diff --git a/VerifiedAttributes.json b/VerifiedAttributes.json new file mode 100644 index 00000000000..28aee37ae0f --- /dev/null +++ b/VerifiedAttributes.json @@ -0,0 +1,52 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "additionalProperties": false, + "definitions": { + "verificationDetail": { + "additionalProperties": false, + "type": "object", + "properties": { + "trust_framework": { + "type": "string" + }, + "verification_process": { + "type": "string" + }, + "assurance_level": { + "type": "string" + }, + "time": { + "type": "string" + }, + "assurance_process": { + "type": ["object", "null"], + "properties": { + "policy": { + "type": "string" + }, + "procedure": { + "type": "string" + } + } + }, + "evidence": { + "type": ["object", "null"], + "properties": { + "method": { + "type": "string" + } + } + } + } + } + }, + "properties": { + "fullName": { + "$ref": "#/definitions/verificationDetail" + }, + "phone": { + "$ref": "#/definitions/verificationDetail" + } + } +} diff --git a/amr-acr-mapping.json b/amr-acr-mapping.json index 367cea85b3c..fd69579c828 100644 --- a/amr-acr-mapping.json +++ b/amr-acr-mapping.json @@ -4,13 +4,18 @@ "PIN" : [{ "type": "PIN" }], "OTP" : [{ "type": "OTP" }], "Wallet" : [{ "type": "WLA" }], - "L1-bio-device" : [{ "type": "BIO", "count": 1 }] + "L1-bio-device" : [{ "type": "BIO", "count": 1 }], + "knowledge" : [{ "type": "KBA"}], + "Password" : [{ "type": "PWD" }], + "ID-token" : [{ "type": "IDT" }] }, "acr_amr" : { "mosip:idp:acr:password" : ["PWD"], "mosip:idp:acr:static-code" : ["PIN"], "mosip:idp:acr:generated-code" : ["OTP"], "mosip:idp:acr:linked-wallet" : [ "Wallet" ], - "mosip:idp:acr:biometrics" : [ "L1-bio-device" ] + "mosip:idp:acr:biometrics" : [ "L1-bio-device" ], + "mosip:idp:acr:knowledge" : [ "knowledge" ], + "mosip:idp:acr:id-token" : [ "ID-token" ] } } diff --git a/application-default.properties b/application-default.properties index 836e20b25cf..c2b736adedf 100644 --- a/application-default.properties +++ b/application-default.properties @@ -94,9 +94,9 @@ mosip.idrepo.identity.bioAttributes=individualBiometrics,parentOrGuardianBiometr mosip.country.code=MOR ## Language supported by platform -mosip.supported-languages=eng,ara,fra -mosip.right_to_left_orientation=ara -mosip.left_to_right_orientation=eng,fra +mosip.supported-languages=eng,khm +mosip.right_to_left_orientation= +mosip.left_to_right_orientation=eng,khm ## Application IDs mosip.prereg.app-id=PRE_REGISTRATION @@ -415,14 +415,14 @@ server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve websub.hub.url=${mosip.websub.url}/hub/ websub.publish.url=${mosip.websub.url}/hub/ -mosip.mandatory-languages=eng +mosip.mandatory-languages=eng,khm ## Leave blank if no optional langauges -mosip.optional-languages=ara,fra +mosip.optional-languages= mosip.min-languages.count=2 -mosip.max-languages.count=3 +mosip.max-languages.count=2 # These are default languages used for sending notifications -mosip.default.template-languages=eng,ara,fra +mosip.default.template-languages=eng,khm # Config key to pick the preferred language for communicating to the Resident mosip.default.user-preferred-language-attribute=preferredLang diff --git a/application-insurance.properties b/application-insurance.properties new file mode 100644 index 00000000000..1d7ebc29a5c --- /dev/null +++ b/application-insurance.properties @@ -0,0 +1,455 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# override below properties for v2 deployment +# keycloak.external.url +# keycloak.internal.url +# mosip.api.internal.host + + +aplication.configuration.level.version=LTS + +## Idobject validator +# This config is used for loading recommended centers based on the value of the config. +# The value depicts the location hierarchy code of the hierarchy based on which the recommended centers is loaded +mosip.recommended.centers.locCode=5 + +## Common properties used across different modules +mosipbox.public.url=${mosip.api.internal.url} +mosip.api.internal.url=https://${mosip.api.internal.host} +mosip.api.public.url=https://${mosip.api.public.host} +mosip.kernel.authmanager.url=http://authmanager.kernel +mosip.kernel.masterdata.url=http://masterdata.kernel +mosip.kernel.keymanager.url=http://keymanager.keymanager +mosip.kernel.auditmanager.url=http://auditmanager.kernel +mosip.kernel.notification.url=http://notifier.kernel +mosip.kernel.idgenerator.url=http://idgenerator.kernel +mosip.kernel.otpmanager.url=http://otpmanager.kernel +mosip.kernel.syncdata.url=http://syncdata.kernel +mosip.kernel.pridgenerator.url=http://pridgenerator.kernel +mosip.kernel.ridgenerator.url=http://ridgenerator.kernel +mosip.idrepo.identity.url=http://identity.idrepo +mosip.idrepo.vid.url=http://vid.idrepo +mosip.admin.hotlist.url=http://admin-hotlist.admin +mosip.admin.service.url=http://admin-service.admin +mosip.admin.ui.url=http://admin-ui.admin +mosip.pms.policymanager.url=http://pms-policy.pms +mosip.pms.partnermanager.url=http://pms-partner.pms +mosip.pms.ui.url=http://pms-ui.pms +mosip.idrepo.credrequest.generator.url=http://credentialrequest.idrepo +mosip.idrepo.credential.service.url=http://credential.idrepo +mosip.datashare.url=http://datashare.datashare +mosip.mock.biosdk.url=http://biosdk-service.biosdk +mosip.idrepo.biosdk.url=http://biosdk-service.biosdk +mosip.regproc.workflow.url=http://regproc-workflow.regproc +mosip.regproc.status.service.url=http://regproc-status.regproc +mosip.regproc.transaction.service.url=http://regproc-trans.regproc +mosip.packet.receiver.url=http://regproc-group1.regproc +mosip.websub.url=https://api-internal.synergy.mosip.net +mosip.consolidator.url=http://websub-consolidator.websub +mosip.file.server.url=http://mosip-file-server.mosip-file-server +mosip.ida.internal.url=http://ida-internal.ida +mosip.ida.auth.url=http://ida-auth.ida +mosip.ida.otp.url=http://ida-otp.ida +mosip.resident.url=http://resident.resident +packetmanager.base.url=http://packetmanager.packetmanager/commons +mosip.artifactory.url=http://artifactory.artifactory +mosip.digitalcard.service.url=http://digitalcard.digitalcard +mosip.esignet.service.url=http://esignet.esignet +kafka.profile=kafka.svc.cluster.local +kafka.port=9092 + + +config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ + +# masterdata field data url +mosip.idobjectvalidator.masterdata.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/possiblevalues/{subType} +# Path to IDSchemaVersion. Path is defined as per JsonPath.compile. +mosip.kernel.idobjectvalidator.identity.id-schema-version-path=identity.IDSchemaVersion +# Path to dateOfBirth field. Path is defined as per JsonPath.compile. +mosip.kernel.idobjectvalidator.identity.dob-path = identity.dateOfBirth + +# Refresh cache only once for a particular subType for each request, when a value is not found for that subType. By default, it is false +mosip.idobjectvalidator.refresh-cache-on-unknown-value=false + +# Date format expected in identity json. commenting/removing below property will disable dob format validation in identity json. +mosip.kernel.idobjectvalidator.date-format=uuuu/MM/dd +## Properties that need to be updated when Identity Schema has been updated +mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone +mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.update-uin=IDSchemaVersion,UIN +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.child-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber,parentOrGuardianName,parentOrGuardianRID|parentOrGuardianUIN,parentOrGuardianBiometrics +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.other=IDSchemaVersion,UIN +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.lost=IDSchemaVersion +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.biometric_correction=IDSchemaVersion +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.opencrvs_new=IDSchemaVersion +# Value used in IdObjectReferenceValidator when value is not available +mosip.kernel.idobjectvalidator.masterdata.value-not-available=NA + +## Bio attribute allowed to be stored in IDRepo as per Identity Schema +mosip.idrepo.identity.allowedBioAttributes=individualBiometrics + +## List of all bio attriutes defined in Identity Schema +mosip.idrepo.identity.bioAttributes=individualBiometrics,parentOrGuardianBiometrics + +mosip.country.code=MOR + +## Language supported by platform +mosip.supported-languages=eng,ara,fra +mosip.right_to_left_orientation=ara +mosip.left_to_right_orientation=eng,fra + +## Application IDs +mosip.prereg.app-id=PRE_REGISTRATION +mosip.reg.app-id=REGISTRATION +mosip.regproc.app-id=REGISTRATION_PROCESSOR +mosip.ida.app-id=IDA +mosip.ida.ref-id=INTERNAL +mosip.idrepo.app-id=ID_REPO + +mosip.utc-datetime-pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +mosip.sign.header=response-signature +mosip.signed.response.header=response-signature + +## CBEFF util +# Cbeff URL where the files will be stored in git, change it accordingly in case of change of storage location. +mosip.kernel.xsdstorage-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ +# Cbeff XSD file name in config server +mosip.kernel.xsdfile=mosip-cbeff.xsd + +## Applicant type +mosip.kernel.applicant.type.age.limit = 5 +mosip.kernel.applicantType.mvel.file=applicanttype.mvel +mosip.kernel.config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ + + +## Various length parameters +mosip.kernel.pin.length=6 +mosip.kernel.tspid.length=4 +mosip.kernel.partnerid.length=4 +mosip.kernel.tokenid.length=36 +mosip.kernel.registrationcenterid.length=5 +mosip.kernel.machineid.length=5 + +## RID +mosip.kernel.rid.length=29 +mosip.kernel.rid.timestamp-length=14 +mosip.kernel.rid.sequence-length=5 + +## PRID +mosip.kernel.prid.length=14 +## Upper bound of number of digits in sequence allowed in id. For example if +## limit is 3, then 12 is allowed but 123 is not allowed in id (in both +## ascending and descending order) +mosip.kernel.tokenid.sequence-limit=3 +## Upper bound of number of digits in sequence allowed in id. For example if +## limit is 3, then 12 is allowed but 123 is not allowed in id (in both +## ascending and descending order) +## to disable validation assign zero or negative value +mosip.kernel.prid.sequence-limit=3 +## Number of digits in repeating block allowed in id. For example if limit is 2, +## then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +## to disable validation assign zero or negative value +mosip.kernel.prid.repeating-block-limit=3 +## Lower bound of number of digits allowed in between two repeating digits in +## id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) to disable validation assign zero or negative value +mosip.kernel.prid.repeating-limit=2 +## list of number that id should not be start with to disable null +mosip.kernel.prid.not-start-with=0,1 +## restricted numbers for prid +mosip.kernel.prid.restricted-numbers=786,666 + +## VID +mosip.kernel.vid.length=16 +# Upper bound of number of digits in sequence allowed in id. For example if +# limit is 3, then 12 is allowed but 123 is not allowed in id (in both +# ascending and descending order) +# to disable sequence limit validation assign 1 +mosip.kernel.vid.length.sequence-limit=3 +# Number of digits in repeating block allowed in id. For example if limit is 2, +# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +# to disable repeating block validation assign 0 or negative value +mosip.kernel.vid.length.repeating-block-limit=2 +# Lower bound of number of digits allowed in between two repeating digits in +# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) +# to disable repeating limit validation, assign 0 or negative value +mosip.kernel.vid.length.repeating-limit=2 +# list of number that id should not be start with to disable null +mosip.kernel.vid.not-start-with=0,1 +mosip.kernel.vid.restricted-numbers=786,666 + +## UIN +mosip.kernel.uin.length=10 +mosip.kernel.uin.min-unused-threshold=200000 +mosip.kernel.uin.uins-to-generate=500000 +mosip.kernel.uin.restricted-numbers=786,666 +# Upper bound of number of digits in sequence allowed in id. For example if +# limit is 3, then 12 is allowed but 123 is not allowed in id (in both +# ascending and descending order) +# to disable sequence limit validation assign 1 +mosip.kernel.uin.length.sequence-limit=3 +# Number of digits in repeating block allowed in id. For example if limit is 2, +# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +#to disable validation assign zero or negative value +mosip.kernel.uin.length.repeating-block-limit=2 +# Lower bound of number of digits allowed in between two repeating digits in +# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) +# to disable repeating limit validation, assign 0 or negative value +mosip.kernel.uin.length.repeating-limit=2 +#reverse group digit limit for uin filter +mosip.kernel.uin.length.reverse-digits-limit=5 +#group digit limit for uin filter +mosip.kernel.uin.length.digits-limit=5 +#should not start with +mosip.kernel.uin.not-start-with=0,1 +#adjacent even digit limit for uin filter +mosip.kernel.uin.length.conjugative-even-digits-limit=3 + +## Auth adapter +auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken + +#This is the frontend url configured in the open-id system. This url should match the issuer attribute in JWT. +auth.server.admin.issuer.internal.uri=${keycloak.internal.url}/auth/realms/ +auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/ +auth-token-generator.rest.issuerUrl=${keycloak.internal.url}/auth/realms/mosip +mosip.keycloak.issuerUrl=${keycloak.internal.url}/auth/realms/mosip + +## iam adapter +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter +mosip.kernel.auth.adapter.ssl-bypass=true +mosip.kernel.auth.appid-realm-map={prereg:'mosip',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip',idrepo:'mosip',hotlist:'mosip',digitalcard:'mosip'} +mosip.kernel.auth.appids.realm.map={prereg:'mosip',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip',idrepo:'mosip',hotlist:'mosip',digitalcard:'mosip'} + +## Crypto +mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING +mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +mosip.kernel.keygenerator.asymmetric-key-length=2048 +mosip.kernel.keygenerator.symmetric-key-length=256 +mosip.kernel.data-key-splitter=#KEY_SPLITTER# +mosip.kernel.crypto.gcm-tag-length=128 +mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 +mosip.kernel.crypto.hash-symmetric-key-length=256 +mosip.kernel.crypto.hash-iteration=100000 +mosip.kernel.crypto.sign-algorithm-name=RS256 +mosip.kernel.keymanager-service-publickey-url=${mosip.kernel.keymanager.url}/v1/keymanager/publickey/{applicationId} +mosip.kernel.keymanager-service-decrypt-url=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt +mosip.kernel.keymanager-service-auth-decrypt-url=${mosip.kernel.keymanager.url}/v1/keymanager/auth/decrypt +mosip.kernel.keymanager-service-sign-url=${mosip.kernel.keymanager.url}/v1/keymanager/sign +mosip.kernel.keymanager.cert.url=${mosip.kernel.keymanager.url}/v1/keymanager/getCertificate +mosip.kernel.keymanager-service-CsSign-url=${mosip.kernel.keymanager.url}/v1/keymanager/cssign +mosip.sign.applicationid=KERNEL +mosip.sign.refid=SIGN +mosip.kernel.cryptomanager.request_id=CRYPTOMANAGER.REQUEST +mosip.kernel.cryptomanager.request_version=v1.0 +mosip.kernel.signature.signature-request-id=SIGNATURE.REQUEST +mosip.kernel.signature.signature-version-id=v1.0 + +## ID repo +mosip.idrepo.identity.uin-status.registered=ACTIVATED +mosip.idrepo.identity.uin-status=ACTIVATED,BLOCKED,DEACTIVATED + +## OTP manager +mosip.kernel.otp.default-length=6 +## Default crypto function: HmacSHA512, HmacSHA256, HmacSHA1. +mosip.kernel.otp.mac-algorithm=HmacSHA512 +## OTP expires after the given time (in seconds). +mosip.kernel.otp.expiry-time=180 +## Key is frozen for the given time (in seconds). +mosip.kernel.otp.key-freeze-time=1800 +## Number of validation attempts allowed. +## mosip.kernel.otp.validation-attempt-threshold =3 means , the validation and generation will be blocked from 4th time. +mosip.kernel.otp.validation-attempt-threshold=10 +mosip.kernel.otp.min-key-length=3 +mosip.kernel.otp.max-key-length=64 + +## Licence key manager +mosip.kernel.licensekey.length=16 +# List of permissions +## NOTE: ',' in the below list is used as splitter in the implementation. +## Use of ',' in the values for below key should be avoided. +## Use of spaces before and after ',' also should be avoided. +mosip.kernel.licensekey.permissions=OTP Trigger,OTP Authentication,Demo Authentication - Identity Data Match,Demo Authentication - Address Data Match,Demo Authentication - Full Address Data Match,Demo Authentication - Secondary Language Match,Biometric Authentication - FMR Data Match,Biometric Authentication - IIR Data Match,Biometric Authentication - FID Data Match,Static Pin Authentication,eKYC - limited,eKYC - Full,eKYC - No + +## Virus scanner +# Here we specify the Kubernetes service name if clamav runs inside cluster +mosip.kernel.virus-scanner.host=clamav.clamav +mosip.kernel.virus-scanner.port=3310 + +## Transliteration +mosip.kernel.transliteration.arabic-language-code=ara +mosip.kernel.transliteration.english-language-code=eng +mosip.kernel.transliteration.french-language-code=fra + +## DOB +mosip.default.dob.month=01 +mosip.default.dob.day=01 +mosip.login.mode= email,mobile + +## Notification +mosip.registration.processor.notification.types=EMAIL +mosip.notificationtype=SMS|EMAIL +mosip.kernel.sms.proxy-sms=false +mosip.kernel.auth.proxy-otp=true +mosip.kernel.auth.proxy-email=true +## Notification lanugage types: either PRIMARY or BOTH +mosip.notification.language-type=BOTH + +## System +logging.level.org.springframework.web.filter.CommonsRequestLoggingFilter=INFO + +## Admin +mosip.min-digit-longitude-latitude=4 +mosip.kernel.filtervalue.max_columns=20 +auth.server.admin.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken + +## PDF generation. TODO: this password must be passed as config server env variable +mosip.kernel.pdf_owner_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 + +## Quality check treshold +mosip.iris_threshold=0 +mosip.leftslap_fingerprint_threshold=0 +mosip.rightslap_fingerprint_threshold=0 +mosip.thumbs_fingerprint_threshold=0 +mosip.facequalitythreshold=0 + +## Bio SDK Integration +mosip.fingerprint.provider=io.mosip.kernel.bioapi.impl.BioApiImpl +mosip.face.provider=io.mosip.kernel.bioapi.impl.BioApiImpl +mosip.iris.provider=io.mosip.kernel.bioapi.impl.BioApiImpl + +## UIN alias +mosip.uin.alias= + +## Kernel salt generator +mosip.kernel.salt-generator.chunk-size=10 +mosip.kernel.salt-generator.start-sequence=0 +mosip.kernel.salt-generator.end-sequence=999 + +## HTTP +server.max-http-header-size=10000000 + + +## Prometheus +management.endpoint.metrics.enabled=true +management.endpoints.web.exposure.include=* +management.endpoint.prometheus.enabled=true +management.metrics.export.prometheus.enabled=true + +mosip.kernel.syncdata-service-idschema-url=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest +mosip.kernel.syncdata-service-dynamicfield-url=${mosip.kernel.masterdata.url}/v1/masterdata/dynamicfields +mosip.kernel.syncdata-service-get-tpm-publicKey-url=${mosip.kernel.syncdata.url}/v1/syncdata/tpm/publickey/ +mosip.kernel.keymanager-service-validate-url=${mosip.kernel.keymanager.url}/v1/keymanager/validate +mosip.kernel.keymanager-service-csverifysign-url=${mosip.kernel.keymanager.url}/v1/keymanager/csverifysign + +## GPS +mosip.registration.gps_device_enable_flag=n + +## Packet manager +## if source is not passed, packetmanager supports below default strategy - +## 1. 'exception' : it will throw exception. +## 2. 'defaultPriority' : use default priority packetmanager.default.priority. +packetmanager.default.read.strategy=defaultPriority +packetmanager.default.priority=source:REGISTRATION_CLIENT\/process:BIOMETRIC_CORRECTION|NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT,source:OPENCRVS\/process:OPENCRVS_NEW +packetmanager.name.source={default:'REGISTRATION_CLIENT',resident:'RESIDENT',opencrvs:'OPENCRVS'} +packetmanager.packet.signature.disable-verification=true +mosip.commons.packetnames=id,evidence,optional +provider.packetreader.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|BIOMETRIC_CORRECTION,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetreader.resident=source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|LOST|RES_REPRINT,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetreader.opencrvs=source:OPENCRVS,process:OPENCRVS_NEW,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetwriter.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|BIOMETRIC_CORRECTION,classname:io.mosip.commons.packet.impl.PacketWriterImpl +provider.packetwriter.resident=source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|LOST|RES_REPRINT,classname:io.mosip.commons.packet.impl.PacketWriterImpl +provider.packetwriter.opencrvs=source:OPENCRVS,process:OPENCRVS_NEW,classname:io.mosip.commons.packet.impl.PacketWriterImpl +objectstore.adapter.name=S3Adapter +## When we use AWS as an object store, we see that buckets with the same name across deployments cannot be created.so use the prefix with bucket name +object.store.s3.bucket-name-prefix=${s3.pretext.value:} +# the idschema is double by default. If country wish to change it to string then make this property false +mosip.commons.packet.manager.schema.validator.convertIdSchemaToDouble=true +## can be OnlinePacketCryptoServiceImpl OR OfflinePacketCryptoServiceImpl +objectstore.crypto.name=OnlinePacketCryptoServiceImpl +default.provider.version=v1.0 +## posix adapter config +object.store.base.location=/home/mosip +hazelcast.config=classpath:hazelcast_default.xml + + + +## Swift +object.store.swift.username=test +object.store.swift.password=test +object.store.swift.url=http://localhost:8080 + +packet.manager.account.name=${s3.pretext.value:}packet-manager +CRYPTOMANAGER_DECRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt +CRYPTOMANAGER_ENCRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt +IDSCHEMAURL=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest +KEYMANAGER_SIGN=${mosip.kernel.keymanager.url}/v1/keymanager/sign +AUDIT_URL=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +packet.default.source=id +schema.default.fieldCategory=pvt,none + +## Device registration/deregistration config +mosip.stage.environment=Developer + +## Log level + +logging.level.root=INFO +logging.level.io.mosip=INFO +logging.level.io.vertx=INFO +logging.level.io.mosip.registration.processor.status=DEBUG +logging.level.io.mosip.kernel.auth.defaultadapter.filter=INFO + +## Tomcat access logs +server.tomcat.accesslog.enabled=true +server.tomcat.accesslog.directory=/dev +server.tomcat.accesslog.prefix=stdout +server.tomcat.accesslog.buffered=false +server.tomcat.accesslog.suffix= +server.tomcat.accesslog.file-date-format= +server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}","req.userAgent":"%{User-Agent}i","req.xForwardedFor":"%{X-Forwarded-For}i","req.referer":"%{Referer}i","req.method":"%m","req.remoteHost":"%a"} +server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve + +## Websub (internal url) +websub.hub.url=${mosip.websub.url}/hub/ +websub.publish.url=${mosip.websub.url}/hub/ + +mosip.mandatory-languages=eng +## Leave blank if no optional langauges +mosip.optional-languages=fra,ara,hin,tam,kan,spa +mosip.min-languages.count=2 +mosip.max-languages.count=3 + +# These are default languages used for sending notifications +mosip.default.template-languages=eng,ara,fra + +# Config key to pick the preferred language for communicating to the Resident +mosip.default.user-preferred-language-attribute=preferredLang + +# Path to identity mapping json file +mosip.identity.mapping-file=${mosip.kernel.xsdstorage-uri}/identity-mapping.json + +mosip.notification.timezone=GMT+05:30 + +# registration center type validation regex, used to restrict the special charecter +mosip.centertypecode.validate.regex=^[a-zA-Z0-9]([_-](?![_-])|[a-zA-Z0-9]){0,34}[a-zA-Z0-9]$ + +## Swagger +openapi.service.servers[0].url=${mosip.api.internal.url}${server.servlet.context-path:${server.servlet.path:}} +openapi.service.servers[0].description=For Swagger + +mosip.auth.filter_disable=false + +# PDF Digital card is protected with password using below property based on define attribute it will encrypt by taking first 4 character. +mosip.digitalcard.uincard.password=fullName|dateOfBirth +mosip.digitalcard.pdf.password.enable.flag=true + +# Web UI Idle timeout related properties +mosip.webui.auto.logout.idle=180 +mosip.webui.auto.logout.ping=30 +mosip.webui.auto.logout.timeout=60 + +mosip.access_token.subject.claim-name=sub + +# It is used as a suffix for creating credential request ID using the RID. +mosip.registration.processor.rid.delimiter=-PDF diff --git a/captcha-default.properties b/captcha-default.properties new file mode 100644 index 00000000000..57c86906a6f --- /dev/null +++ b/captcha-default.properties @@ -0,0 +1,5 @@ +mosip.captcha.api.id=mosip.captcha.id.validate +mosip.captcha.api.version=1.0 + +mosip.captcha.secret-key={'preregistration' : '${prereg.captcha.secret.key}', 'signup' : '${signup.captcha.secret.key}', 'esignet' : '${esignet.captcha.secret.key}' } +mosip.captcha.verify-url=https://www.google.com/recaptcha/api/siteverify diff --git a/esignet-default.properties b/esignet-default.properties index e946e1573cc..592de54100d 100644 --- a/esignet-default.properties +++ b/esignet-default.properties @@ -35,11 +35,13 @@ mosip.esignet.supported-id-regex=\\S* mosip.esignet.id-token-expire-seconds=3600 mosip.esignet.access-token-expire-seconds=3600 # By default, only 2 link codes can be active, and the time period it can be active is defined here, default value is 1 minute -mosip.esignet.link-code-expire-in-secs=60 +mosip.esignet.link-code-expire-in-secs=600 # Number of link code allowed to be generated in a transaction, the default value is 10 mosip.esignet.generate-link-code.limit-per-transaction=10 # Time to complete consent after successful authentication, the default value is 120 -mosip.esignet.authentication-expire-in-secs=120 +mosip.esignet.authentication-expire-in-secs=600 +# Time to complete authentication +mosip.esignet.preauthentication-expire-in-secs=600 # Auth challenge type & format mapping. Auth challenge length validations for each auth factor type. mosip.esignet.auth-challenge.OTP.format=alpha-numeric @@ -52,35 +54,52 @@ mosip.esignet.auth-challenge.PWD.max-length=30 mosip.esignet.auth-challenge.BIO.format=encoded-json mosip.esignet.auth-challenge.BIO.min-length=5000 -mosip.esignet.auth-challenge.BIO.max-length=300000 +mosip.esignet.auth-challenge.BIO.max-length=400000 mosip.esignet.auth-challenge.WLA.format=jwt mosip.esignet.auth-challenge.WLA.min-length=100 mosip.esignet.auth-challenge.WLA.max-length=1500 -mosip.esignet.auth-challenge.KBA.format=base64url-encoded-json -mosip.esignet.auth-challenge.KBA.min-length=50 -mosip.esignet.auth-challenge.KBA.max-length=500 +mosip.esignet.auth-challenge.KBI.format=base64url-encoded-json +mosip.esignet.auth-challenge.KBI.min-length=50 +mosip.esignet.auth-challenge.KBI.max-length=500 mosip.esignet.auth-challenge.PIN.format=number -mosip.esignet.auth-challenge.PIN.min-length=4 -mosip.esignet.auth-challenge.PIN.max-length=4 +mosip.esignet.auth-challenge.PIN.min-length=6 +mosip.esignet.auth-challenge.PIN.max-length=6 +mosip.esignet.auth-challenge.IDT.format=base64url-encoded-json +mosip.esignet.auth-challenge.IDT.min-length=20 +mosip.esignet.auth-challenge.IDT.max-length=2000 + + +mosip.esignet.claim-detail.purpose.min-length=3 +mosip.esignet.claim-detail.purpose.max-length=300 # Endpoints required to have oauth-details-hash and oauth-details-key HTTP header mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authorization/send-otp', \ '${server.servlet.path}/authorization/authenticate', \ '${server.servlet.path}/authorization/v2/authenticate', \ '${server.servlet.path}/authorization/v3/authenticate', \ - '${server.servlet.path}/authorization/auth-code'} - -#This property is used for captcha validation and allowed values are send-otp, pwd and kba. -#captcha validation is enabled for send-otp, pwd and kba. -mosip.esignet.captcha.required=send-otp,pwd - -#Properties used to ratelimit the incoming requests -mosip.esignet.send-otp.attempts=3 -mosip.esignet.authenticate.attempts=3 + '${server.servlet.path}/authorization/auth-code',\ + '${server.servlet.path}/authorization/prepare-signup-redirect',\ + '${server.servlet.path}/authorization/claim-details',\ + '${server.servlet.path}/authorization/resume' } + +# captcha validation is enabled for the auth-factors - otp, pwd, bio and pin. +mosip.esignet.captcha.required=pwd,send-otp +mosip.esignet.captcha.validator-url=https://${mosip.api.internal.host}/v1/captcha/validatecaptcha +mosip.esignet.captcha.module-name=esignet +mosip.esignet.captcha.site-key=${esignet.captcha.site.key} + +# Applicable for signup redirection to update profile +mosip.esignet.signup-id-token-expire-seconds=180 +mosip.esignet.signup-id-token-audience=mosip-signup-oauth-client + +mosip.esignet.send-otp.attempts=300 +mosip.esignet.authenticate.attempts=300 +mosip.esignet.send-otp.invocation-gap-secs=100 +mosip.esignet.authenticate.invocation-gap-secs=500 ## ------------------------------------------ e-Signet binding --------------------------------------------------------- @@ -124,34 +143,29 @@ mosip.esignet.kafka.linked-session.topic=esignet-linked mosip.esignet.kafka.linked-auth-code.topic=esignet-consented ## ------------------------------------------- Integrations ------------------------------------------------------------ - -mosip.esignet.integration.scan-base-package=io.mosip.authentication.esignet.integration,io.mosip.esignet.mock.integration +# mosip.esignet.integration.scan-base-package=io.mosip.esignet.plugin.mock +mosip.esignet.integration.scan-base-package=io.mosip.esignet.plugin.mosipid mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl mosip.esignet.integration.authenticator=IdaAuthenticatorImpl mosip.esignet.integration.key-binder=IdaKeyBinderImpl mosip.esignet.integration.audit-plugin=IdaAuditPluginImpl -mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService mosip.esignet.integration.vci-plugin=IdaVCIssuancePluginImpl -# captcha validator -mosip.esignet.captcha-validator.url=https://www.google.com/recaptcha/api/siteverify -mosip.esignet.captcha-validator.secret=${esignet.captcha.secret.key} -mosip.esignet.captcha-validator.site-key=${esignet.captcha.site.key} # IDA integration props mosip.esignet.authenticator.ida-auth-id=mosip.identity.kycauth mosip.esignet.authenticator.ida-exchange-id=mosip.identity.kycexchange mosip.esignet.authenticator.ida-send-otp-id=mosip.identity.otp mosip.esignet.authenticator.ida-version=1.0 -mosip.esignet.authenticator.ida-domainUri=https://${mosip.esignet.host} -mosip.esignet.authenticator.ida.cert-url=${mosip.file.server.url}/mosip-certs/ida-partner.cer -mosip.esignet.authenticator.ida.kyc-auth-url=${mosip.ida.auth.url}/idauthentication/v1/kyc-auth/delegated/${mosip.esignet.misp.license.key}/ -mosip.esignet.authenticator.ida.kyc-exchange-url=${mosip.ida.auth.url}/idauthentication/v1/kyc-exchange/delegated/${mosip.esignet.misp.license.key}/ -mosip.esignet.authenticator.ida.send-otp-url=${mosip.ida.otp.url}/idauthentication/v1/otp/${mosip.esignet.misp.license.key}/ -mosip.esignet.binder.ida.key-binding-url=${mosip.ida.auth.url}/idauthentication/v1/identity-key-binding/delegated/${mosip.esignet.misp.license.key}/ -mosip.esignet.authenticator.ida.get-certificates-url=${mosip.ida.internal.url}/idauthentication/v1/internal/getAllCertificates -mosip.esignet.authenticator.ida.auth-token-url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey -mosip.esignet.authenticator.ida.audit-manager-url=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +mosip.esignet.authenticator.ida-domainUri=https://esignet.camdgc-qa1.mosip.net +mosip.esignet.authenticator.ida.cert-url=https://${mosip.api.public.host}/mosip-certs/ida-partner.cer +mosip.esignet.authenticator.ida.kyc-auth-url=https://${mosip.api.internal.host}/idauthentication/v1/kyc-auth/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.kyc-exchange-url=https://${mosip.api.internal.host}/idauthentication/v1/kyc-exchange/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.send-otp-url=https://${mosip.api.internal.host}/idauthentication/v1/otp/${mosip.esignet.misp.license.key}/ +mosip.esignet.binder.ida.key-binding-url=https://${mosip.api.internal.host}/idauthentication/v1/identity-key-binding/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.get-certificates-url=https://${mosip.api.internal.host}/idauthentication/v1/internal/getAllCertificates +mosip.esignet.authenticator.ida.auth-token-url=https://${mosip.api.internal.host}/v1/authmanager/authenticate/clientidsecretkey +mosip.esignet.authenticator.ida.audit-manager-url=https://${mosip.api.internal.host}/v1/auditmanager/audits mosip.esignet.authenticator.ida.client-id=mosip-ida-client mosip.esignet.authenticator.ida.secret-key=${mosip.ida.client.secret} mosip.esignet.authenticator.ida.app-id=ida @@ -167,9 +181,9 @@ mosip.esignet.ida.vci-exchange-url=https://${mosip.api.internal.host}/idauthenti mosip.esignet.mock.authenticator.get-identity-url=https://${mosip.api.public.host}/v1/mock-identity-system/identity mosip.esignet.mock.authenticator.kyc-auth-url=https://${mosip.api.public.host}/v1/mock-identity-system/kyc-auth mosip.esignet.mock.authenticator.kyc-exchange-url=https://${mosip.api.public.host}/v1/mock-identity-system/kyc-exchange -mosip.esignet.mock.authenticator.ida.otp-channels=${mosip.esignet.authenticator.ida.otp-channels} mosip.esignet.mock.authenticator.send-otp=https://${mosip.api.public.host}/v1/mock-identity-system/send-otp mosip.esignet.mock.supported.bind-auth-factor-types={'WLA'} +mosip.esignet.mock.authenticator.ida.otp-channels=${mosip.esignet.authenticator.ida.otp-channels} mosip.esignet.mock.vciplugin.verification-method=${mosip.esignet.vci.authn.jwk-set-uri} ## ------------------------------------------ oauth & openid supported values ------------------------------------------ @@ -177,7 +191,7 @@ mosip.esignet.mock.vciplugin.verification-method=${mosip.esignet.vci.authn.jwk-s ## supported scopes mosip.esignet.supported.authorize.scopes={'Manage-Identity-Data','Manage-VID','Manage-Authentication','Manage-Service-Requests','Manage-Credentials'} mosip.esignet.supported.openid.scopes={'profile','email','phone'} -mosip.esignet.openid.scope.claims={'profile' : {'name','address','gender','birthdate','picture','email','phone_number'},'email' : {'email'}, 'phone' : {'phone_number'}} +mosip.esignet.openid.scope.claims={'profile' : {'name','address','gender','birthdate','picture','email','phone_number','phone_number_verified','registration_type','updated_at'},'email' : {'email'}, 'phone' : {'phone_number','phone_number_verified'}} mosip.esignet.supported.credential.scopes={'mock_identity_vc_ldp', 'mosip_identity_vc_ldp'} mosip.esignet.credential.scope-resource-mapping={'mock_identity_vc_ldp' : '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential', 'mosip_identity_vc_ldp': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential'} @@ -226,19 +240,22 @@ mosip.esignet.cache.store.individual-id=true mosip.esignet.cache.security.secretkey.reference-id=TRANSACTION_CACHE mosip.esignet.cache.security.algorithm-name=AES/ECB/PKCS5Padding -mosip.esignet.cache.names=clientdetails,preauth,authenticated,authcodegenerated,userinfo,linkcodegenerated,linked,linkedcode,linkedauth,consented,authtokens,bindingtransaction,vcissuance,apiRateLimit,blocked +mosip.esignet.ida.vci-user-info-cache=userinfo + +mosip.esignet.cache.names=clientdetails,preauth,authenticated,authcodegenerated,userinfo,linkcodegenerated,linked,linkedcode,linkedauth,consented,authtokens,bindingtransaction,vcissuance,apiratelimit,blocked,halted -#spring.cache.type=redis -#spring.cache.cache-names=${mosip.esignet.cache.names} -#spring.redis.host=localhost -#spring.redis.port=6379 +spring.cache.type=redis +spring.cache.cache-names=${mosip.esignet.cache.names} +spring.redis.host=redis-master-0.redis-headless.redis.svc.cluster.local +spring.redis.port=6379 +spring.redis.password=${redis.password} management.health.redis.enabled=false # 'simple' cache type is only applicable only for Non-Production setup -spring.cache.type=simple +#spring.cache.type=simple mosip.esignet.cache.key.hash.algorithm=SHA3-256 -# Cache size setup is applicable only for 'simple' cache type. +# Cache size setup is applicable only for 'simple' cache type. # Cache size configuration will not be considered with 'Redis' cache type mosip.esignet.cache.size={'clientdetails' : 200, \ 'preauth': 200, \ @@ -253,32 +270,34 @@ mosip.esignet.cache.size={'clientdetails' : 200, \ 'authtokens': 2, \ 'bindingtransaction': 200, \ 'vcissuance' : 200, \ -'apiRateLimit' : 500, \ -'blocked': 500 } +'apiratelimit' : 500, \ +'blocked': 500, \ +'halted' : 500} # Cache expire in seconds is applicable for both 'simple' and 'Redis' cache type mosip.esignet.cache.expire-in-seconds={'clientdetails' : 86400, \ -'preauth': 300,\ +'preauth': ${mosip.esignet.preauthentication-expire-in-secs},\ 'authenticated': ${mosip.esignet.authentication-expire-in-secs}, \ -'authcodegenerated': 60, \ +'authcodegenerated': 600, \ 'userinfo': ${mosip.esignet.access-token-expire-seconds}, \ 'linkcodegenerated' : ${mosip.esignet.link-code-expire-in-secs}, \ -'linked': 120, \ +'linked': 600, \ 'linkedcode': ${mosip.esignet.link-code-expire-in-secs}, \ 'linkedauth' : ${mosip.esignet.authentication-expire-in-secs}, \ -'consented': 60, \ +'consented': 600, \ 'authtokens': 86400, \ 'bindingtransaction': 600, \ 'vcissuance': ${mosip.esignet.access-token-expire-seconds}, \ -'apiRateLimit' : 180, \ -'blocked': 300 } +'apiratelimit' : 180, \ +'blocked': 300, \ +'halted' : ${mosip.esignet.signup-id-token-expire-seconds} } ## ------------------------------------------ Discovery openid-configuration ------------------------------------------- mosip.esignet.domain.url=https://${mosip.esignet.host} mosip.esignet.discovery.issuer-id=${mosip.esignet.domain.url}${server.servlet.path} -# This property holds ./wellknown/jwks.json URL, +# This property holds ./wellknown/jwks.json URL, # for local deployments without esignet-ui nginx change the value to ${mosip.esignet.domain.url}${server.servlet.path}/oauth/.well-known/jwks.json mosip.esignet.jwks-uri=${mosip.esignet.domain.url}/.well-known/jwks.json @@ -302,21 +321,22 @@ mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \ \ 'response_types_supported' : ${mosip.esignet.supported.response.types}, \ - \ 'response_modes_supported' : { 'query' }, \ - \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ - \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'}, \ + \ 'acr_values_supported' : {'mosip:idp:acr:knowledge', 'mosip:idp:acr:password', 'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics'},\ \ 'userinfo_signing_alg_values_supported' : {'RS256'}, \ \ 'userinfo_encryption_alg_values_supported' : {'RSAXXXXX'},\ \ 'userinfo_encryption_enc_values_supported' : {'A128GCM'}, \ + \ 'response_modes_supported' : { 'query' }, \ + \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ + \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'}, \ \ 'id_token_signing_alg_values_supported' : {'RS256'}, \ \ 'claim_types_supported': {'normal'}, \ \ 'claims_parameter_supported' : true, \ \ 'display_values_supported' : ${mosip.esignet.supported.ui.displays}, \ \ 'subject_types_supported' : { 'pairwise' }, \ - \ 'claims_supported' : {'name','address','gender','birthdate','picture','email','phone_number','individual_id'}, \ - \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics', 'mosip:idp:acr:knowledge'},\ - \ 'request_parameter_supported' : false, \ + \ 'claims_supported' : {'name','address','gender','birthdate','picture','email','phone_number','individual_id','phone_number_verified','registration_type','updated_at'}, \ \ 'claims_locales_supported' : {'en'}, \ + \ 'request_parameter_supported' : false, \ + \ 'display_values_supported' : ${mosip.esignet.supported.ui.displays}, \ \ 'ui_locales_supported' : {'en'} } ##----------------------------------------- Database properties -------------------------------------------------------- @@ -396,52 +416,62 @@ mosip.kernel.keymanager.jwtsign.validate.json=false mosip.keymanager.dao.enabled=false crypto.PrependThumbprint.enable=true -mosip.kernel.keymgr.hsm.health.check.enabled=true -mosip.kernel.keymgr.hsm.health.key.app-id=OIDC_SERVICE +mosip.kernel.keymgr.hsm.health.check.enabled=true +mosip.kernel.keymgr.hsm.health.key.app-id=OIDC_SERVICE mosip.kernel.keymgr.hsm.healthkey.ref-id=TRANSACTION_CACHE mosip.kernel.keymgr.hsm.health.check.encrypt=true ## -------------------------------------------- IDP-UI config ---------------------------------------------------------- + # NOTE: # 1. linked-transaction-expire-in-secs value should be a sum of 'mosip.esignet.authentication-expire-in-secs' and 'linked' cache expire in seconds under mosip.esignet.cache.expire-in-seconds property # 2. A new Qrcode will be autogenerated before the expiry of current qr-code, and the time difference in seconds for the same is defined in wallet.qr-code-buffer-in-secs property # 3. If esignet is deployed with MOSIP IDA, then 'resend.otp.delay.secs' must be the same as 'mosip.kernel.otp.expiry-time' -mosip.esignet.ui.wallet.config={{'wallet.name': 'walletName', 'wallet.logo-url': '/images/qr_code.png', 'wallet.download-uri': '#', \ +mosip.esignet.ui.wallet.config={{'wallet.name': 'walletName', 'wallet.logo-url': '/images/qr_code.png', 'wallet.download-uri': '#', \ 'wallet.deep-link-uri': 'inji://landing-page-name?linkCode=LINK_CODE&linkExpireDateTime=LINK_EXPIRE_DT' }} mosip.esignet.ui.signup.config={'signup.banner': true, 'signup.url': 'https://${mosip.signup.host}/signup'} -mosip.esignet.ui.forgot-password.config={'forgot-password': true, 'forgot-password.url': 'https://${mosip.signup.host}/reset-password'} +mosip.esignet.ui.forgot-password.config={'forgot-password': true, 'forgot-password.url': 'https://signup.camdgc-qa1.mosip.net/reset-password'} + +mosip.esignet.ui.eKYC-steps.url=https://signup.camdgc-qa1.mosip.net/identity-verification ## Configuration required to display KBI form. # individual-id-field is set with field id which should be considered as an individual ID in the authenticate request. # form-details holds the list of field details like below: # id -> unique field Id, type -> holds datatype, format -> only supported for date fields, regex -> pattern to validate the input value, maxLength -> number of allowed characters # Example: mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id': '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^[A-Za-z\\s]{1,}[\\.]{0,1}[A-Za-z\\s]{0,}$'},{'id':'dob', 'type':'date', 'format':'dd/mm/yyyy'}} -mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field= -mosip.esignet.authenticator.default.auth-factor.kba.field-details={} +mosip.esignet.authenticator.default.auth-factor.kbi.individual-id-field= +mosip.esignet.authenticator.default.auth-factor.kbi.field-details={} + +mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id':'policyNumber', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '[a-zA-Z]+(\\s+[a-zA-Z]+)*'}} + +mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field=policyNumber + +mosip.esignet.ui.eKYC-steps.url=https://${mosip.signup.host}/identity-verification -## Configuration Map input to UI at the start of every transaction. mosip.esignet.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 30, \ 'sbi.timeout.DINFO': 30, 'sbi.timeout.CAPTURE': 30, 'sbi.capture.count.face': 1, 'sbi.capture.count.finger': 1, \ 'sbi.capture.count.iris': 1, 'sbi.capture.score.face': 70, 'sbi.capture.score.finger':70, 'sbi.capture.score.iris':70, \ 'resend.otp.delay.secs': ${mosip.kernel.otp.expiry-time}, 'send.otp.channels' : '${mosip.esignet.authenticator.ida.otp-channels}', \ - 'captcha.sitekey' : '${mosip.esignet.captcha-validator.site-key}', 'captcha.enable' : '${mosip.esignet.captcha.required}', \ - 'auth.txnid.length' : '${mosip.esignet.auth-txn-id-length}', 'consent.screen.timeout-in-secs':${mosip.esignet.authentication-expire-in-secs}, \ + 'captcha.sitekey' : '${mosip.esignet.captcha.site-key}', 'captcha.enable' : '${mosip.esignet.captcha.required}', \ + 'auth.txnid.length' : '${mosip.esignet.auth-txn-id-length}', \ + 'preauth-screen-timeout-in-secs':${mosip.esignet.preauthentication-expire-in-secs}, \ + 'consent.screen.timeout-in-secs':${mosip.esignet.authentication-expire-in-secs}, \ 'consent.screen.timeout-buffer-in-secs': 5, 'linked-transaction-expire-in-secs': 240, 'sbi.port.range': '4501-4600', \ - 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': ${mosip.esignet.auth-challenge.OTP.max-length}, \ - 'password.regex': '^.{8,20}$', \ - 'password.max-length': ${mosip.esignet.auth-challenge.PWD.max-length}, \ - 'username.regex': '^[0-9]{10,30}$',\ - 'username.prefix': '', \ - 'username.postfix': '', \ - 'username.max-length': 16, \ + 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': 6, \'password.regex': '^.{8,20}$', \ + 'password.max-length': 20, \ + 'username.regex': '^[1-9][0-9]{7,8}$',\ + 'username.prefix': '+855', \ + 'username.postfix': '@phone', \ + 'username.max-length': 9, \ 'username.input-type': 'number', 'wallet.config': ${mosip.esignet.ui.wallet.config}, \'signup.config': ${mosip.esignet.ui.signup.config}, \ 'forgot-password.config': ${mosip.esignet.ui.forgot-password.config}, \ + 'eKYC-steps.config': '${mosip.esignet.ui.eKYC-steps.url}', \ 'error.banner.close-timer': 10,\ - 'auth.factor.kba.individual-id-field' : '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}',\ - 'auth.factor.kba.field-details': ${mosip.esignet.authenticator.default.auth-factor.kba.field-details} } + 'auth.factor.kbi.individual-id-field' : '${mosip.esignet.authenticator.default.auth-factor.kbi.individual-id-field}',\ + 'auth.factor.kbi.field-details': ${mosip.esignet.authenticator.default.auth-factor.kbi.field-details}} ## ---------------------------------------------- VCI ------------------------------------------------------------------ # Used to verify audience in the PoP JWT @@ -565,5 +595,5 @@ mosip.esignet.vci.key-values={\ } ## -------------------------------------------- Others ---------------------------------------------------------- -#logging.level.org.springframework.web.client.RestTemplate=DEBUG -#logging.level.io.mosip.esignet=INFO +logging.level.org.springframework.web.client.RestTemplate=DEBUG +logging.level.io.mosip.esignet=INFO diff --git a/esignet-insurance.properties b/esignet-insurance.properties new file mode 100644 index 00000000000..628dffecb9e --- /dev/null +++ b/esignet-insurance.properties @@ -0,0 +1,615 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at https://mozilla.org/MPL/2.0/. + +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# keycloak.external.url +# keycloak.internal.host +# keycloak.internal.url +# keycloak.admin.password +# mosip.auth.client.secret (convention: ..secret) +# mosip.ida.client.secret +# mosip.admin.client.secret +# mosip.reg.client.secret +# mosip.prereg.client.secret +# softhsm.kernel.pin +# softhsm-security-pin +# email.smtp.host +# email.smtp.username +# email.smtp.secret +# mosip.kernel.tokenid.uin.salt +# mosip.kernel.tokenid.partnercode.salt +# mosip.api.internal.url +# mosip.api.public.url + + +## ------------------------------------------------- e-Signet ---------------------------------------------------------- +mosip.esignet.misp.license.key=${mosip.esignet.insurance.misp.key} +mosip.esignet.amr-acr-mapping-file-url=${spring_config_url_env}/*/${active_profile_env}/${spring_config_label_env}/amr-acr-mapping.json +mosip.esignet.auth-txn-id-length=10 +mosip.esignet.supported-id-regex=\\S* +# Generated ID and access tokens 'exp' depends on the below properties, default value is 1-hour +mosip.esignet.id-token-expire-seconds=3600 +mosip.esignet.access-token-expire-seconds=3600 +# By default, only 2 link codes can be active, and the time period it can be active is defined here, default value is 1 minute +mosip.esignet.link-code-expire-in-secs=60 +# Number of link code allowed to be generated in a transaction, the default value is 10 +mosip.esignet.generate-link-code.limit-per-transaction=10 +# Time to complete consent after successful authentication, the default value is 120 +mosip.esignet.authentication-expire-in-secs=120 + +# Auth challenge type & format mapping. Auth challenge length validations for each auth factor type. +mosip.esignet.auth-challenge.OTP.format=alpha-numeric +mosip.esignet.auth-challenge.OTP.min-length=6 +mosip.esignet.auth-challenge.OTP.max-length=6 + +mosip.esignet.auth-challenge.PWD.format=alpha-numeric +mosip.esignet.auth-challenge.PWD.min-length=8 +mosip.esignet.auth-challenge.PWD.max-length=30 + +mosip.esignet.auth-challenge.BIO.format=encoded-json +mosip.esignet.auth-challenge.BIO.min-length=5000 +mosip.esignet.auth-challenge.BIO.max-length=300000 + +mosip.esignet.auth-challenge.WLA.format=jwt +mosip.esignet.auth-challenge.WLA.min-length=100 +mosip.esignet.auth-challenge.WLA.max-length=1500 + +mosip.esignet.auth-challenge.KBA.format=base64url-encoded-json +mosip.esignet.auth-challenge.KBA.min-length=50 +mosip.esignet.auth-challenge.KBA.max-length=500 + +mosip.esignet.auth-challenge.PIN.format=number +mosip.esignet.auth-challenge.PIN.min-length=4 +mosip.esignet.auth-challenge.PIN.max-length=4 + + +# Endpoints required to have oauth-details-hash and oauth-details-key HTTP header +mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authorization/send-otp', \ + '${server.servlet.path}/authorization/authenticate', \ + '${server.servlet.path}/authorization/v2/authenticate', \ + '${server.servlet.path}/authorization/v3/authenticate', \ + '${server.servlet.path}/authorization/auth-code'} + +#This property is used for captcha validation and allowed values are send-otp, pwd and kba. +#captcha validation is enabled for send-otp, pwd and kba. +mosip.esignet.captcha.required=send-otp,pwd,kba + +#Properties used to ratelimit the incoming requests +mosip.esignet.send-otp.attempts=300 +mosip.esignet.authenticate.attempts=300 +mosip.esignet.send-otp.invocation-gap-secs=100 +mosip.esignet.authenticate.invocation-gap-secs=500 + +## ------------------------------------------ e-Signet binding --------------------------------------------------------- + +mosip.esignet.binding.salt-length=16 +mosip.esignet.binding.audience-id=esignet-binding +mosip.esignet.binding.key-expire-days=10 +mosip.esignet.binding.encrypt-binding-id=false + +## -------------------------------------- Authentication & Authorization ----------------------------------------------- + +mosip.esignet.security.auth.post-urls={'${server.servlet.path}/client-mgmt/**' : {'SCOPE_add_oidc_client'} , \ + \ '${server.servlet.path}/system-info/**' : { 'SCOPE_upload_certificate'},\ + \ '${server.servlet.path}/binding/wallet-binding' : { 'SCOPE_wallet_binding'}, \ + \ '${server.servlet.path}/binding/binding-otp' : { 'SCOPE_send_binding_otp'}} +mosip.esignet.security.auth.put-urls={'${server.servlet.path}/client-mgmt/**' : { 'SCOPE_update_oidc_client'} } +mosip.esignet.security.auth.get-urls={'${server.servlet.path}/system-info/**' : { 'SCOPE_get_certificate'} } + +mosip.esignet.security.ignore-csrf-urls=${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\ + ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,\ + ${server.servlet.path}/swagger-ui/**,${server.servlet.path}/v3/api-docs/**,\ + ${server.servlet.path}/linked-authorization/link-transaction,${server.servlet.path}/linked-authorization/authenticate,\ + ${server.servlet.path}/linked-authorization/consent,${server.servlet.path}/binding/**,${server.servlet.path}/client-mgmt/**,\ + ${server.servlet.path}/vci/**,${server.servlet.path}/system-info/**,${server.servlet.path}/linked-authorization/v2/link-transaction,\ + ${server.servlet.path}/linked-authorization/v2/authenticate,${server.servlet.path}/linked-authorization/v2/consent + +mosip.esignet.security.ignore-auth-urls=${server.servlet.path}/csrf/**,${server.servlet.path}/authorization/**,\ + ${server.servlet.path}/linked-authorization/**,${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\ + ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,${server.servlet.path}/swagger-ui/**,\ + ${server.servlet.path}/v3/api-docs/**,${server.servlet.path}/binding/**,${server.servlet.path}/vci/** + +spring.security.oauth2.resourceserver.jwt.issuer-uri=${keycloak.external.url}/auth/realms/mosip +spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs + +##------------------------------------------ Kafka configurations ------------------------------------------------------ +spring.kafka.bootstrap-servers=kafka-0.kafka-headless.${kafka.profile}:${kafka.port},kafka-1.kafka-headless.${kafka.profile}:${kafka.port},kafka-2.kafka-headless.${kafka.profile}:${kafka.port} +spring.kafka.consumer.group-id=esignet-consumer +spring.kafka.consumer.enable-auto-commit=true +#spring.kafka.listener.concurrency=1 + +mosip.esignet.kafka.linked-session.topic=esignet-linked +mosip.esignet.kafka.linked-auth-code.topic=esignet-consented + +## ------------------------------------------- Integrations ------------------------------------------------------------ + +#mosip.esignet.integration.scan-base-package=io.mosip.authentication.esignet.integration,io.mosip.esignet.mock.integration +#mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl +#mosip.esignet.integration.authenticator=IdaAuthenticatorImpl +#mosip.esignet.integration.key-binder=IdaKeyBinderImpl +#mosip.esignet.integration.audit-plugin=IdaAuditPluginImpl +#mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService +#mosip.esignet.integration.vci-plugin=IdaVCIssuancePluginImpl + +mosip.esignet.integration.scan-base-package=io.mosip.esignet.sunbirdrc.integration.service,io.mosip.esignet.mock.integration +mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl +mosip.esignet.integration.authenticator=SunbirdRCAuthenticationService +mosip.esignet.integration.key-binder=MockKeyBindingWrapperService +mosip.esignet.integration.audit-plugin=LoggerAuditService +mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService +mosip.esignet.integration.vci-plugin=SunbirdRCVCIssuancePlugin + +# captcha validator +mosip.esignet.send-otp.captcha-required=false +mosip.esignet.captcha-validator.url=https://www.google.com/recaptcha/api/siteverify +mosip.esignet.captcha-validator.secret=${esignet.captcha.insurance.secret.key} +mosip.esignet.captcha-validator.site-key=${esignet.captcha.insurance.site.key} + +# IDA integration props +mosip.esignet.authenticator.ida-auth-id=mosip.identity.kycauth +mosip.esignet.authenticator.ida-exchange-id=mosip.identity.kycexchange +mosip.esignet.authenticator.ida-send-otp-id=mosip.identity.otp +mosip.esignet.authenticator.ida-version=1.0 +mosip.esignet.authenticator.ida-domainUri=https://${mosip.esignet.insurance.host} +mosip.esignet.authenticator.ida.cert-url=${mosip.file.server.url}/mosip-certs/ida-partner.cer +mosip.esignet.authenticator.ida.kyc-auth-url=${mosip.ida.auth.url}/idauthentication/v1/kyc-auth/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.kyc-exchange-url=${mosip.ida.auth.url}/idauthentication/v1/kyc-exchange/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.send-otp-url=${mosip.ida.otp.url}/idauthentication/v1/otp/${mosip.esignet.misp.license.key}/ +mosip.esignet.binder.ida.key-binding-url=${mosip.ida.auth.url}/idauthentication/v1/identity-key-binding/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.get-certificates-url=${mosip.ida.internal.url}/idauthentication/v1/internal/getAllCertificates +mosip.esignet.authenticator.ida.auth-token-url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey +mosip.esignet.authenticator.ida.audit-manager-url=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +mosip.esignet.authenticator.ida.client-id=mosip-ida-client +mosip.esignet.authenticator.ida.secret-key=${mosip.ida.client.secret} +mosip.esignet.authenticator.ida.app-id=ida +mosip.esignet.authenticator.ida-env=Developer +mosip.esignet.authenticator.ida.otp-channels=email,phone + +mosip.esignet.ida.vci-user-info-cache=userinfo +mosip.esignet.ida.vci-exchange-id=mosip.identity.vciexchange +mosip.esignet.ida.vci-exchange-version=1.0 +mosip.esignet.ida.vci-exchange-url=https://${mosip.api.internal.host}/idauthentication/v1/vci-exchange/delegated/${mosip.esignet.misp.license.key}/ + +# Mock IDA integration props +mosip.esignet.mock.authenticator.get-identity-url=https://${mosip.api.public.host}/v1/mock-identity-system/identity +mosip.esignet.mock.authenticator.kyc-auth-url=https://${mosip.api.public.host}/v1/mock-identity-system/kyc-auth +mosip.esignet.mock.authenticator.kyc-exchange-url=https://${mosip.api.public.host}/v1/mock-identity-system/kyc-exchange +mosip.esignet.mock.authenticator.ida.otp-channels=${mosip.esignet.authenticator.ida.otp-channels} +mosip.esignet.mock.authenticator.send-otp=https://${mosip.api.public.host}/v1/mock-identity-system/send-otp +mosip.esignet.mock.supported.bind-auth-factor-types={'WLA'} +mosip.esignet.mock.vciplugin.verification-method=${mosip.esignet.vci.authn.jwk-set-uri} + +## ------------------------------------------ oauth & openid supported values ------------------------------------------ + +## supported scopes +mosip.esignet.supported.authorize.scopes={'Manage-Identity-Data','Manage-VID','Manage-Authentication','Manage-Service-Requests','Manage-Credentials'} +mosip.esignet.supported.openid.scopes={'profile','email','phone'} +mosip.esignet.openid.scope.claims={'profile' : {'name','address','gender','birthdate','picture','email','phone_number'},'email' : {'email'}, 'phone' : {'phone_number'}} +mosip.esignet.supported.credential.scopes={'mock_identity_vc_ldp', 'mosip_identity_vc_ldp', 'sunbird_rc_insurance_vc_ldp'} +mosip.esignet.credential.scope-resource-mapping={'mock_identity_vc_ldp' : '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential', 'mosip_identity_vc_ldp': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential','sunbird_rc_insurance_vc_ldp': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential'} + +## supported authorization processing flow to be used, Currently only supports Authorization Code Flow. +mosip.esignet.supported.response.types={'code'} + +## Form of Authorization Grant presented to token endpoint +mosip.esignet.supported.grant.types={'authorization_code'} + +## specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User +# page-The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. +# popup-The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. +# touch-The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. +# wap-The Authorization Server SHOULD display the authentication and consent UI consistent with a "feature phone" type display. +mosip.esignet.supported.ui.displays={'page','popup','touch','wap'} + +## specifies whether the Authorization Server prompts the End-User for reauthentication and consent +# none-The Authorization Server MUST NOT display any authentication or consent user interface pages. +# An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent +# for the requested Claims or does not fulfill other conditions for processing the request. +# The error code will typically be login_required, interaction_required, or another code defined in Section 3.1.2.6. +# This can be used as a method to check for existing authentication and/or consent. +# login-The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, \ +# it MUST return an error, typically login_required. +# consent-The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. +# If it cannot obtain consent, it MUST return an error, typically consent_required. +# select_account-The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User +# who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current +# sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, +# typically account_selection_required. +mosip.esignet.supported.ui.prompts={'none','login','consent','select_account'} + +## Type of the client assertion +mosip.esignet.supported.client.assertion.types={'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'} + +## Type of the client authentication methods for token endpoint +mosip.esignet.supported.client.auth.methods={'private_key_jwt'} + +## Only S256 method supported +mosip.esignet.supported-pkce-methods={'S256'} + +## ---------------------------------------- Cache configuration -------------------------------------------------------- + +mosip.esignet.cache.secure.individual-id=true +mosip.esignet.cache.store.individual-id=true +mosip.esignet.cache.security.secretkey.reference-id=TRANSACTION_CACHE +mosip.esignet.cache.security.algorithm-name=AES/ECB/PKCS5Padding + +mosip.esignet.cache.names=clientdetails,preauth,authenticated,authcodegenerated,userinfo,linkcodegenerated,linked,linkedcode,linkedauth,consented,authtokens,bindingtransaction,vcissuance,apiRateLimit,blocked + +#spring.cache.type=redis +#spring.cache.cache-names=${mosip.esignet.cache.names} +#spring.redis.host=localhost +#spring.redis.port=6379 +management.health.redis.enabled=false + +# 'simple' cache type is only applicable only for Non-Production setup +spring.cache.type=simple +mosip.esignet.cache.key.hash.algorithm=SHA3-256 + +# Cache size setup is applicable only for 'simple' cache type. +# Cache size configuration will not be considered with 'Redis' cache type +mosip.esignet.cache.size={'clientdetails' : 200, \ +'preauth': 200, \ +'authenticated': 200, \ +'authcodegenerated': 200, \ +'userinfo': 200, \ +'linkcodegenerated' : 500, \ +'linked': 200 , \ +'linkedcode': 200, \ +'linkedauth' : 200 , \ +'consented' :200, \ +'authtokens': 2, \ +'bindingtransaction': 200, \ +'vcissuance' : 200, \ +'apiRateLimit' : 500, \ +'blocked': 500 } + +# Cache expire in seconds is applicable for both 'simple' and 'Redis' cache type +mosip.esignet.cache.expire-in-seconds={'clientdetails' : 86400, \ +'preauth': 300,\ +'authenticated': ${mosip.esignet.authentication-expire-in-secs}, \ +'authcodegenerated': 60, \ +'userinfo': ${mosip.esignet.access-token-expire-seconds}, \ +'linkcodegenerated' : ${mosip.esignet.link-code-expire-in-secs}, \ +'linked': 120, \ +'linkedcode': ${mosip.esignet.link-code-expire-in-secs}, \ +'linkedauth' : ${mosip.esignet.authentication-expire-in-secs}, \ +'consented': 60, \ +'authtokens': 86400, \ +'bindingtransaction': 600, \ +'vcissuance': ${mosip.esignet.access-token-expire-seconds}, \ +'apiRateLimit' : 180, \ +'blocked': 300 } + +## ------------------------------------------ Discovery openid-configuration ------------------------------------------- + +mosip.esignet.domain.url=https://${mosip.esignet.insurance.host} +mosip.esignet.discovery.issuer-id=${mosip.esignet.domain.url}${server.servlet.path} + +# This property holds ./wellknown/jwks.json URL, +# for local deployments without esignet-ui nginx change the value to ${mosip.esignet.domain.url}${server.servlet.path}/oauth/.well-known/jwks.json +mosip.esignet.jwks-uri=${mosip.esignet.domain.url}/.well-known/jwks.json + +mosip.esignet.token.endpoint=${mosip.esignet.domain.url}${server.servlet.path}/oauth/v2/token + +mosip.esignet.oauth.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}/authorize' , \ + \ 'token_endpoint': '${mosip.esignet.token.endpoint}' , \ + \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ + \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ + \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'},\ + \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \ + \ 'response_modes_supported' : { 'query' }, \ + \ 'grant_types_supported' : ${mosip.esignet.supported.grant.types},\ + \ 'response_types_supported' : ${mosip.esignet.supported.response.types}} + +mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}/authorize' , \ + \ 'token_endpoint': '${mosip.esignet.token.endpoint}' ,\ + \ 'userinfo_endpoint' : '${mosip.esignet.domain.url}${server.servlet.path}/oidc/userinfo' ,\ + \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ + \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \ + \ 'response_types_supported' : ${mosip.esignet.supported.response.types}, \ + \ 'response_modes_supported' : { 'query' }, \ + \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ + \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'}, \ + \ 'userinfo_signing_alg_values_supported' : {'RS256'}, \ + \ 'userinfo_encryption_alg_values_supported' : {'RSAXXXXX'},\ + \ 'userinfo_encryption_enc_values_supported' : {'A128GCM'}, \ + \ 'id_token_signing_alg_values_supported' : {'RS256'}, \ + \ 'claim_types_supported': {'normal'}, \ + \ 'claims_parameter_supported' : true, \ + \ 'display_values_supported' : ${mosip.esignet.supported.ui.displays}, \ + \ 'subject_types_supported' : { 'pairwise' }, \ + \ 'claims_supported' : {'name','address','gender','birthdate','picture','email','phone_number','individual_id'}, \ + \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics', 'mosip:idp:acr:knowledge'},\ + \ 'request_parameter_supported' : false, \ + \ 'claims_locales_supported' : {'en'}, \ + \ 'ui_locales_supported' : {'en'} } + +##----------------------------------------- Database properties -------------------------------------------------------- + +mosip.esignet.database.hostname=postgres-postgresql.postgres +mosip.esignet.database.port=5432 +spring.datasource.url=jdbc:postgresql://${mosip.esignet.database.hostname}:${mosip.esignet.database.port}/mosip_esignet_insurance?currentSchema=esignet +spring.datasource.username=esignetuser +spring.datasource.password=${db.dbuser.password} + +spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL95Dialect +spring.jpa.show-sql=false +spring.jpa.hibernate.ddl-auto=none +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true + +#------------------------------------ Key-manager specific properties -------------------------------------------------- +#Crypto asymmetric algorithm name +mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING +#Crypto symmetric algorithm name +mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding +#Keygenerator asymmetric algorithm name +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +#Keygenerator symmetric algorithm name +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +#Asymmetric algorithm key length +mosip.kernel.keygenerator.asymmetric-key-length=2048 +#Symmetric algorithm key length +mosip.kernel.keygenerator.symmetric-key-length=256 +#Encrypted data and encrypted symmetric key separator +mosip.kernel.data-key-splitter=#KEY_SPLITTER# +#GCM tag length +mosip.kernel.crypto.gcm-tag-length=128 +#Hash algo name +mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 +#Symmtric key length used in hash +mosip.kernel.crypto.hash-symmetric-key-length=256 +#No of iterations in hash +mosip.kernel.crypto.hash-iteration=100000 +#Sign algo name +mosip.kernel.crypto.sign-algorithm-name=RS256 +#Certificate Sign algo name +mosip.kernel.certificate.sign.algorithm=SHA256withRSA + +#mosip.kernel.keymanager.hsm.config-path=local.p12 +#mosip.kernel.keymanager.hsm.keystore-type=PKCS12 +#mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.idp.pin} + +#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE +mosip.kernel.keymanager.hsm.keystore-type=PKCS11 +# For PKCS11 provide Path of config file. +# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name. +# For Offline & JCE property can be left blank, specified value will be ignored. +mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf +# Passkey of keystore for PKCS11, PKCS12 +# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties. +mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.esignet.insurance.security.pin} + + +mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io +mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER +mosip.kernel.keymanager.certificate.default.organization=IITB +mosip.kernel.keymanager.certificate.default.location=BANGALORE +mosip.kernel.keymanager.certificate.default.state=KA +mosip.kernel.keymanager.certificate.default.country=IN + +mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io +mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP +mosip.kernel.keymanager.softhsm.certificate.organization=IITB +mosip.kernel.keymanager.softhsm.certificate.country=IN + +# Application Id for PMS master key. +mosip.kernel.partner.sign.masterkey.application.id=PMS +mosip.kernel.partner.allowed.domains=DEVICE + +mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate +mosip.kernel.keymanager.jwtsign.validate.json=false +mosip.keymanager.dao.enabled=false +crypto.PrependThumbprint.enable=true + +mosip.kernel.keymgr.hsm.health.check.enabled=true +mosip.kernel.keymgr.hsm.health.key.app-id=OIDC_SERVICE +mosip.kernel.keymgr.hsm.healthkey.ref-id=TRANSACTION_CACHE +mosip.kernel.keymgr.hsm.health.check.encrypt=true + +## -------------------------------------------- IDP-UI config ---------------------------------------------------------- +# NOTE: +# 1. linked-transaction-expire-in-secs value should be a sum of 'mosip.esignet.authentication-expire-in-secs' and 'linked' cache expire in seconds under mosip.esignet.cache.expire-in-seconds property +# 2. A new Qrcode will be autogenerated before the expiry of current qr-code, and the time difference in seconds for the same is defined in wallet.qr-code-buffer-in-secs property +# 3. If esignet is deployed with MOSIP IDA, then 'resend.otp.delay.secs' must be the same as 'mosip.kernel.otp.expiry-time' + +mosip.esignet.ui.wallet.config={{'wallet.name': 'walletName', 'wallet.logo-url': '/images/qr_code.png', 'wallet.download-uri': '#', \ + 'wallet.deep-link-uri': 'inji://landing-page-name?linkCode=LINK_CODE&linkExpireDateTime=LINK_EXPIRE_DT' }} + +mosip.esignet.ui.signup.config={'signup.banner': true, 'signup.url': 'https://${mosip.signup.host}/signup'} + +mosip.esignet.ui.forgot-password.config={'forgot-password': true, 'forgot-password.url': 'https://${mosip.signup.host}/reset-password'} + +## Configuration required to display KBI form. +# individual-id-field is set with field id which should be considered as an individual ID in the authenticate request. +# form-details holds the list of field details like below: +# id -> unique field Id, type -> holds datatype, format -> only supported for date fields, regex -> pattern to validate the input value, maxLength -> number of allowed characters +# Example: mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id': '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^[A-Za-z\\s]{1,}[\\.]{0,1}[A-Za-z\\s]{0,}$'},{'id':'dob', 'type':'date', 'format':'dd/mm/yyyy'}} + +## Configuration Map input to UI at the start of every transaction. +mosip.esignet.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 30, \ + 'sbi.timeout.DINFO': 30, 'sbi.timeout.CAPTURE': 30, 'sbi.capture.count.face': 1, 'sbi.capture.count.finger': 1, \ + 'sbi.capture.count.iris': 1, 'sbi.capture.score.face': 70, 'sbi.capture.score.finger':70, 'sbi.capture.score.iris':70, \ + 'resend.otp.delay.secs': ${mosip.kernel.otp.expiry-time}, 'send.otp.channels' : '${mosip.esignet.authenticator.ida.otp-channels}', \ + 'captcha.sitekey' : '${mosip.esignet.captcha-validator.site-key}', 'captcha.enable' : '${mosip.esignet.captcha.required}', \ + 'auth.txnid.length' : '${mosip.esignet.auth-txn-id-length}', 'consent.screen.timeout-in-secs':${mosip.esignet.authentication-expire-in-secs}, \ + 'consent.screen.timeout-buffer-in-secs': 5, 'linked-transaction-expire-in-secs': 240, 'sbi.port.range': '4501-4600', \ + 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': ${mosip.esignet.auth-challenge.OTP.max-length}, \ + 'password.regex': '^.{8,20}$', \ + 'password.max-length': ${mosip.esignet.auth-challenge.PWD.max-length}, \ + 'username.regex': '^[0-9]{10,30}$',\ + 'username.prefix': '', \ + 'username.postfix': '', \ + 'username.max-length': 16, \ + 'username.input-type': 'number', 'wallet.config': ${mosip.esignet.ui.wallet.config}, \'signup.config': ${mosip.esignet.ui.signup.config}, \ + 'forgot-password.config': ${mosip.esignet.ui.forgot-password.config}, \ + 'error.banner.close-timer': 10,\ + 'auth.factor.kba.individual-id-field' : '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}',\ + 'auth.factor.kba.field-details': ${mosip.esignet.authenticator.default.auth-factor.kba.field-details} } + +mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id':'policyNumber', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '[a-zA-Z]+(\\s+[a-zA-Z]+)*'},{"id":"dob", "type":"date"}} +mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field=policyNumber + + +## ---------------------------------------------- VCI ------------------------------------------------------------------ +# Used to verify audience in the PoP JWT +mosip.esignet.vci.identifier=${mosip.esignet.domain.url} +mosip.esignet.vci.authn.filter-urls={ '${server.servlet.path}/vci/credential' } +# Change this if the VCI is used with different OAUTH2.0 server +mosip.esignet.vci.authn.issuer-uri=${mosip.esignet.discovery.issuer-id} +mosip.esignet.vci.authn.jwk-set-uri=${mosip.esignet.jwks-uri} + +mosip.esignet.vci.authn.allowed-audiences={ '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential' } + +mosip.esignet.cnonce-expire-seconds=40 +mosip.esignet.vci.supported.jwt-proof-alg={'RS256','PS256'} +mosip.esignet.vci.key-values={\ + 'v11' : {\ + 'credential_issuer': '${mosip.esignet.vci.identifier}', \ + 'credential_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential', \ + 'display': {{'name': 'Insurance', 'locale': 'en'}},\ + 'credentials_supported': {{\ + 'format': 'ldp_vc',\ + 'id': 'InsuranceCredential', \ + 'scope' : 'sunbird_rc_insurance_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'Ed25519Signature2020'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential','InsuranceCredential'},\ + 'credentialSubject': {\ + 'fullName': {'display': {{'name': 'Name','locale': 'en'}}}, \ + 'mobile': {'display': {{'name': 'Phone Number','locale': 'en'}}},\ + 'dob': {'display': {{'name': 'Date of Birth','locale': 'en'}}},\ + 'gender': {'display': {{'name': 'Gender','locale': 'en'}}},\ + 'benefits': {'display': {{'name': 'Benefits','locale': 'en'}}},\ + 'email': {'display': {{'name': 'Email Id','locale': 'en'}}},\ + 'policyIssuedOn': {'display': {{'name': 'Policy Issued On','locale': 'en'}}},\ + 'policyExpiresOn': {'display': {{'name': 'Policy Expires On','locale': 'en'}}},\ + 'policyName': {'display': {{'name': 'Policy Name','locale': 'en'}}},\ + 'policyNumber': {'display': {{'name': 'Policy Number','locale': 'en'}}}\ + }},\ + 'display': {{'name': 'Sunbird Insurance', \ + 'locale': 'en', \ + 'logo': {'url': 'https://${mosip.api.public.host}/inji/veridonia-logo.png', 'alt_text': 'a square logo of a Veridonia'},\ + 'background_color': '#FDFAF9',\ + 'text_color': '#7C4616'}},\ + 'order' : {'fullName','policyName','policyExpiresOn','policyIssuedOn','policyNumber','mobile','dob','gender','benefits','email'}\ + },\ + {\ + 'format': 'ldp_vc',\ + 'id': 'LifeInsuranceCredential', \ + 'scope' : 'life_insurance_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'Ed25519Signature2020'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential', 'LifeInsuranceCredential'},\ + 'credentialSubject': {\ + 'fullName': {'display': {{'name': 'Name','locale': 'en'}}}, \ + 'mobile': {'display': {{'name': 'Phone Number','locale': 'en'}}},\ + 'dob': {'display': {{'name': 'Date of Birth','locale': 'en'}}},\ + 'gender': {'display': {{'name': 'Gender','locale': 'en'}}},\ + 'benefits': {'display': {{'name': 'Benefits','locale': 'en'}}},\ + 'email': {'display': {{'name': 'Email Id','locale': 'en'}}},\ + 'policyIssuedOn': {'display': {{'name': 'Policy Issued On','locale': 'en'}}},\ + 'policyExpiresOn': {'display': {{'name': 'Policy Expires On','locale': 'en'}}},\ + 'policyName': {'display': {{'name': 'Policy Name','locale': 'en'}}},\ + 'policyNumber': {'display': {{'name': 'Policy Number','locale': 'en'}}}\ + }},\ + 'display': {{'name': 'Life Insurance', \ + 'locale': 'en', \ + 'logo': {'url': 'https://${mosip.api.public.host}/inji/veridonia-logo.png','alt_text': 'a square logo of a Veridonia'},\ + 'background_color': '#FDFAF9',\ + 'text_color': '#7C4616'}},\ + 'order' : {'fullName','policyName','policyExpiresOn','policyIssuedOn','policyNumber','mobile','dob','gender','benefits','email'}\ + }}\ + },\ + 'latest' : {\ + 'credential_issuer': '${mosip.esignet.vci.identifier}', \ + 'credential_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential', \ + 'display': {{'name': 'Insurance', 'locale': 'en'}},\ + 'credentials_supported' : { \ + "InsuranceCredential" : {\ + 'format': 'ldp_vc',\ + 'scope' : 'sunbird_rc_insurance_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'Ed25519Signature2020'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential','InsuranceCredential'},\ + 'credentialSubject': {\ + 'fullName': {'display': {{'name': 'Name','locale': 'en'}}}, \ + 'mobile': {'display': {{'name': 'Phone Number','locale': 'en'}}},\ + 'dob': {'display': {{'name': 'Date of Birth','locale': 'en'}}},\ + 'gender': {'display': {{'name': 'Gender','locale': 'en'}}},\ + 'benefits': {'display': {{'name': 'Benefits','locale': 'en'}}},\ + 'email': {'display': {{'name': 'Email Id','locale': 'en'}}},\ + 'policyIssuedOn': {'display': {{'name': 'Policy Issued On','locale': 'en'}}},\ + 'policyExpiresOn': {'display': {{'name': 'Policy Expires On','locale': 'en'}}},\ + 'policyName': {'display': {{'name': 'Policy Name','locale': 'en'}}},\ + 'policyNumber': {'display': {{'name': 'Policy Number','locale': 'en'}}}\ + }},\ + 'display': {{'name': 'Sunbird Insurance', \ + 'locale': 'en', \ + 'logo': {'url': 'https://${mosip.api.public.host}/inji/veridonia-logo.png','alt_text': 'a square logo of a Veridonia'},\ + 'background_color': '#FDFAF9',\ + 'text_color': '#7C4616'}},\ + 'order' : {'fullName','policyName','policyExpiresOn','policyIssuedOn','policyNumber','mobile','dob','gender','benefits','email'}\ + },\ + "LifeInsuranceCredential":{\ + 'format': 'ldp_vc',\ + 'scope' : 'life_insurance_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'Ed25519Signature2020'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential', 'LifeInsuranceCredential'},\ + 'credentialSubject': {\ + 'fullName': {'display': {{'name': 'Name','locale': 'en'}}}, \ + 'mobile': {'display': {{'name': 'Phone Number','locale': 'en'}}},\ + 'dob': {'display': {{'name': 'Date of Birth','locale': 'en'}}},\ + 'gender': {'display': {{'name': 'Gender','locale': 'en'}}},\ + 'benefits': {'display': {{'name': 'Benefits','locale': 'en'}}},\ + 'email': {'display': {{'name': 'Email Id','locale': 'en'}}},\ + 'policyIssuedOn': {'display': {{'name': 'Policy Issued On','locale': 'en'}}},\ + 'policyExpiresOn': {'display': {{'name': 'Policy Expires On','locale': 'en'}}},\ + 'policyName': {'display': {{'name': 'Policy Name','locale': 'en'}}},\ + 'policyNumber': {'display': {{'name': 'Policy Number','locale': 'en'}}}\ + }},\ + 'display': {{'name': 'Life Insurance', \ + 'locale': 'en', \ + 'logo': {'url': 'https://${mosip.api.public.host}/inji/veridonia-logo.png','alt_text': 'a square logo of a Veridonia'},\ + 'background_color': '#FDFAF9',\ + 'text_color': '#7C4616'}},\ + 'order' : {'fullName','policyName','policyExpiresOn','policyIssuedOn','policyNumber','mobile','dob','gender','benefits','email'}\ + }}\ + }\ +} +## -------------------------------------------- Others ---------------------------------------------------------- + +#logging.level.org.springframework.web.client.RestTemplate=DEBUG +#logging.level.io.mosip.esignet=INFO + +##---------------------------------Sunbird-RC Plugin Configurations------------------------------------------------------ + +mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.individual-id-field=${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field} +mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.field-details=${mosip.esignet.authenticator.default.auth-factor.kba.field-details} +mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.registry-search-url=${mosip.sunbird.url}/api/v1/Insurance/search +mosip.esignet.authenticator.sunbird-rc.kba.entity-id-field=osid + +mosip.esignet.vciplugin.sunbird-rc.enable-psut-based-registry-search=false +mosip.esignet.vciplugin.sunbird-rc.issue-credential-url=${mosip.sunbird.url}/credentials-service/credentials/issue +mosip.esignet.vciplugin.sunbird-rc.supported-credential-types=InsuranceCredential +mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.static-value-map.issuerId=did:web:registry.dev1.mosip.net:identity-service:3e432fe5-bdab-4717-8eaa-a80d79823e58 +mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.template-url=https://raw.githubusercontent.com/mosip/mosip-config/camdgc-qa/insurance-credential.json +mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.registry-get-url=${mosip.sunbird.url}/api/v1/Insurance/ +mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.cred-schema-id=did:schema:1db02c37-7cfa-451b-b005-f5361effee0b +mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.cred-schema-version=1.0.0 +mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.registry-search-url=${mosip.sunbird.url}/api/v1/Insurance/search + diff --git a/id-authentication-default.properties b/id-authentication-default.properties index 198c3aab59e..bfce2752351 100644 --- a/id-authentication-default.properties +++ b/id-authentication-default.properties @@ -271,6 +271,9 @@ ida-topic-fraud-analysis=IDA_FRAUD_ANALYTICS ida-topic-auth-anonymous-profile=ANONYMOUS_PROFILE ida-topic-pmp-oidc-client-created=OIDC_CLIENT_CREATED ida-topic-pmp-oidc-client-updated=OIDC_CLIENT_UPDATED +ida-topic-remove-id-status=REMOVE_ID_STATUS + +ida-topic-on-demand-template-extraction=AUTHENTICATION_ERRORS # in minutes mosip.iam.adapter.validate-expiry-check-rate=15 @@ -407,9 +410,9 @@ ida.api.version.kycexchange=1.0 static.token.enable=true ## Allowed ID Types (allowed values : UIN/VID/USERID) to be supported for Authentication/KYC/OTP Requests -request.idtypes.allowed=UIN,VID,HANDLE +request.idtypes.allowed=UIN,HANDLE ## The ID types to be supported for Internal Authentication/OTP Requests -request.idtypes.allowed.internalauth=UIN,VID +request.idtypes.allowed.internalauth=UIN ## Cryptograpic/Signature verificate related configurations mosip.ida.internal.thumbprint-validation-required=false @@ -546,7 +549,7 @@ ida.fetch.failed.websub.messages.chunk.size=10 # and error will be returned in the auth response. #Auth Filters for external auth -ida.mosip.external.auth.filter.classes.in.execution.order=io.mosip.authentication.hotlistfilter.impl.PartnerIdHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.IndividualIdHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.DeviceProviderHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.DeviceHotlistFilterImpl,io.mosip.authentication.childauthfilter.impl.ChildAuthFilterImpl,io.mosip.authentication.authtypelockfilter.impl.AuthTypeLockFilterImpl +ida.mosip.external.auth.filter.classes.in.execution.order=io.mosip.authentication.hotlistfilter.impl.PartnerIdHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.IndividualIdHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.DeviceProviderHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.DeviceHotlistFilterImpl,io.mosip.authentication.authtypelockfilter.impl.AuthTypeLockFilterImpl #Auth Filters for kyc auth ida.mosip.internal.auth.filter.classes.in.execution.order=io.mosip.authentication.hotlistfilter.impl.IndividualIdHotlistFilterImpl,io.mosip.authentication.childauthfilter.impl.ChildAuthFilterImpl @@ -633,6 +636,9 @@ mosip.ida.kyc.exchange.default.lang=eng mosip.ida.idp.consented.address.subset.attributes=street_address,locality,region,postal_code,country mosip.kernel.keymgr.hsm.health.key.app-id=IDA + +mosip.ida.key.binding.certificate.validity.in.days=120 + mosip.ida.config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ mosip.ida.vercred.context.url.map={"https://www.w3.org/ns/odrl.jsonld" : "odrl.jsonld", "https://www.w3.org/2018/credentials/v1" : "cred-v1.jsonld", "https://${mosip.api.public.host}/.well-known/mosip-ida-context.json" : "mosip-ida-context.json"} mosip.ida.vercred.context.uri=vccontext-ida.jsonld @@ -645,8 +651,11 @@ mosip.ida.vci.supported.cred.types=VerifiableCredential,MOSIPVerifiableCredentia # Regex to validate handles with provided key as the postfix # if the input handle is +855345353453@phone then the provided regex is used to validate the input. -mosip.ida.handle-types.regex={ '@phone' : '^\\+91[1-9][0-9]{7,9}@phone$' } +mosip.ida.handle-types.regex={ '@phone' : '^\\+855[1-9][0-9]{4,11}@phone$' } + +mosip.ida.key.binding.name.default.langCode=khm +mosip.ida.ondemand.template.extraction.partner.id=mpartner-default-tempextraction #-------------------------------- Authentication error eventing------------------------------- #It enable and disable the bean init of kafka and Authentication error eventing mosip.ida.authentication.error.eventing.enabled=true @@ -659,4 +668,4 @@ mosip.ida.kafka.bootstrap.servers=kafka-0.kafka-headless.${kafka.profile}:${kafk spring.kafka.admin.properties.allow.auto.create.topics=true logging.level.org.apache.kafka=DEBUG #----------------------------------------------------end------------------------------------------ -mosip.kernel.keymgr.hsm.health.check.enabled=false \ No newline at end of file +mosip.kernel.keymgr.hsm.health.check.enabled=false diff --git a/id-repository-default.properties b/id-repository-default.properties index 7f21f014640..a0e0d57410c 100644 --- a/id-repository-default.properties +++ b/id-repository-default.properties @@ -172,6 +172,8 @@ mosip.iam.adapter.renewal-before-expiry-interval=15 mosip.iam.adapter.self-token-renewal-enable=true mosip.auth.filter_disable=false +mosip.idrepo.vid.disable-support=true + mosip.idrepo.bio-extractor-service.rest.uri=${mosip.mock.biosdk.url}/biosdk-service/{extractionFormat}/extracttemplates mosip.idrepo.bio-extractor-service.rest.httpMethod=POST mosip.idrepo.bio-extractor-service.rest.headers.mediaType=application/json @@ -200,6 +202,7 @@ mosip.idrepo.credential.cancel-request.rest.timeout=100 ## Credential status job # Fixed delay time after which job will be triggered again to process the created/updated credential details. mosip.idrepo.credential-status-update-job.fixed-delay-in-ms=10000 +mosip.idrepo.credential.request.batch.page.size=100 # Dummy partner id used to create a credential request record in credential_request_status. # Credential won't be issued for the below provided. id-repository-credential-feeder will utilize @@ -221,6 +224,10 @@ mosip.idrepo.websub.vid-credential-update.callback-url=${mosip.idrepo.identity.u mosip.idrepo.websub.vid-credential-update.topic=VID_CRED_STATUS_UPDATE mosip.idrepo.websub.vid-credential-update.secret= ${idrepo.websub.vid.credential.update.secret} mosip.idrepo.websub.credential-status-update.topic=CREDENTIAL_STATUS_UPDATE +mosip.idrepo.websub.remove-id-status.topic=REMOVE_ID_STATUS +mosip.idrepo.websub.remove-id-status.secret=${idrepo.websub.remove.id.status.secret} +idrepo.websub.callback.remove-id-status.relative.url=/idrepository/v1/identity/callback/remove_id_status +mosip.idrepo.websub.remove-id-status.callback-url=${mosip.idrepo.identity.url}${idrepo.websub.callback.remove-id-status.relative.url} ## Auth adapter mosip.iam.adapter.clientid.id-repository=${mosip.idrepo.auth.client-id} @@ -335,6 +342,7 @@ mosip.credential.service.retry.maxAttempts=3 mosip.credential.service.retry.maxDelay=100 IDREPOGETIDBYID=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid +IDREPORETRIEVEIDBYID=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid/ mosip.data.share.protocol=http mosip.data.share.internal.domain.name=datashare.datashare CREATEDATASHARE=/v1/datashare/create @@ -406,10 +414,13 @@ mosip.role.idrepo.credentialrequest.getcancelrequestid=CREDENTIAL_REQUEST,ID_REP mosip.role.idrepo.credentialrequest.getgetrequestid=CREDENTIAL_REQUEST mosip.role.idrepo.credentialrequest.getgetrequestids=CREDENTIAL_REQUEST mosip.role.idrepo.credentialrequest.putretriggerrequestid=CREDENTIAL_REQUEST +mosip.role.idrepo.identity.postidrepov2=REGISTRATION_PROCESSOR,ID_REPOSITORY mosip.role.idrepo.credentialservice.postissue=CREDENTIAL_REQUEST +mosip.role.idrepo.identity.postidvidid=REGISTRATION_PROCESSOR,RESIDENT,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,ID_AUTHENTICATION,ID_REPOSITORY mosip.role.idrepo.identity.postidrepo=REGISTRATION_PROCESSOR,ID_REPOSITORY mosip.role.idrepo.identity.getidvidid=REGISTRATION_PROCESSOR,RESIDENT,REGISTRATION_ADMIN,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,ID_AUTHENTICATION,ID_REPOSITORY mosip.role.idrepo.identity.patchidrepo=REGISTRATION_PROCESSOR,ID_REPOSITORY +mosip.role.idrepo.identity.patchidrepov2=REGISTRATION_PROCESSOR,ID_REPOSITORY mosip.role.idrepo.identity.getauthtypesstatusindividualidtypeindividualid=RESIDENT,ID_REPOSITORY mosip.role.idrepo.identity.postauthtypesstatus=RESIDENT,ID_REPOSITORY mosip.role.idrepo.identity.postdraftcreateregistrationId=REGISTRATION_PROCESSOR,ID_REPOSITORY @@ -435,7 +446,7 @@ mosip.mask.function.identityAttributes=convertToMaskData mosip.credential.service.fetch-identity.type=bio -mosip.idrepo.credential.request.enable-convention-based-id=false +mosip.idrepo.credential.request.enable-convention-based-id=true mosip.idrepo.credential-request-v2.rest.uri=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/v2/requestgenerator/{rid} mosip.idrepo.credential-request-v2.rest.httpMethod=POST mosip.idrepo.credential-request-v2.rest.headers.mediaType=application/json @@ -448,9 +459,44 @@ mosip.idrepo.identity.disable-uin-based-credential-request=false # This configuration is considered only when mentioned fieldId is marked to be a handle in the identity schema and it is one of the selectedHandle in the ID-object. mosip.identity.fieldid.handle-postfix.mapping={'phone':'@phone'} mosip.idrepo.identity.max-request-time-deviation-seconds=60 +auth.types.allowed=demo,otp,bio-Finger,bio-Iris,bio-Face #Enable this property only when to check cache log #logging.level.org.springframework.cache=TRACE # By default, it is false. To enable force merge of data, change it to true. mosip.idrepo.create-identity.enable-force-merge=false -mosip.identity.get.excluded.attribute.list=UIN,verifiedAttributes,IDSchemaVersion \ No newline at end of file +mosip.identity.get.excluded.attribute.list=UIN,verifiedAttributes,IDSchemaVersion + + +#cache configurations +mosip.idrepo.cache.names=credential_transaction,partner_extractor_formats,datashare_policies,topics,online_verification_partners,uin_encrypt_salt,uin_hash_salt,id_attributes + +spring.cache.type=simple +#spring.cache.type=redis +#spring.redis.host=redis-master-0.redis-headless.redis.svc.cluster.local +#spring.redis.port=6379 +#spring.redis.password=${redis.password} +#spring.cache.cache-names=${mosip.idrepo.cache.names} + +mosip.idrepo.cache.size={'credential_transaction' : 200, \ +'partner_extractor_formats': 200, \ +'datashare_policies': 200, \ +'topics': 200, \ +'online_verification_partners': 200, \ +'uin_encrypt_salt' : 100, \ +'uin_hash_salt': 100 , \ +'id_attributes': 200 } + +# Cache expire in seconds is applicable for both 'simple' and 'Redis' cache type +mosip.idrepo.cache.expire-in-seconds={'credential_transaction' : 86400, \ +'partner_extractor_formats': 86400,\ +'datashare_policies': 86400, \ +'topics': 86400, \ +'online_verification_partners': 86400, \ +'uin_encrypt_salt' : 86400, \ +'uin_hash_salt': 86400, \ +'id_attributes': 86400} + +management.health.redis.enabled=false +mosip.idrepo.verified-attributes.schema-url=${config.server.file.storage.uri}VerifiedAttributes.json +mosip.idrepo.update-identity.fields-to-replace={"selectedHandles","phone"} diff --git a/identity-mapping.json b/identity-mapping.json index 567b1172a27..59d65bc486d 100644 --- a/identity-mapping.json +++ b/identity-mapping.json @@ -33,7 +33,7 @@ "phone": { "value": "phone" }, - "phoneNumber": { + "phone_number": { "value": "phone" }, "email": { @@ -164,9 +164,9 @@ } }, "attributeUpdateCountLimit": { - "fullName": 2, + "fullName": 5, "gender": 2, - "dateOfBirth": 2 + "dateOfBirth": 3 diff --git a/kernel-default.properties b/kernel-default.properties index ef448f4a506..6fbfd3be9ed 100644 --- a/kernel-default.properties +++ b/kernel-default.properties @@ -37,19 +37,21 @@ mosip.kernel.syncdata-service-idschema-url=${mosip.kernel.masterdata.url}/v1/mas ## SMS notification mosip.kernel.sms.enabled=true -mosip.kernel.sms.country.code=+91 +mosip.kernel.sms.country.code=+855 +mosip.kernel.sms.number.min.length=8 +mosip.kernel.sms.number.max.length=10 mosip.kernel.sms.number.length=10 #mosip.kernel.sms.gateway : "infobip" or "msg91" mosip.kernel.sms.gateway=${sms.gateway.provider} ## --msg91 gateway-- mosip.kernel.sms.api=smsapi -mosip.kernel.sms.authkey=${sms.authkey} +mosip.kernel.sms.authkey=authkey mosip.kernel.sms.route=route mosip.kernel.sms.sender=sender mosip.kernel.sms.unicode=unicode mosip.kernel.sms.enabled=true -mosip.kernel.sms.country.code=+91 +mosip.kernel.sms.country.code=+855 mosip.kernel.sms.number.length=10 mosip.kernel.sms.api=http://${sms.host}:${sms.port}/sendsms mosip.kernel.sms.sender=AD-MOSIP diff --git a/misp-policy-schema.json b/misp-policy-schema.json index bae8f033c51..8404d52cb29 100644 --- a/misp-policy-schema.json +++ b/misp-policy-schema.json @@ -22,6 +22,5 @@ "allowAuthRequestDelegation", "allowKycRequestDelegation", "allowKeyBindingDelegation" - ], - "additionalProperties": false + ] } diff --git a/mock-identity-system-default.properties b/mock-identity-system-default.properties index c0c57a255b7..910772140a2 100644 --- a/mock-identity-system-default.properties +++ b/mock-identity-system-default.properties @@ -105,3 +105,16 @@ mosip.esignet.mock.authenticator.ida.otp-channels=email,phone mosip.kernel.keymgr.hsm.health.check.enabled=false mosip.kernel.keymgr.hsm.health.key.app-id=MOCK_AUTHENTICATION_SERVICE mosip.kernel.keymgr.hsm.healthkey.ref-id=HEALTH_KEY + + +mosip.esignet.mock.supported-fields=individualId,pin,givenName,familyName,gender,dateOfBirth,email,phone,streetAddress,locality,region,postalCode,country + +mosip.mock.ida.kba.default.field-language=eng + +mosip.esignet.authenticator.auth-factor.kbi.field-details={{"id":"phone", "type":"text", "format":""},{"id":"email", "type":"text", "format":""},{"id":"dateOfBirth", "type":"date", "format":"yyyy-MM-dd"}} + +mosip.esignet.authenticator.auth-factor.kbi.field-language=eng + +mosip.mock.ida.kbi.default.field-language=eng + +mosip.mock.ida.identity-openid-claims-mapping={"name":"name","email":"email","phone":"phone","gender":"gender","dateOfBirth":"birthdate","encodedPhoto":"picture"} diff --git a/mock-user-story-2.json b/mock-user-story-2.json new file mode 100644 index 00000000000..63a5fe2a82c --- /dev/null +++ b/mock-user-story-2.json @@ -0,0 +1,14 @@ +{ + "scenes":[ + {"frameNumber" : 0, "stepCode" : "START", "step" : { "code" : "liveness_check", "framesPerSecond" : 1, "durationInSeconds" : 100, "startupDelayInSeconds" : 2, "retryOnTimeout" : false, "retryableErrorCodes" : [] }, "feedback" : null }, + {"frameNumber" : 0, "stepCode" : "liveness_check", "step" : null, "feedback" : {"type" : "MESSAGE", "code" : "turn_left" } }, + {"frameNumber" : 2, "stepCode" : "liveness_check", "step" : null, "feedback" : {"type" : "MESSAGE", "code" : "turn_right" } }, + {"frameNumber" : 5, "stepCode" : "liveness_check", "step" : { "code" : "END", "framesPerSecond" : 0, "durationInSeconds" : 0, "startupDelayInSeconds" : 0, "retryOnTimeout" : false, "retryableErrorCodes" : [] }, "feedback" : null } + ], + "verificationResult": { + "status": "COMPLETED", + "verifiedClaims" : {"fullName" : { "trust_framework":"XYZ TF", "verification_process":"EKYC", "assurance_level": "Gold", "time": "34232432" }, + "phone": { "trust_framework":"PQR TF", "verification_process":"EKYC", "assurance_level": "Gold", "time": "34232431" }}, + "errorCode": null + } +} diff --git a/signup-default.properties b/signup-default.properties index 5704bedae04..2f7677f9c4f 100644 --- a/signup-default.properties +++ b/signup-default.properties @@ -31,33 +31,65 @@ mosip.signup.verified.txn.timeout=300 mosip.signup.status-check.txn.timeout=200 mosip.signup.status.request.delay=20 mosip.signup.status.request.limit=10 + +## Thread pool size mosip.signup.task.core.pool.size=2 mosip.signup.task.max.pool.size=4 +## Idenity verification configurations +mosip.signup.config-server-url=${spring_config_url_env}/*/${active_profile_env}/${spring_config_label_env}/ +mosip.signup.identity-verification.txn.timeout=30 +mosip.signup.oauth.client-id=mosip-signup-oauth-client +mosip.signup.oauth.redirect-uri=https://${mosip.signup.host}/identity-verification +mosip.signup.oauth.issuer-uri=https://${mosip.esignet.host} +mosip.signup.oauth.keystore-path=keys/oidckeystore.p12 +mosip.signup.oauth.keystore-password=mosip123 +mosip.signup.oauth.key-alias=mosip-signup-oauth-client +mosip.signup.oauth.audience=https://${mosip.esignet.host}/v1/esignet/oauth/v2/token +mosip.signup.oauth.token-uri=https://${mosip.esignet.host}/v1/esignet/oauth/v2/token +mosip.signup.oauth.userinfo-uri=https://${mosip.esignet.host}/v1/esignet/oidc/userinfo + +mosip.signup.slot.max-count=0 +mosip.signup.slot.request.delay=20 +mosip.signup.slot.request.limit=10 +mosip.signup.slot.expire-in-seconds=3600 +mosip.signup.slot.cleanup-cron=0 0 * * * * + +mosip.signup.identity-verification.mock.story-name=mock-user-story-2.json + ## ------------------------------------- challenge configuration ------------------------------------------------------- mosip.signup.supported.generate-challenge-type=OTP mosip.signup.supported.challenge-format-types={'alpha-numeric', 'base64url-encoded-json'} -mosip.signup.supported.challenge-types={'OTP', 'KBA'} +mosip.signup.supported.challenge-types={'OTP', 'KBI'} mosip.signup.supported.challenge.otp.length=6 ## ------------------------------------- Cache configuration ----------------------------------------------------------- mosip.signup.cache.symmetric-algorithm-name=AES/CFB/PKCS5Padding -spring.cache.type=simple +#spring.cache.type=simple -#spring.cache.type=redis -#spring.cache.cache-names=${mosip.esignet.cache.names} -#spring.redis.host=localhost -#spring.redis.port=6379 +spring.cache.type=redis +spring.cache.cache-names=${mosip.esignet.cache.names} +spring.redis.host=redis-master-0.redis-headless.redis.svc.cluster.local +spring.redis.port=6379 +spring.redis.password=${redis.password} management.health.redis.enabled=false -mosip.esignet.cache.names=challenge_generated,challenge_verified,status_check,blocked_identifier,keystore,key_alias +mosip.esignet.cache.names=challenge_generated,challenge_verified,status_check,blocked_identifier,keystore,key_alias,request_ids,identity_verification,identity_verifiers,idv_metadata,slot_allotted,verified_slot,slots_connected + mosip.esignet.cache.size={'challenge_generated': 200, \ 'challenge_verified': 200,\ 'status_check': 200,\ 'blocked_identifier':2000,\ 'keystore' : 10, \ - 'key_alias' : 1 } + 'key_alias' : 2,\ + 'request_ids' : 300,\ + 'identity_verification': 200,\ + 'identity_verifiers' : 20, \ + 'idv_metadata' : 30,\ + 'slot_allotted' : 200, \ + 'slots_connected': 200,\ + 'verified_slot' : 200 } ## Note: keystore TTL should be more than the key_alias cache TTL. ## So that key rotation happens before the actual key is removed from the keystore cache. @@ -66,7 +98,15 @@ mosip.esignet.cache.expire-in-seconds={'challenge_generated': ${mosip.signup.una 'status_check': ${mosip.signup.status-check.txn.timeout}, \ 'blocked_identifier': ${mosip.signup.generate-challenge.blocked.timeout},\ 'keystore' : 600, \ - 'key_alias' : 300 } + 'key_alias' : 300,\ + 'request_ids' : ${mosip.signup.status-check.txn.timeout},\ + 'identity_verification' : ${mosip.signup.identity-verification.txn.timeout},\ + 'identity_verifiers' : 800, \ + 'idv_metadata' : 500,\ + 'slot_allotted' : 1000, \ + 'slots_connected': 1000,\ + 'verified_slot' : 1000 } + ## ------------------------------------- Auth adapter ------------------------------------------------------------------ @@ -96,34 +136,42 @@ mosip.security.csrf-enable=true mosip.security.cors-enable=true ## -------------------------- External endpoints ----------------------------------------------------------------------- - mosip.signup.generate-challenge.endpoint=http://otpmanager.kernel/v1/otpmanager/otp/generate -mosip.signup.get-identity.endpoint=http://identity.idrepo/idrepository/v1/identity/idvid/%s@phone?type=demo&idType=HANDLE -mosip.signup.identity.endpoint=http://identity.idrepo/idrepository/v1/identity/ -mosip.signup.generate-hash.endpoint=http://keymanager.keymanager/v1/keymanager/generateArgon2Hash -mosip.signup.get-uin.endpoint=http://idgenerator.kernel/v1/idgenerator/uin mosip.signup.send-notification.endpoint=http://notifier.kernel/v1/notifier/sms/send -mosip.signup.get-registration-status.endpoint=http://credentialrequest.idrepo/v1/credentialrequest/get/{applicationId} mosip.signup.audit-endpoint=http://auditmanager.kernel/v1/auditmanager/audits -mosip.signup.add-identity.request.id=mosip.id.create -mosip.signup.update-identity.request.id=mosip.id.update -mosip.signup.identity.request.version=v1 + +mosip.signup.integration.impl.basepackage=io.mosip.signup.plugin.mosipid,io.mosip.signup.plugin.mock +mosip.signup.integration.profile-registry-plugin=MOSIPProfileRegistryPluginImpl + +mosip.signup.idrepo.schema-url=${mosip.api.internal.url}/v1/masterdata/idschema/latest?schemaVersion= +mosip.signup.idrepo.get-identity.endpoint=${mosip.api.internal.url}/idrepository/v1/identity/idvid/%s@phone?type=demo&idType=HANDLE +mosip.signup.idrepo.identity.endpoint=${mosip.api.internal.url}/idrepository/v1/identity/ +mosip.signup.idrepo.generate-hash.endpoint=${mosip.api.internal.url}/v1/keymanager/generateArgon2Hash +mosip.signup.idrepo.get-uin.endpoint=${mosip.api.internal.url}/v1/idgenerator/uin +mosip.signup.idrepo.get-status.endpoint=${mosip.api.internal.url}/v1/credentialrequest/get/ +mosip.signup.idrepo.mandatory-language=khm +mosip.signup.idrepo.optional-language=eng ## --------------------------------- captcha validator------------------------------------------------------------------ mosip.signup.send-challenge.captcha-required=true -mosip.signup.integration.captcha-validator=GoogleRecaptchaValidatorService -mosip.signup.captcha-validator.url=https://www.google.com/recaptcha/api/siteverify -mosip.signup.captcha-validator.site-key=${signup.captcha.site.key} -mosip.signup.captcha-validator.secret=${signup.captcha.secret.key} +mosip.esignet.captcha.module-name=signup +mosip.esignet.captcha.validator-url=${mosip.api.internal.url}/v1/captcha/validatecaptcha +mosip.signup.captcha.site-key=${signup.captcha.site.key} ## ----------------------------- UI-Config ----------------------------------------------------------------------------- +mosip.signup.minimum-browser-version={ \ + 'chrome': '118.0.6423.142', \ + 'firefox': '126.1.1', \ + 'edge': '118.0.2535.93', \ + 'safari': '15.6' } + # Only after current challenge timeout we should enable resend in the UI. # In this case timeout and resend-delay should be same always. mosip.signup.ui.config.key-values={\ 'identifier.pattern': '${mosip.signup.identifier.regex}', \ 'identifier.prefix': '${mosip.signup.identifier.prefix}', \ -'captcha.site.key': '${mosip.signup.captcha-validator.site-key}', \ +'captcha.site.key': '${mosip.signup.captcha.site-key}', \ 'otp.length': ${mosip.signup.supported.challenge.otp.length}, \ 'password.pattern': '${mosip.signup.password.pattern}', \ 'password.length.max': ${mosip.signup.password.max-length}, \ @@ -134,6 +182,9 @@ mosip.signup.ui.config.key-values={\ 'fullname.pattern': '${mosip.signup.fullname.pattern}', \ 'status.request.delay': ${mosip.signup.status.request.delay}, \ 'status.request.limit': ${mosip.signup.status.request.limit}, \ +'status.request.retry.error.codes': 'unknown_error', \ +'slot.request.delay': ${mosip.signup.slot.request.delay}, \ +'slot.request.limit': ${mosip.signup.slot.request.limit}, \ 'popup.timeout': 10, \ 'signin.redirect-url': 'https://${mosip.esignet.host}/authorize', \ 'identifier.allowed.characters': '^[0-9]+', \ @@ -143,8 +194,11 @@ mosip.signup.ui.config.key-values={\ 'fullname.length.min': 1, \ 'fullname.length.max': 30, \ 'otp.blocked' : ${mosip.signup.generate-challenge.blocked.timeout}, \ -'send-challenge.captcha.required': ${mosip.signup.send-challenge.captcha-required} -} +'send-challenge.captcha.required': ${mosip.signup.send-challenge.captcha-required}, \ +'signup.oauth-client-id': '${mosip.signup.oauth.client-id}', \ +'identity-verification.redirect-url': '${mosip.signup.oauth.redirect-uri}', \ +'broswer.minimum-version': ${mosip.signup.minimum-browser-version}, \ +'esignet-consent.redirect-url': 'https://${mosip.esignet.host}/consent' } ## ----------------------------- Notification templates ----------------------------------------------------------------------------- @@ -157,6 +211,11 @@ mosip.signup.sms-notification-template.registration.eng=You successfully registe mosip.signup.sms-notification-template.forgot-password.khm=4Z6i4Z+S4Z6T4Z6A4Z6U4Z624Z6T4Z6V4Z+S4Z6b4Z624Z6f4Z+L4Z6U4Z+S4Z6K4Z684Z6a4Z6W4Z624Z6A4Z+S4Z6Z4Z6f4Z6Y4Z+S4Z6E4Z624Z6P4Z+LIEtoSUQg4Z6K4Z+E4Z6Z4Z6H4Z+E4Z6C4Z6H4Z+Q4Z6Z4Z+U mosip.signup.sms-notification-template.forgot-password.eng=You successfully changed KhID password. +## ------------------------------------------ Kafka configurations ------------------------------------------------------ +kafka.bootstrap-servers=kafka-0.kafka-headless.${kafka.profile}:${kafka.port},kafka-1.kafka-headless.${kafka.profile}:${kafka.port},kafka-2.kafka-headless.${kafka.profile}:${kafka.port} +kafka.consumer.group-id=signup-idv-kafka +kafka.consumer.enable-auto-commit=true + #------------------------------------------ Others --------------------------------------------------------------------- -#logging.level.io.mosip.signup=DEBUG -#logging.level.org.springframework.web.client.RestTemplate=INFO +logging.level.io.mosip.signup=DEBUG +logging.level.org.springframework.web.client.RestTemplate=INFO diff --git a/signup-identity-verifier-details.json b/signup-identity-verifier-details.json new file mode 100644 index 00000000000..fb6206435b8 --- /dev/null +++ b/signup-identity-verifier-details.json @@ -0,0 +1,44 @@ +[ + { + "id": "mock-identity-verifier", + "displayName": { + "eng": "Mock Identity Verifier", + "fra": "Vérificateur d'identité fictif", + "ara": "التحقق من الهوية الوهمية", + "khm": "Mock អត្តសញ្ញាណប័ណ្ណ Verifier" + }, + "logoUrl": "https://avatars.githubusercontent.com/u/39733477?s=200&v=4", + "processType": "VIDEO", + "active": true, + "retryOnFailure": true, + "retryAttempt": 2 + }, + { + "id": "idv_kyc-provider", + "displayName": { + "eng": "idv kyc Verifier", + "fra": "Vérificateur d'identité fictif", + "ara": "التحقق من الهوية الوهمية", + "khm": "idv_kyc" + }, + "logoUrl": "https://avatars.githubusercontent.com/u/39733477?s=200&v=4", + "processType": "VIDEO", + "active": true, + "retryOnFailure": true, + "retryAttempt": 2 + }, + { + "id": "ida-identity-verifier", + "displayName": { + "eng": "ida Identity Verifier", + "fra": "Vérificateur d'identité fictif", + "ara": "التحقق من الهوية الوهمية", + "khm": "ida អត្តសញ្ញាណប័ណ្ណ Verifier" + }, + "logoUrl": "https://avatars.githubusercontent.com/u/39733477?s=200&v=4", + "processType": "VIDEO", + "active": true, + "retryOnFailure": true, + "retryAttempt": 2 + } +] diff --git a/signup-idv_kyc-provider.json b/signup-idv_kyc-provider.json new file mode 100644 index 00000000000..6e748ff7e6c --- /dev/null +++ b/signup-idv_kyc-provider.json @@ -0,0 +1,83 @@ +{ + "terms&Conditions": { + "eng": "I understand that the data collected about me during registration by the said authority includes different parameters.

Lorem Ipsum is simply dummy text of the printing and type setting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged.
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries.

It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages.", + "khm": "ខ្ញុំយល់ថាទិន្នន័យដែលប្រមូលបានអំពីខ្ញុំក្នុងអំឡុងពេលចុះឈ្មោះដោយអាជ្ញាធរបាននិយាយថាមានប៉ារ៉ាម៉ែត្រផ្សេងៗគ្នា។

Lorem Ipsum គឺជាអត្ថបទមិនពិតនៃឧស្សាហកម្មការកំណត់ប្រភេទបោះពុម្ព។ Lorem Ipsum គឺជាអត្ថបទអត់ចេះសោះស្តង់ដាររបស់ឧស្សាហកម្មនេះ ចាប់តាំងពីទសវត្សរ៍ឆ្នាំ 1500 នៅពេលដែលម៉ាស៊ីនបោះពុម្ពមិនស្គាល់មួយបានយកប្រអប់ប្រភេទមួយ ហើយលាយវាដើម្បីបង្កើតសៀវភៅគំរូប្រភេទមួយ។ វាបានរស់រានមានជីវិតមិនត្រឹមតែប្រាំសតវត្សប៉ុណ្ណោះទេ ប៉ុន្តែវាក៏ជាការលោតផ្លោះចូលទៅក្នុងការវាយអក្សរអេឡិចត្រូនិចផងដែរ ដែលនៅតែមិនផ្លាស់ប្តូរ។
Lorem Ipsum គឺជាអត្ថបទដ៏សាមញ្ញនៃឧស្សាហកម្មបោះពុម្ព និងវាយអក្សរ។ Lorem Ipsum គឺជាអត្ថបទអត់ចេះសោះស្តង់ដាររបស់ឧស្សាហកម្មនេះ ចាប់តាំងពីទសវត្សរ៍ឆ្នាំ 1500 នៅពេលដែលម៉ាស៊ីនបោះពុម្ពមិនស្គាល់មួយបានយកប្រអប់ប្រភេទមួយ ហើយលាយវាដើម្បីបង្កើតសៀវភៅគំរូប្រភេទមួយ។ វាបានរស់រានមានជីវិតមិនត្រឹមតែប្រាំសតវត្សប៉ុណ្ណោះទេ។

វាត្រូវបានពេញនិយមនៅក្នុងទសវត្សរ៍ឆ្នាំ 1960 ជាមួយនឹងការចេញផ្សាយសន្លឹក Letraset ដែលមានអត្ថបទ Lorem Ipsum ។" + }, + "previewInfo": { + "step_1": { + "eng": "Verify the functionality of your camera using the video preview on the right", + "khm": "ផ្ទៀងផ្ទាត់មុខងាររបស់កាមេរ៉ារបស់អ្នកដោយប្រើការមើលវីដេអូជាមុននៅខាងស្តាំ" + }, + "step_2": { + "eng": "Ensure you are positioned in a well-lit area to facilitate clear video capture", + "khm": "ត្រូវប្រាកដថាអ្នកត្រូវបានដាក់នៅកន្លែងដែលមានពន្លឺល្អ ដើម្បីជួយសម្រួលដល់ការថតវីដេអូច្បាស់" + }, + "step_3": { + "eng": "Position your face within the oval frame, ensuring your face is clearly visible", + "khm": "ដាក់មុខរបស់អ្នកក្នុងរង្វង់រាងពងក្រពើ ធានាថាមុខរបស់អ្នកអាចមើលឃើញយ៉ាងច្បាស់" + }, + "step_4": { + "eng": "Remove any accessories or items that could obstruct your face, such as hats or sunglasses.", + "khm": "ដកគ្រឿងបន្ថែម ឬរបស់របរដែលអាចរារាំងមុខរបស់អ្នក ដូចជាមួក ឬវ៉ែនតាជាដើម។" + }, + "step_5": { + "eng": "Maintain a stable posture throughout the video recording to prevent blurring", + "khm": "រក្សា​ជំហរ​ឲ្យ​មាន​ស្ថិរភាព​ពេញ​មួយ​ការ​ថត​វីដេអូ ដើម្បី​ការពារ​ការ​ព្រិល" + }, + "step_6": { + "eng": "Be prepared to follow instructions provided on screen during the eKYC process, such as blinking or turning your head as directed.", + "khm": "ត្រូវបានរៀបចំដើម្បីធ្វើតាមការណែនាំដែលមាននៅលើអេក្រង់ក្នុងអំឡុងពេលដំណើរការ eKYC ដូចជាការភ្លឹបភ្លែតៗ ឬបង្វែរក្បាលរបស់អ្នកតាមការណែនាំ។" + }, + "step_7": { + "eng": "Have your ID readily accessible for the verification purposes.", + "khm": "មានអត្តសញ្ញាណប័ណ្ណរបស់អ្នកអាចចូលប្រើបានយ៉ាងងាយស្រួលសម្រាប់គោលបំណងផ្ទៀងផ្ទាត់។" + } + }, + "stepCodes": { + "liveness_check": { "eng": "Liveness check", "khm": "ពិនិត្យភាពរស់រវើក" }, + "id_verification": { + "eng": "ID card verification", + "khm": "ការផ្ទៀងផ្ទាត់អត្តសញ្ញាណប័ណ្ណ" + } + }, + "errors": { + "low_light": { + "eng": "Low light, consider facing the sun or switching on the lights", + "khm": "ពន្លឺទាប ពិចារណាបែរមុខទៅព្រះអាទិត្យ ឬបើកភ្លើង" + }, + "id_card_too_far": { + "eng": "Unable to read card as its too far", + "khm": "មិនអាចអានកាតបានទេ ព្រោះនៅឆ្ងាយពេក" + } + }, + "messages": { + "turn_left": { + "eng": "Turn your head to Left", + "khm": "បង្វែរក្បាលរបស់អ្នកទៅខាងឆ្វេង" + }, + "turn_right": { + "eng": "Turn your head to Right", + "khm": "បង្វែរក្បាលរបស់អ្នកទៅស្តាំ" + }, + "success_check": { + "eng": "Liveness check successful", + "khm": "ការត្រួតពិនិត្យភាពរស់រវើកបានជោគជ័យ" + }, + "id_verified": { + "eng": "ID card verification successful", + "khm": "ការផ្ទៀងផ្ទាត់អត្តសញ្ញាណប័ណ្ណបានជោគជ័យ" + }, + "facingcamera": { + "eng": "Keep good posture while facing the camera,do follow all the instructions as informed", + "khm": "រក្សា​ឥរិយាបថ​ឱ្យ​បានល្អ​ពេល​កំពុង​ប្រឈមមុខ​នឹង​កាមេរ៉ា សូម​ធ្វើ​តាម​ការណែនាំ​ទាំងអស់​ដូច​ដែល​បាន​ជូនដំណឹង" + }, + "facingscreen": { + "eng": "please follow instruction to perform eKYC process successfully, keep your internet connected throughout the process", + "khm": "សូមធ្វើតាមការណែនាំ ដើម្បីអនុវត្តដំណើរការ eKYC ដោយជោគជ័យ រក្សាអ៊ីនធឺណិតរបស់អ្នកបានភ្ជាប់ពេញដំណើរការ" + }, + "camera_on": { + "eng": "please follow instruction to perform eKYC process successfully, keep your internet connected throughout the process", + "khm": "សូមធ្វើតាមការណែនាំ ដើម្បីអនុវត្តដំណើរការ eKYC ដោយជោគជ័យ រក្សាអ៊ីនធឺណិតរបស់អ្នកបានភ្ជាប់ពេញដំណើរការ" + } + } +} diff --git a/signup-idv_mock-identity-verifier.json b/signup-idv_mock-identity-verifier.json new file mode 100644 index 00000000000..7162287dc8f --- /dev/null +++ b/signup-idv_mock-identity-verifier.json @@ -0,0 +1,83 @@ +{ + "terms&Conditions": { + "eng": "Testing this I understand that the data collected about me during registration by the said authority includes different parameters.

Lorem Ipsum is simply dummy text of the printing and type setting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged.
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries.

It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages.I understand that the data collected about me during registration by the said authority includes different parameters.

Lorem Ipsum is simply dummy text of the printing and type setting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged.
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries.

It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages.I understand that the data collected about me during registration by the said authority includes different parameters.

Lorem Ipsum is simply dummy text of the printing and type setting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged.
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries.

It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages.", + "khm": "ខ្ញុំយល់ថាទិន្នន័យដែលប្រមូលបានអំពីខ្ញុំក្នុងអំឡុងពេលចុះឈ្មោះដោយអាជ្ញាធរបាននិយាយថាមានប៉ារ៉ាម៉ែត្រផ្សេងៗគ្នា។

Lorem Ipsum គឺជាអត្ថបទមិនពិតនៃឧស្សាហកម្មការកំណត់ប្រភេទបោះពុម្ព។ Lorem Ipsum គឺជាអត្ថបទអត់ចេះសោះស្តង់ដាររបស់ឧស្សាហកម្មនេះ ចាប់តាំងពីទសវត្សរ៍ឆ្នាំ 1500 នៅពេលដែលម៉ាស៊ីនបោះពុម្ពមិនស្គាល់មួយបានយកប្រអប់ប្រភេទមួយ ហើយលាយវាដើម្បីបង្កើតសៀវភៅគំរូប្រភេទមួយ។ វាបានរស់រានមានជីវិតមិនត្រឹមតែប្រាំសតវត្សប៉ុណ្ណោះទេ ប៉ុន្តែវាក៏ជាការលោតផ្លោះចូលទៅក្នុងការវាយអក្សរអេឡិចត្រូនិចផងដែរ ដែលនៅតែមិនផ្លាស់ប្តូរ។
Lorem Ipsum គឺជាអត្ថបទដ៏សាមញ្ញនៃឧស្សាហកម្មបោះពុម្ព និងវាយអក្សរ។ Lorem Ipsum គឺជាអត្ថបទអត់ចេះសោះស្តង់ដាររបស់ឧស្សាហកម្មនេះ ចាប់តាំងពីទសវត្សរ៍ឆ្នាំ 1500 នៅពេលដែលម៉ាស៊ីនបោះពុម្ពមិនស្គាល់មួយបានយកប្រអប់ប្រភេទមួយ ហើយលាយវាដើម្បីបង្កើតសៀវភៅគំរូប្រភេទមួយ។ វាបានរស់រានមានជីវិតមិនត្រឹមតែប្រាំសតវត្សប៉ុណ្ណោះទេ។

វាត្រូវបានពេញនិយមនៅក្នុងទសវត្សរ៍ឆ្នាំ 1960 ជាមួយនឹងការចេញផ្សាយសន្លឹក Letraset ដែលមានអត្ថបទ Lorem Ipsum ។ខ្ញុំយល់ថាទិន្នន័យដែលប្រមូលបានអំពីខ្ញុំក្នុងអំឡុងពេលចុះឈ្មោះដោយអាជ្ញាធរបាននិយាយថាមានប៉ារ៉ាម៉ែត្រផ្សេងៗគ្នា។

Lorem Ipsum គឺជាអត្ថបទមិនពិតនៃឧស្សាហកម្មការកំណត់ប្រភេទបោះពុម្ព។ Lorem Ipsum គឺជាអត្ថបទអត់ចេះសោះស្តង់ដាររបស់ឧស្សាហកម្មនេះ ចាប់តាំងពីទសវត្សរ៍ឆ្នាំ 1500 នៅពេលដែលម៉ាស៊ីនបោះពុម្ពមិនស្គាល់មួយបានយកប្រអប់ប្រភេទមួយ ហើយលាយវាដើម្បីបង្កើតសៀវភៅគំរូប្រភេទមួយ។ វាបានរស់រានមានជីវិតមិនត្រឹមតែប្រាំសតវត្សប៉ុណ្ណោះទេ ប៉ុន្តែវាក៏ជាការលោតផ្លោះចូលទៅក្នុងការវាយអក្សរអេឡិចត្រូនិចផងដែរ ដែលនៅតែមិនផ្លាស់ប្តូរ។
Lorem Ipsum គឺជាអត្ថបទដ៏សាមញ្ញនៃឧស្សាហកម្មបោះពុម្ព និងវាយអក្សរ។ Lorem Ipsum គឺជាអត្ថបទអត់ចេះសោះស្តង់ដាររបស់ឧស្សាហកម្មនេះ ចាប់តាំងពីទសវត្សរ៍ឆ្នាំ 1500 នៅពេលដែលម៉ាស៊ីនបោះពុម្ពមិនស្គាល់មួយបានយកប្រអប់ប្រភេទមួយ ហើយលាយវាដើម្បីបង្កើតសៀវភៅគំរូប្រភេទមួយ។ វាបានរស់រានមានជីវិតមិនត្រឹមតែប្រាំសតវត្សប៉ុណ្ណោះទេ។

វាត្រូវបានពេញនិយមនៅក្នុងទសវត្សរ៍ឆ្នាំ 1960 ជាមួយនឹងការចេញផ្សាយសន្លឹក Letraset ដែលមានអត្ថបទ Lorem Ipsum ។ខ្ញុំយល់ថាទិន្នន័យដែលប្រមូលបានអំពីខ្ញុំក្នុងអំឡុងពេលចុះឈ្មោះដោយអាជ្ញាធរបាននិយាយថាមានប៉ារ៉ាម៉ែត្រផ្សេងៗគ្នា។

Lorem Ipsum គឺជាអត្ថបទមិនពិតនៃឧស្សាហកម្មការកំណត់ប្រភេទបោះពុម្ព។ Lorem Ipsum គឺជាអត្ថបទអត់ចេះសោះស្តង់ដាររបស់ឧស្សាហកម្មនេះ ចាប់តាំងពីទសវត្សរ៍ឆ្នាំ 1500 នៅពេលដែលម៉ាស៊ីនបោះពុម្ពមិនស្គាល់មួយបានយកប្រអប់ប្រភេទមួយ ហើយលាយវាដើម្បីបង្កើតសៀវភៅគំរូប្រភេទមួយ។ វាបានរស់រានមានជីវិតមិនត្រឹមតែប្រាំសតវត្សប៉ុណ្ណោះទេ ប៉ុន្តែវាក៏ជាការលោតផ្លោះចូលទៅក្នុងការវាយអក្សរអេឡិចត្រូនិចផងដែរ ដែលនៅតែមិនផ្លាស់ប្តូរ។
Lorem Ipsum គឺជាអត្ថបទដ៏សាមញ្ញនៃឧស្សាហកម្មបោះពុម្ព និងវាយអក្សរ។ Lorem Ipsum គឺជាអត្ថបទអត់ចេះសោះស្តង់ដាររបស់ឧស្សាហកម្មនេះ ចាប់តាំងពីទសវត្សរ៍ឆ្នាំ 1500 នៅពេលដែលម៉ាស៊ីនបោះពុម្ពមិនស្គាល់មួយបានយកប្រអប់ប្រភេទមួយ ហើយលាយវាដើម្បីបង្កើតសៀវភៅគំរូប្រភេទមួយ។ វាបានរស់រានមានជីវិតមិនត្រឹមតែប្រាំសតវត្សប៉ុណ្ណោះទេ។

វាត្រូវបានពេញនិយមនៅក្នុងទសវត្សរ៍ឆ្នាំ 1960 ជាមួយនឹងការចេញផ្សាយសន្លឹក Letraset ដែលមានអត្ថបទ Lorem Ipsum ។" + }, + "previewInfo": { + "step_1": { + "eng": "Verify the functionality of your camera using the video preview on the right", + "khm": "ផ្ទៀងផ្ទាត់មុខងាររបស់កាមេរ៉ារបស់អ្នកដោយប្រើការមើលវីដេអូជាមុននៅខាងស្តាំ" + }, + "step_2": { + "eng": "Ensure you are positioned in a well-lit area to facilitate clear video capture", + "khm": "ត្រូវប្រាកដថាអ្នកត្រូវបានដាក់នៅកន្លែងដែលមានពន្លឺល្អ ដើម្បីជួយសម្រួលដល់ការថតវីដេអូច្បាស់" + }, + "step_3": { + "eng": "Position your face within the oval frame, ensuring your face is clearly visible", + "khm": "ដាក់មុខរបស់អ្នកក្នុងរង្វង់រាងពងក្រពើ ធានាថាមុខរបស់អ្នកអាចមើលឃើញយ៉ាងច្បាស់" + }, + "step_4": { + "eng": "Remove any accessories or items that could obstruct your face, such as hats or sunglasses.", + "khm": "ដកគ្រឿងបន្ថែម ឬរបស់របរដែលអាចរារាំងមុខរបស់អ្នក ដូចជាមួក ឬវ៉ែនតាជាដើម។" + }, + "step_5": { + "eng": "Maintain a stable posture throughout the video recording to prevent blurring", + "khm": "រក្សា​ជំហរ​ឲ្យ​មាន​ស្ថិរភាព​ពេញ​មួយ​ការ​ថត​វីដេអូ ដើម្បី​ការពារ​ការ​ព្រិល" + }, + "step_6": { + "eng": "Be prepared to follow instructions provided on screen during the eKYC process, such as blinking or turning your head as directed.", + "khm": "ត្រូវបានរៀបចំដើម្បីធ្វើតាមការណែនាំដែលមាននៅលើអេក្រង់ក្នុងអំឡុងពេលដំណើរការ eKYC ដូចជាការភ្លឹបភ្លែតៗ ឬបង្វែរក្បាលរបស់អ្នកតាមការណែនាំ។" + }, + "step_7": { + "eng": "Have your ID readily accessible for the verification purposes.", + "khm": "មានអត្តសញ្ញាណប័ណ្ណរបស់អ្នកអាចចូលប្រើបានយ៉ាងងាយស្រួលសម្រាប់គោលបំណងផ្ទៀងផ្ទាត់។" + } + }, + "stepCodes": { + "liveness_check": { "eng": "Liveness check", "khm": "ពិនិត្យភាពរស់រវើក" }, + "id_verification": { + "eng": "ID card verification", + "khm": "ការផ្ទៀងផ្ទាត់អត្តសញ្ញាណប័ណ្ណ" + } + }, + "errors": { + "low_light": { + "eng": "Low light, consider facing the sun or switching on the lights", + "khm": "ពន្លឺទាប ពិចារណាបែរមុខទៅព្រះអាទិត្យ ឬបើកភ្លើង" + }, + "id_card_too_far": { + "eng": "Unable to read card as its too far", + "khm": "មិនអាចអានកាតបានទេ ព្រោះនៅឆ្ងាយពេក" + } + }, + "messages": { + "turn_left": { + "eng": "Turn your head to Left", + "khm": "បង្វែរក្បាលរបស់អ្នកទៅខាងឆ្វេង" + }, + "turn_right": { + "eng": "Turn your head to Right", + "khm": "បង្វែរក្បាលរបស់អ្នកទៅស្តាំ" + }, + "success_check": { + "eng": "Liveness check successful", + "khm": "ការត្រួតពិនិត្យភាពរស់រវើកបានជោគជ័យ" + }, + "id_verified": { + "eng": "ID card verification successful", + "khm": "ការផ្ទៀងផ្ទាត់អត្តសញ្ញាណប័ណ្ណបានជោគជ័យ" + }, + "facingcamera": { + "eng": "Keep good posture while facing the camera,do follow all the instructions as informed", + "khm": "រក្សា​ឥរិយាបថ​ឱ្យ​បានល្អ​ពេល​កំពុង​ប្រឈមមុខ​នឹង​កាមេរ៉ា សូម​ធ្វើ​តាម​ការណែនាំ​ទាំងអស់​ដូច​ដែល​បាន​ជូនដំណឹង" + }, + "facingscreen": { + "eng": "please follow instruction to perform eKYC process successfully, keep your internet connected throughout the process", + "khm": "សូមធ្វើតាមការណែនាំ ដើម្បីអនុវត្តដំណើរការ eKYC ដោយជោគជ័យ រក្សាអ៊ីនធឺណិតរបស់អ្នកបានភ្ជាប់ពេញដំណើរការ" + }, + "camera_on": { + "eng": "please follow instruction to perform eKYC process successfully, keep your internet connected throughout the process", + "khm": "សូមធ្វើតាមការណែនាំ ដើម្បីអនុវត្តដំណើរការ eKYC ដោយជោគជ័យ រក្សាអ៊ីនធឺណិតរបស់អ្នកបានភ្ជាប់ពេញដំណើរការ" + } + } +} diff --git a/usecase1.json b/usecase1.json new file mode 100644 index 00000000000..28f6480a171 --- /dev/null +++ b/usecase1.json @@ -0,0 +1,11 @@ +[ + {"frameNumber" : 0, "stepCode" : "START", "step" : { "code" : "liveness_check", "framesPerSecond" : 3, "durationInSeconds" : 100, "startupDelayInSeconds" : 2, "retryOnTimeout" : false, "retryableErrorCodes" : [] }, "feedback" : null }, + {"frameNumber" : 0, "stepCode" : "liveness_check", "step" : null, "feedback" : {"type" : "MESSAGE", "code" : "turn_left" } }, + {"frameNumber" : 4, "stepCode" : "liveness_check", "step" : null, "feedback" : {"type" : "MESSAGE", "code" : "turn_left" } }, + {"frameNumber" : 10, "stepCode" : "liveness_check", "step" : null, "feedback" : {"type" : "MESSAGE", "code" : "turn_right" } }, + {"frameNumber" : 20, "stepCode" : "liveness_check", "step" : null, "feedback" : {"type" : "MESSAGE", "code" : "turn_left" } }, + {"frameNumber" : 25, "stepCode" : "liveness_check", "step" : null, "feedback" : {"type" : "COLOR", "code" : "#000000" } }, + {"frameNumber" : 30, "stepCode" : "liveness_check", "step" : null, "feedback" : {"type" : "ERROR", "code" : "low_light" } }, + {"frameNumber" : 40, "stepCode" : "liveness_check", "step" : null, "feedback" : {"type" : "MESSAGE", "code" : "success_check" } }, + {"frameNumber" : 41, "stepCode" : "liveness_check", "step" : { "code" : "END", "framesPerSecond" : 0, "durationInSeconds" : 0, "startupDelayInSeconds" : 0, "retryOnTimeout" : false, "retryableErrorCodes" : [] }, "feedback" : null } +]