Skip to content

Repository contains mock implementation of auth for e-signet

Notifications You must be signed in to change notification settings

mosip/esignet-mock-services

Repository files navigation

esignet-mock-services

Repository contains mock implementation of auth for e-signet

Installing in k8s cluster using helm

Pre-requisites

  1. Set the kube config file of the Mosip cluster having dependent services is set correctly in PC.
  2. Make sure DB setup is done.
  3. Add / merge below mentioned properties files into existing config branch:
  4. Add below properties in esignet-default.properties incase using MockAuth for esignet.
    mosip.esignet.integration.scan-base-package=io.mosip.authentication.esignet.integration,io.mosip.esignet.mock.integration
    mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl
    mosip.esignet.integration.authenticator=MockAuthenticationService
    mosip.esignet.integration.key-binder=MockKeyBindingWrapperService
    mosip.esignet.integration.audit-plugin=LoggerAuditService
    mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService
    
  5. Below are the dependent services required for compliance toolkit service:
    Chart Chart version
    Keycloak 7.1.18
    Keycloak-init 12.0.1-B3
    Postgres 10.16.2
    Postgres Init 12.0.1-B3
    Config-server 12.0.1-B3
    Artifactory server 12.0.1-B3
    esignet-softhsm 12.0.1-B2
    redis 17.3.14
    esignet 1.0.0
    oidc-ui 1.0.0

Install

  • Install kubectl and helm utilities.
  • Run install-all.sh to deploy esignet services.
    cd helm
    ./install-all.sh
    
  • During the execution of the install-all.sh script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server.
  • If the server lacks a public domain and a valid SSL certificate, it is advisable to select the n option. Opting it will enable the init-container with an emptyDir volume and include it in the deployment process.
  • The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., cacerts) file.
  • This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates.

Delete

  • Run delete-all.sh to remove esignet services.
    cd helm
    ./delete-all.sh
    

Restart

  • Run restart-all.sh to restart esignet services.
    cd helm
    ./restart.sh
    

Onboard esignet mock and relying party services

  • Run onboarder's install.sh script to exchange jwk certificates.

Configurational steps after onboarding is completed.

  • Below mentioned onboarding steps are added after 1.2.0.1-b3
    • Onboarding the default demo-oidc partner

Onboarding the default demo-oidc partner

  • After successfull partner onboarder run for demo-oidc partner , download html reports from onboarder bucket of object store .
  • Get CLIENT_ID from response body of request create-oidc-client from the report demo-oidc.html
  • Update deployment of mock-relying-party-ui in esignet namespace with CLIENT_ID value from last step .
  • As per screenshot get the private and public key pair (shown as selected in the screenshot )from the response of the get-jwks request from the report demo-oidc.html
  • Update client-private-key inside storage in esignet namespace with base64 encoded value of the keypair from previous step.
  • Restart mock-relying-party-service pod