esignet-mock-services

Repository contains mock implementation of auth for e-signet

Installing in k8s cluster using helm

Pre-requisites

1. Set the kube config file of the Mosip cluster having dependent services is set correctly in PC.
2. Make sure DB setup is done.
3. Add / merge below mentioned properties files into existing config branch:
   • mock-identity-system-default.properties
   • application-default.properties
4. Add below properties in esignet-default.properties incase using MockAuth for esignet.

   mosip.esignet.integration.scan-base-package=io.mosip.authentication.esignet.integration,io.mosip.esignet.mock.integration
   mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl
   mosip.esignet.integration.authenticator=MockAuthenticationService
   mosip.esignet.integration.key-binder=MockKeyBindingWrapperService
   mosip.esignet.integration.audit-plugin=LoggerAuditService
   mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService
   

5. Below are the dependent services required for compliance toolkit service:

   Chart	Chart version
   Keycloak	7.1.18
   Keycloak-init	12.0.1-B3
   Postgres	10.16.2
   Postgres Init	12.0.1-B3
   Config-server	12.0.1-B3
   Artifactory server	12.0.1-B3
   esignet-softhsm	12.0.1-B2
   redis	17.3.14
   esignet	1.0.0
   oidc-ui	1.0.0

Install

• Install kubectl and helm utilities.
• Run install-all.sh to deploy esignet services.

  cd helm
  ./install-all.sh
  

• During the execution of the install-all.sh script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server.
• If the server lacks a public domain and a valid SSL certificate, it is advisable to select the n option. Opting it will enable the init-container with an emptyDir volume and include it in the deployment process.
• The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., cacerts) file.
• This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates.

Delete

• Run delete-all.sh to remove esignet services.

  cd helm
  ./delete-all.sh
  

Restart

• Run restart-all.sh to restart esignet services.

  cd helm
  ./restart.sh
  

Onboard esignet mock and relying party services

• Run onboarder's install.sh script to exchange jwk certificates.

Configurational steps after onboarding is completed.

• Below mentioned onboarding steps are added after 1.2.0.1-b3
  • Onboarding the default demo-oidc partner

Onboarding the default demo-oidc partner

• After successfull partner onboarder run for demo-oidc partner , download html reports from onboarder bucket of object store .
• Get CLIENT_ID from response body of request create-oidc-client from the report demo-oidc.html
• Update deployment of mock-relying-party-ui in esignet namespace with CLIENT_ID value from last step .
• As per screenshot get the private and public key pair (shown as selected in the screenshot )from the response of the get-jwks request from the report demo-oidc.html
• Update client-private-key inside storage in esignet namespace with base64 encoded value of the keypair from previous step.
• Restart mock-relying-party-service pod