

URL to redirect after logout

These properties specify the url to redirect after logout and the end session endpoint in OIDC.

mosip.iam.post-logout-uri-param-key=post_logout_redirect_uri
mosip.iam.end-session-endpoint-path=/protocol/openid-connect/logout

MOSIP E-Signet config

These configurations specify the E-Signet claims mapping file url, amr-acr mapping file url and the service apis for create and update OIDC and OAuth Client.

mosip.pms.esignet.claims-mapping-file-url=https://raw.githubusercontent.com/mosip/mosip-config/develop/identity-mapping.json
mosip.pms.esignet.amr-acr-mapping-file-url=https://raw.githubusercontent.com/mosip/mosip-config/develop/amr-acr-mapping.json
mosip.pms.esignet.config-url=${mosip.esignet.service.url}/v1/esignet/oidc/.well-known/openid-configuration

mosip.pms.esignet.oidc-client-create-url=${mosip.esignet.service.url}/v1/esignet/client-mgmt/oidc-client
mosip.pms.esignet.oidc-client-update-url=${mosip.esignet.service.url}/v1/esignet/client-mgmt/oidc-client

mosip.pms.esignet.oauth-client-create-url=${mosip.esignet.service.url}/v1/esignet/client-mgmt/oauth-client
mosip.pms.esignet.oauth-client-update-url=${mosip.esignet.service.url}/v1/esignet/client-mgmt/oauth-client

User Session Idle Timeout

These properties are used to set the user inactivity idle time.

Inactivity Timer : Specifies the duration (in minutes) before the session is timed out due to inactivity.
Prompt Timer : Specifies the duration (in minutes) before the user is prompted about the impending session timeout.

Copy

mosip.pms.session.inactivity.timer=25
mosip.pms.session.inactivity.prompt.timer=5

Axios Timeout

This property is used to set the server request and response time(in minutes) for Axios.

Copy

mosip.pms.axios.timeout=3

OIDC Client Attributes

These properties are used to set attributes for OIDC client creation and update.

Grant Types : Specifies the grant types used by the OIDC client.
Client Authentication Methods : Specifies the client authentication methods.

Copy

mosip.pms.oidc.clients.grantTypes=authorization_code 
mosip.pms.oidc.clients.clientAuthMethods=private_key_jwt

Partner Type Roles

These properties specify partner type roles that are used to grant access to various APIs in partner management service.

Copy

mosip.role.pms.getallcertificatedetails=AUTH_PARTNER,ABIS_PARTNER,SDK_PARTNER,DEVICE_PROVIDER,FTM_PROVIDER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER
mosip.role.pms.getallrequestedpolicies=AUTH_PARTNER,ABIS_PARTNER,SDK_PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER
mosip.role.pms.getallapprovedauthpartnerpolicies=AUTH_PARTNER,PARTNER_ADMIN
mosip.role.pms.getallapprovedpartneridswithpolicygroups=AUTH_PARTNER,ABIS_PARTNER,SDK_PARTNER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER
mosip.role.pms.getallapikeysforauthpartners=AUTH_PARTNER,PARTNER_ADMIN
mosip.role.pms.getalloidcclients=AUTH_PARTNER,PARTNER_ADMIN
mosip.role.pms.userconsent=AUTH_PARTNER,ABIS_PARTNER,SDK_PARTNER,DEVICE_PROVIDER,FTM_PROVIDER,CREDENTIAL_PARTNER,PARTNER_ADMIN,ONLINE_VERIFICATION_PARTNER
mosip.role.pms.getallpolicygroups=AUTH_PARTNER,CREDENTIAL_PARTNER,ONLINE_VERIFICATION_PARTNER,ABIS_PARTNER,MANUAL_ADJUDICATION,PARTNER_ADMIN,POLICYMANAGER

UI Developers Guide

This repository contains the UI code for Partner Management portal. To know more about the features and functions present on the portal, refer here.

Build and Deployment

Note: The code is written in React JS.

Install node.js- To build the react JS code that runs on node, recommended Node: 21.7.3, Package Manager: npm 5.2+
Check out the source code from GIT – To download the source code from git, follow the steps below to download source code on your local system.
- git clone https://github.com/mosip/partner-management-portal (to clone the source code repository from git)

For Production build

Build the code
Follow the steps below to build the source code on your system.
- Navigate to the pmp-reactjs-ui directory inside the cloned repository.
- Run the command npm run build in that directory to build the code.
Build Docker image
Follow the steps below to build the docker image on your system.
- docker build -t name . (replace name with the name of the image you want, "." signifies the current directory from where the docker file has to be read.)
- Example: docker build -t pmp-reactjs-ui .
Run the Docker image
Follow the steps to build docker image on your system.
- docker run –d –p 80:80 --name container-name image-name (to run the docker image created with the previous step,-d signifies to run the container in detached mode, -p signifies the port mapping left side of the":" is the external port that will be exposed to the outside world and right side is the internal port of the container that is mapped with the external port. Replace container-name with the name of your choice for the container, replace image-name with the name of the image specified in the previous step)
- Example: docker run -d -p 3000:3000--name nginx pmp-reactjs-ui
Now you can access the user interface over the internet via browser.
- Example: http://localhost:3000

For Local build

Build & deploy the code locally
Follow the steps below to build the source code on your system.
- Navigate to the pmp-reactjs-ui directory inside the cloned repository. Then, run the following command in that directory:
  - npm install
  - npm start
Now, you can access the user interface via browser.
- Example: http://localhost:3000

Backend Developers Guide

Overview

PMS Portal is used by the Partners to onboard with MOSIP and manage Devices, FTM, Create API Keys and Create OIDC clients etc.

Partner Management module has two services:

Partner Management service
Policy Management service

The documentation here will guide you through the prerequisites required for the developer's setup.

Software setup

Below is a list of tools required in Partner Management Services:

JDK 11
Any IDE (like Eclipse, IntelliJ IDEA)
Apache Maven (zip folder)
pgAdmin
Postman
Git
Notepad++ (optional)
lombok.jar (file)
settings.xml (document)

Follow the steps below to set up Partner Management Services on your local system:

Download lombok.jarand settings.xml from here.
Install Apache Maven.
Copy the settings.xml to ".m2" folder C:\Users\<username>\.m2.
Install Eclipse.
Open the lombok.jar file and wait for some time until it completes the scan for Eclipse IDE and then click Install/Update. Specify the eclipse installation location if required by clicking the ‘Specify location…’ button. Then, click Install/Update the button to proceed.

Check the Eclipse installation folder C:\Users\userName\eclipse\jee-2021-12\eclipse to see if lombok.jar is added. By doing this, you will not have to add the dependency of lombok in your pom.xml file separately as it is auto-configured by Eclipse.
Configure the JDK (Standard VM) with your Eclipse by traversing through Preferences → Java → Installed JREs.

Code setup

For the code setup, clone the repository and follow the guidelines mentioned in the Code Contributions.

Importing and building a project

Open the project folder partner-management-services\partner where pom.xml is present.
Open the command prompt from the same folder.
Run the command mvn clean install -Dgpg.skip=true to build the project and wait for the build to complete successfully.
After building a project, open Eclipse and select Import Projects → Maven → Existing Maven Projects → Next → Browse to project directory → Finish
This will import 5 projects into Eclipse: partner, partner-management-service, pms-common, policy-management-service and policy-validator

After successful importing of all the projects, update each project by right-clicking on Project → Maven → Update Project.

Environment setup

For the environment setup, you need an external JAR that is available here with different versions. Download the below-mentioned JARs with appropriate latest/appropriate versions. You will need to input the appropriate artifact ID and version and other inputs. kernel-auth-adapter.jar
E.g.: You can download kernel-auth-adapter.jar and add to the project Libraries → Classpath → Add External JARs → Select Downloaded JAR → Add → Apply and Close).

Properties Files - Update application-dev.properties and bootstrap.properties files in below folder partner-management-services\partner\partner-management-service\src\main\resources to run the Partner Management Service locally

Click the "run" option, the service will start locally on port 9109.

Policy management service also can run by following the above steps.

Partner Management Services API

For API documentation, refer here.
The APIs can be tested with the help of Postman or Swagger-UI.
Swagger is an interface description language for describing restful APIs expressed using JSON. Can access Swagger-UI of partner-management-services for dev-environment from https://dev.mosip.net/v1/partnermanager/swagger-ui/index.html?configUrl=/v1/partnermanager/v3/api-docs/swagger-config and localhost from http://localhost:9109/v1/partnermanager/swagger-ui/index.html?configUrl=/v1/partnermanager/v3/api-docs/swagger-config.
Can access Swagger-UI of policy-management-services for dev-environment from https://dev.mosip.net/v1/policymanager/swagger-ui/index.html?configUrl=/v1/policymanager/v3/api-docs/swagger-config and localhost from http://localhost:9107/v1/policymanager/swagger-ui/index.html?configUrl=/v1/policymanager/v3/api-docs/swagger-config.
Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster. It is widely used tool for API testing.
Download the JSON collection and then import it in your postman.