From 3a17cb6d16b8a46997aec639194b1572901a5a76 Mon Sep 17 00:00:00 2001 From: Praful Rakhade Date: Wed, 10 Jun 2026 21:01:37 +0530 Subject: [PATCH] Added config files for migration Signed-off-by: Prafulrakhade --- application-120.properties | 457 +++++++++++++++++++++++++ application-farmer.properties | 455 +++++++++++++++++++++++++ esignet-120.properties | 449 ++++++++++++++++++++++++ esignet-farmer.properties | 618 ++++++++++++++++++++++++++++++++++ 4 files changed, 1979 insertions(+) create mode 100644 application-120.properties create mode 100644 application-farmer.properties create mode 100644 esignet-120.properties create mode 100644 esignet-farmer.properties diff --git a/application-120.properties b/application-120.properties new file mode 100644 index 00000000000..f4f24d3a5ef --- /dev/null +++ b/application-120.properties @@ -0,0 +1,457 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# override below properties for v2 deployment +# keycloak.external.url +# keycloak.internal.url +# mosip.api.internal.host + + +aplication.configuration.level.version=LTS + +## Idobject validator +# This config is used for loading recommended centers based on the value of the config. +# The value depicts the location hierarchy code of the hierarchy based on which the recommended centers is loaded +mosip.recommended.centers.locCode=5 + +## Common properties used across different modules +mosipbox.public.url=${mosip.api.internal.url} +mosip.api.internal.url=https://${mosip.api.internal.host} +mosip.api.public.url=https://${mosip.api.public.host} +mosip.kernel.authmanager.url=http://authmanager.kernel +mosip.kernel.masterdata.url=http://masterdata.kernel +mosip.kernel.keymanager.url=http://keymanager.keymanager +mosip.kernel.auditmanager.url=http://auditmanager.kernel +mosip.kernel.notification.url=http://notifier.kernel +mosip.kernel.idgenerator.url=http://idgenerator.kernel +mosip.kernel.otpmanager.url=http://otpmanager.kernel +mosip.kernel.syncdata.url=http://syncdata.kernel +mosip.kernel.pridgenerator.url=http://pridgenerator.kernel +mosip.kernel.ridgenerator.url=http://ridgenerator.kernel +mosip.idrepo.identity.url=http://identity.idrepo +mosip.idrepo.vid.url=http://vid.idrepo +mosip.admin.hotlist.url=http://admin-hotlist.admin +mosip.admin.service.url=http://admin-service.admin +mosip.admin.ui.url=http://admin-ui.admin +mosip.pms.policymanager.url=http://pms-policy.pms +mosip.pms.partnermanager.url=http://pms-partner.pms +mosip.pms.ui.url=http://pms-ui.pms +mosip.idrepo.credrequest.generator.url=http://credentialrequest.idrepo +mosip.idrepo.credential.service.url=http://credential.idrepo +mosip.datashare.url=http://datashare.datashare +mosip.mock.biosdk.url=http://biosdk-service.biosdk +mosip.regproc.biosdk.url=http://biosdk-service.biosdk +mosip.idrepo.biosdk.url=http://biosdk-service.biosdk +mosip.regproc.workflow.url=http://regproc-workflow.regproc +mosip.regproc.status.service.url=http://regproc-status.regproc +mosip.regproc.transaction.service.url=http://regproc-trans.regproc +mosip.packet.receiver.url=http://regproc-group1.regproc +mosip.websub.url=http://websub.websub +mosip.consolidator.url=http://websub-consolidator.websub +mosip.file.server.url=http://mosip-file-server.mosip-file-server +mosip.ida.internal.url=http://ida-internal.ida +mosip.ida.auth.url=http://ida-auth.ida +mosip.ida.otp.url=http://ida-otp.ida +mosip.resident.url=http://resident.resident +mosip.artifactory.url=http://artifactory.artifactory +mosip.digitalcard.service.url=http://digitalcard.digitalcard +mosip.esignet.service.url=http://esignet.esignet +kafka.profile=kafka.svc.cluster.local +kafka.port=9092 + + +config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ + +# masterdata field data url +mosip.idobjectvalidator.masterdata.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/possiblevalues/{subType} +# Path to IDSchemaVersion. Path is defined as per JsonPath.compile. +mosip.kernel.idobjectvalidator.identity.id-schema-version-path=identity.IDSchemaVersion +# Path to dateOfBirth field. Path is defined as per JsonPath.compile. +mosip.kernel.idobjectvalidator.identity.dob-path = identity.dateOfBirth + +# Refresh cache only once for a particular subType for each request, when a value is not found for that subType. By default, it is false +mosip.idobjectvalidator.refresh-cache-on-unknown-value=false + +# Date format expected in identity json. commenting/removing below property will disable dob format validation in identity json. +mosip.kernel.idobjectvalidator.date-format=uuuu/MM/dd +## Properties that need to be updated when Identity Schema has been updated +mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone +mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.update-uin=IDSchemaVersion,UIN +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.child-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber,parentOrGuardianName,parentOrGuardianRID|parentOrGuardianUIN,parentOrGuardianBiometrics +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.other=IDSchemaVersion,UIN +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.lost=IDSchemaVersion +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.biometric_correction=IDSchemaVersion +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.opencrvs_new=IDSchemaVersion +# Value used in IdObjectReferenceValidator when value is not available +mosip.kernel.idobjectvalidator.masterdata.value-not-available=NA + +## Bio attribute allowed to be stored in IDRepo as per Identity Schema +mosip.idrepo.identity.allowedBioAttributes=individualBiometrics + +## List of all bio attriutes defined in Identity Schema +mosip.idrepo.identity.bioAttributes=individualBiometrics,parentOrGuardianBiometrics + +mosip.country.code=MOR + +## Language supported by platform +mosip.supported-languages=eng,ara,kan,tam,hin,fra +mosip.right_to_left_orientation=ara +mosip.left_to_right_orientation=eng,kan,tam,hin,fra + +## Application IDs +mosip.prereg.app-id=PRE_REGISTRATION +mosip.reg.app-id=REGISTRATION +mosip.regproc.app-id=REGISTRATION_PROCESSOR +mosip.ida.app-id=IDA +mosip.ida.ref-id=INTERNAL +mosip.idrepo.app-id=ID_REPO + +mosip.utc-datetime-pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +mosip.sign.header=response-signature +mosip.signed.response.header=response-signature + +## CBEFF util +# Cbeff URL where the files will be stored in git, change it accordingly in case of change of storage location. +mosip.kernel.xsdstorage-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ +# Cbeff XSD file name in config server +mosip.kernel.xsdfile=mosip-cbeff.xsd + +## Applicant type +mosip.kernel.applicant.type.age.limit = 5 +mosip.kernel.applicantType.mvel.file=applicanttype.mvel +mosip.kernel.config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ + + +## Various length parameters +mosip.kernel.pin.length=6 +mosip.kernel.tspid.length=4 +mosip.kernel.partnerid.length=4 +mosip.kernel.tokenid.length=36 +mosip.kernel.registrationcenterid.length=5 +mosip.kernel.machineid.length=5 + +## RID +mosip.kernel.rid.length=29 +mosip.kernel.rid.timestamp-length=14 +mosip.kernel.rid.sequence-length=5 + +## PRID +mosip.kernel.prid.length=14 +## Upper bound of number of digits in sequence allowed in id. For example if +## limit is 3, then 12 is allowed but 123 is not allowed in id (in both +## ascending and descending order) +mosip.kernel.tokenid.sequence-limit=3 +## Upper bound of number of digits in sequence allowed in id. For example if +## limit is 3, then 12 is allowed but 123 is not allowed in id (in both +## ascending and descending order) +## to disable validation assign zero or negative value +mosip.kernel.prid.sequence-limit=3 +## Number of digits in repeating block allowed in id. For example if limit is 2, +## then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +## to disable validation assign zero or negative value +mosip.kernel.prid.repeating-block-limit=3 +## Lower bound of number of digits allowed in between two repeating digits in +## id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) to disable validation assign zero or negative value +mosip.kernel.prid.repeating-limit=2 +## list of number that id should not be start with to disable null +mosip.kernel.prid.not-start-with=0,1 +## restricted numbers for prid +mosip.kernel.prid.restricted-numbers=786,666 + +## VID +mosip.kernel.vid.length=16 +# Upper bound of number of digits in sequence allowed in id. For example if +# limit is 3, then 12 is allowed but 123 is not allowed in id (in both +# ascending and descending order) +# to disable sequence limit validation assign 1 +mosip.kernel.vid.length.sequence-limit=3 +# Number of digits in repeating block allowed in id. For example if limit is 2, +# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +# to disable repeating block validation assign 0 or negative value +mosip.kernel.vid.length.repeating-block-limit=2 +# Lower bound of number of digits allowed in between two repeating digits in +# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) +# to disable repeating limit validation, assign 0 or negative value +mosip.kernel.vid.length.repeating-limit=2 +# list of number that id should not be start with to disable null +mosip.kernel.vid.not-start-with=0,1 +mosip.kernel.vid.restricted-numbers=786,666 + +## UIN +mosip.kernel.uin.length=10 +mosip.kernel.uin.min-unused-threshold=200000 +mosip.kernel.uin.uins-to-generate=500000 +mosip.kernel.uin.restricted-numbers=786,666 +# Upper bound of number of digits in sequence allowed in id. For example if +# limit is 3, then 12 is allowed but 123 is not allowed in id (in both +# ascending and descending order) +# to disable sequence limit validation assign 1 +mosip.kernel.uin.length.sequence-limit=3 +# Number of digits in repeating block allowed in id. For example if limit is 2, +# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +#to disable validation assign zero or negative value +mosip.kernel.uin.length.repeating-block-limit=2 +# Lower bound of number of digits allowed in between two repeating digits in +# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) +# to disable repeating limit validation, assign 0 or negative value +mosip.kernel.uin.length.repeating-limit=2 +#reverse group digit limit for uin filter +mosip.kernel.uin.length.reverse-digits-limit=5 +#group digit limit for uin filter +mosip.kernel.uin.length.digits-limit=5 +#should not start with +mosip.kernel.uin.not-start-with=0,1 +#adjacent even digit limit for uin filter +mosip.kernel.uin.length.conjugative-even-digits-limit=3 + +## Auth adapter +auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken + +#This is the frontend url configured in the open-id system. This url should match the issuer attribute in JWT. +auth.server.admin.issuer.internal.uri=${keycloak.internal.url}/auth/realms/ +auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/ +auth-token-generator.rest.issuerUrl=${keycloak.internal.url}/auth/realms/mosip +mosip.keycloak.issuerUrl=${keycloak.internal.url}/auth/realms/mosip + +## iam adapter +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter +mosip.kernel.auth.adapter.ssl-bypass=true +mosip.kernel.auth.appid-realm-map={prereg:'mosip',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip',idrepo:'mosip',hotlist:'mosip',digitalcard:'mosip',signup:'mosip'} +mosip.kernel.auth.appids.realm.map={prereg:'mosip',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip',idrepo:'mosip',hotlist:'mosip',digitalcard:'mosip',signup:'mosip'} + +## Crypto +mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING +mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +mosip.kernel.keygenerator.asymmetric-key-length=2048 +mosip.kernel.keygenerator.symmetric-key-length=256 +mosip.kernel.data-key-splitter=#KEY_SPLITTER# +mosip.kernel.crypto.gcm-tag-length=128 +mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 +mosip.kernel.crypto.hash-symmetric-key-length=256 +mosip.kernel.crypto.hash-iteration=100000 +mosip.kernel.crypto.sign-algorithm-name=RS256 +mosip.kernel.keymanager-service-publickey-url=${mosip.kernel.keymanager.url}/v1/keymanager/publickey/{applicationId} +mosip.kernel.keymanager-service-decrypt-url=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt +mosip.kernel.keymanager-service-auth-decrypt-url=${mosip.kernel.keymanager.url}/v1/keymanager/auth/decrypt +mosip.kernel.keymanager-service-sign-url=${mosip.kernel.keymanager.url}/v1/keymanager/sign +mosip.kernel.keymanager.cert.url=${mosip.kernel.keymanager.url}/v1/keymanager/getCertificate +mosip.kernel.keymanager-service-CsSign-url=${mosip.kernel.keymanager.url}/v1/keymanager/cssign +mosip.sign.applicationid=KERNEL +mosip.sign.refid=SIGN +mosip.kernel.cryptomanager.request_id=CRYPTOMANAGER.REQUEST +mosip.kernel.cryptomanager.request_version=v1.0 +mosip.kernel.signature.signature-request-id=SIGNATURE.REQUEST +mosip.kernel.signature.signature-version-id=v1.0 + +## ID repo +mosip.idrepo.identity.uin-status.registered=ACTIVATED +mosip.idrepo.identity.uin-status=ACTIVATED,BLOCKED,DEACTIVATED + +## OTP manager +mosip.kernel.otp.default-length=6 +## Default crypto function: HmacSHA512, HmacSHA256, HmacSHA1. +mosip.kernel.otp.mac-algorithm=HmacSHA512 +## OTP expires after the given time (in seconds). +mosip.kernel.otp.expiry-time=180 +## Key is frozen for the given time (in seconds). +mosip.kernel.otp.key-freeze-time=1800 +## Number of validation attempts allowed. +## mosip.kernel.otp.validation-attempt-threshold =3 means , the validation and generation will be blocked from 4th time. +mosip.kernel.otp.validation-attempt-threshold=10 +mosip.kernel.otp.min-key-length=3 +mosip.kernel.otp.max-key-length=64 + +## Licence key manager +mosip.kernel.licensekey.length=16 +# List of permissions +## NOTE: ',' in the below list is used as splitter in the implementation. +## Use of ',' in the values for below key should be avoided. +## Use of spaces before and after ',' also should be avoided. +mosip.kernel.licensekey.permissions=OTP Trigger,OTP Authentication,Demo Authentication - Identity Data Match,Demo Authentication - Address Data Match,Demo Authentication - Full Address Data Match,Demo Authentication - Secondary Language Match,Biometric Authentication - FMR Data Match,Biometric Authentication - IIR Data Match,Biometric Authentication - FID Data Match,Static Pin Authentication,eKYC - limited,eKYC - Full,eKYC - No + +## Virus scanner +# Here we specify the Kubernetes service name if clamav runs inside cluster +mosip.kernel.virus-scanner.host=clamav.clamav +mosip.kernel.virus-scanner.port=3310 + +## Transliteration +mosip.kernel.transliteration.arabic-language-code=ara +mosip.kernel.transliteration.franch-language-code=fra +mosip.kernel.transliteration.english-language-code=eng +mosip.kernel.transliteration.hindi-language-code=hin +mosip.kernel.transliteration.kannada-language-code=kan +mosip.kernel.transliteration.tamil-language-code=tam + +## DOB +mosip.default.dob.month=01 +mosip.default.dob.day=01 +mosip.login.mode= email,mobile + +## Notification +mosip.registration.processor.notification.types=EMAIL +mosip.notificationtype=SMS|EMAIL +mosip.kernel.sms.proxy-sms=false +mosip.kernel.auth.proxy-otp=true +mosip.kernel.auth.proxy-email=false +## Notification lanugage types: either PRIMARY or BOTH +mosip.notification.language-type=BOTH + +## System +logging.level.org.springframework.web.filter.CommonsRequestLoggingFilter=INFO + +## Admin +mosip.min-digit-longitude-latitude=4 +mosip.kernel.filtervalue.max_columns=20 +auth.server.admin.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken + +## PDF generation. TODO: this password must be passed as config server env variable +mosip.kernel.pdf_owner_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 + +## Quality check treshold +mosip.iris_threshold=0 +mosip.leftslap_fingerprint_threshold=0 +mosip.rightslap_fingerprint_threshold=0 +mosip.thumbs_fingerprint_threshold=0 +mosip.facequalitythreshold=0 + +## Bio SDK Integration +mosip.fingerprint.provider=io.mosip.kernel.bioapi.impl.BioApiImpl +mosip.face.provider=io.mosip.kernel.bioapi.impl.BioApiImpl +mosip.iris.provider=io.mosip.kernel.bioapi.impl.BioApiImpl + +## UIN alias +mosip.uin.alias= + +## Kernel salt generator +mosip.kernel.salt-generator.chunk-size=10 +mosip.kernel.salt-generator.start-sequence=0 +mosip.kernel.salt-generator.end-sequence=999 + +## HTTP +server.max-http-header-size=10000000 + + +## Prometheus +management.endpoint.metrics.enabled=true +management.endpoints.web.exposure.include=* +management.endpoint.prometheus.enabled=true +management.metrics.export.prometheus.enabled=true + +mosip.kernel.syncdata-service-idschema-url=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest +mosip.kernel.syncdata-service-dynamicfield-url=${mosip.kernel.masterdata.url}/v1/masterdata/dynamicfields +mosip.kernel.syncdata-service-get-tpm-publicKey-url=${mosip.kernel.syncdata.url}/v1/syncdata/tpm/publickey/ +mosip.kernel.keymanager-service-validate-url=${mosip.kernel.keymanager.url}/v1/keymanager/validate +mosip.kernel.keymanager-service-csverifysign-url=${mosip.kernel.keymanager.url}/v1/keymanager/csverifysign + +## GPS +mosip.registration.gps_device_enable_flag=n + +## Packet manager +## if source is not passed, packetmanager supports below default strategy - +## 1. 'exception' : it will throw exception. +## 2. 'defaultPriority' : use default priority packetmanager.default.priority. +packetmanager.default.read.strategy=defaultPriority +packetmanager.default.priority=source:REGISTRATION_CLIENT\/process:BIOMETRIC_CORRECTION|NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT,source:OPENCRVS\/process:OPENCRVS_NEW +packetmanager.name.source={default:'REGISTRATION_CLIENT',resident:'RESIDENT',opencrvs:'OPENCRVS'} +packetmanager.packet.signature.disable-verification=true +mosip.commons.packetnames=id,evidence,optional +provider.packetreader.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|BIOMETRIC_CORRECTION,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetreader.resident=source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|LOST|RES_REPRINT,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetreader.opencrvs=source:OPENCRVS,process:OPENCRVS_NEW,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetwriter.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|BIOMETRIC_CORRECTION,classname:io.mosip.commons.packet.impl.PacketWriterImpl +provider.packetwriter.resident=source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|LOST|RES_REPRINT,classname:io.mosip.commons.packet.impl.PacketWriterImpl +provider.packetwriter.opencrvs=source:OPENCRVS,process:OPENCRVS_NEW,classname:io.mosip.commons.packet.impl.PacketWriterImpl +objectstore.adapter.name=S3Adapter + +## When we use AWS as an object store, we see that buckets with the same name across deployments cannot be created.so use the prefix with bucket name +object.store.s3.bucket-name-prefix=${s3.pretext.value:} + +# the idschema is double by default. If country wish to change it to string then make this property false +mosip.commons.packet.manager.schema.validator.convertIdSchemaToDouble=true +## can be OnlinePacketCryptoServiceImpl OR OfflinePacketCryptoServiceImpl +objectstore.crypto.name=OnlinePacketCryptoServiceImpl +default.provider.version=v1.0 +## posix adapter config +object.store.base.location=/home/mosip +hazelcast.config=classpath:hazelcast_default.xml + + + +## Swift +object.store.swift.username=test +object.store.swift.password=test +object.store.swift.url=http://localhost:8080 + +packet.manager.account.name=${s3.pretext.value:}packet-manager +CRYPTOMANAGER_DECRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt +CRYPTOMANAGER_ENCRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt +IDSCHEMAURL=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest +KEYMANAGER_SIGN=${mosip.kernel.keymanager.url}/v1/keymanager/sign +AUDIT_URL=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +packet.default.source=id +schema.default.fieldCategory=pvt,none + +## Device registration/deregistration config +mosip.stage.environment=Developer + +## Log level + +logging.level.root=INFO +logging.level.io.mosip=INFO +logging.level.io.vertx=INFO +logging.level.io.mosip.registration.processor.status=DEBUG +logging.level.io.mosip.kernel.auth.defaultadapter.filter=INFO + +## Tomcat access logs +server.tomcat.accesslog.enabled=true +server.tomcat.accesslog.directory=/dev +server.tomcat.accesslog.prefix=stdout +server.tomcat.accesslog.buffered=false +server.tomcat.accesslog.suffix= +server.tomcat.accesslog.file-date-format= +server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}","req.userAgent":"%{User-Agent}i","req.xForwardedFor":"%{X-Forwarded-For}i","req.referer":"%{Referer}i","req.method":"%m","req.remoteHost":"%a"} +server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve + +## Websub (internal url) +websub.hub.url=${mosip.websub.url}/hub/ +websub.publish.url=${mosip.websub.url}/hub/ + +mosip.mandatory-languages=eng +## Leave blank if no optional langauges +mosip.optional-languages=ara,fra,hin,tam,kan +mosip.min-languages.count=1 +mosip.max-languages.count=2 + +# These are default languages used for sending notifications +mosip.default.template-languages=eng,ara,kan,tam,fra,hin + +# Config key to pick the preferred language for communicating to the Resident +mosip.default.user-preferred-language-attribute=preferredLang + +# Path to identity mapping json file +mosip.identity.mapping-file=${mosip.kernel.xsdstorage-uri}/identity-mapping.json + +mosip.notification.timezone=GMT+05:30 + +# registration center type validation regex, used to restrict the special charecter +mosip.centertypecode.validate.regex=^[a-zA-Z0-9]([_-](?![_-])|[a-zA-Z0-9]){0,34}[a-zA-Z0-9]$ + +## Swagger +openapi.service.servers[0].url=${mosip.api.internal.url}${server.servlet.context-path:${server.servlet.path:}} +openapi.service.servers[0].description=For Swagger + +mosip.auth.filter_disable=false + +# PDF Digital card is protected with password using below property based on define attribute it will encrypt by taking first 4 character. +mosip.digitalcard.uincard.password=fullName|dateOfBirth +mosip.digitalcard.pdf.password.enable.flag=true +mosip.access_token.subject.claim-name=sub + +# Comma separated values of allowed auth types +auth.types.allowed=otp-email,otp-phone,demo,bio-FINGER,bio-IRIS,bio-FACE,otp + +# It is used as a suffix for creating credential request ID using the RID. +mosip.registration.processor.rid.delimiter=-PDF \ No newline at end of file diff --git a/application-farmer.properties b/application-farmer.properties new file mode 100644 index 00000000000..8d96c614364 --- /dev/null +++ b/application-farmer.properties @@ -0,0 +1,455 @@ +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# override below properties for v2 deployment +# keycloak.external.url +# keycloak.internal.url +# mosip.api.internal.host + + +aplication.configuration.level.version=LTS + +## Idobject validator +# This config is used for loading recommended centers based on the value of the config. +# The value depicts the location hierarchy code of the hierarchy based on which the recommended centers is loaded +mosip.recommended.centers.locCode=5 + +## Common properties used across different modules +mosipbox.public.url=${mosip.api.internal.url} +mosip.api.internal.url=https://${mosip.api.internal.host} +mosip.api.public.url=https://${mosip.api.public.host} +mosip.kernel.authmanager.url=http://authmanager.kernel +mosip.kernel.masterdata.url=http://masterdata.kernel +mosip.kernel.keymanager.url=http://keymanager.keymanager +mosip.kernel.auditmanager.url=http://auditmanager.kernel +mosip.kernel.notification.url=http://notifier.kernel +mosip.kernel.idgenerator.url=http://idgenerator.kernel +mosip.kernel.otpmanager.url=http://otpmanager.kernel +mosip.kernel.syncdata.url=http://syncdata.kernel +mosip.kernel.pridgenerator.url=http://pridgenerator.kernel +mosip.kernel.ridgenerator.url=http://ridgenerator.kernel +mosip.idrepo.identity.url=http://identity.idrepo +mosip.idrepo.vid.url=http://vid.idrepo +mosip.admin.hotlist.url=http://admin-hotlist.admin +mosip.admin.service.url=http://admin-service.admin +mosip.admin.ui.url=http://admin-ui.admin +mosip.pms.policymanager.url=http://pms-policy.pms +mosip.pms.partnermanager.url=http://pms-partner.pms +mosip.pms.ui.url=http://pms-ui.pms +mosip.idrepo.credrequest.generator.url=http://credentialrequest.idrepo +mosip.idrepo.credential.service.url=http://credential.idrepo +mosip.datashare.url=http://datashare.datashare +mosip.mock.biosdk.url=http://biosdk-service.biosdk +mosip.idrepo.biosdk.url=http://biosdk-service.biosdk +mosip.regproc.workflow.url=http://regproc-workflow.regproc +mosip.regproc.status.service.url=http://regproc-status.regproc +mosip.regproc.transaction.service.url=http://regproc-trans.regproc +mosip.packet.receiver.url=http://regproc-group1.regproc +mosip.websub.url=https://api-internal.synergy.mosip.net +mosip.consolidator.url=http://websub-consolidator.websub +mosip.file.server.url=http://mosip-file-server.mosip-file-server +mosip.ida.internal.url=http://ida-internal.ida +mosip.ida.auth.url=http://ida-auth.ida +mosip.ida.otp.url=http://ida-otp.ida +mosip.resident.url=http://resident.resident +packetmanager.base.url=http://packetmanager.packetmanager/commons +mosip.artifactory.url=http://artifactory.artifactory +mosip.digitalcard.service.url=http://digitalcard.digitalcard +mosip.esignet.service.url=http://esignet.esignet +kafka.profile=kafka.svc.cluster.local +kafka.port=9092 + + +config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ + +# masterdata field data url +mosip.idobjectvalidator.masterdata.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/possiblevalues/{subType} +# Path to IDSchemaVersion. Path is defined as per JsonPath.compile. +mosip.kernel.idobjectvalidator.identity.id-schema-version-path=identity.IDSchemaVersion +# Path to dateOfBirth field. Path is defined as per JsonPath.compile. +mosip.kernel.idobjectvalidator.identity.dob-path = identity.dateOfBirth + +# Refresh cache only once for a particular subType for each request, when a value is not found for that subType. By default, it is false +mosip.idobjectvalidator.refresh-cache-on-unknown-value=false + +# Date format expected in identity json. commenting/removing below property will disable dob format validation in identity json. +mosip.kernel.idobjectvalidator.date-format=uuuu/MM/dd +## Properties that need to be updated when Identity Schema has been updated +mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone +mosip.kernel.idobjectvalidator.mandatory-attributes.id-repository.update-uin=IDSchemaVersion,UIN +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.new-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.child-registration=IDSchemaVersion,UIN,fullName,dateOfBirth|age,gender,addressLine1,region,province,city,zone,postalCode,residenceStatus,referenceIdentityNumber,parentOrGuardianName,parentOrGuardianRID|parentOrGuardianUIN,parentOrGuardianBiometrics +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.other=IDSchemaVersion,UIN +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.lost=IDSchemaVersion +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.biometric_correction=IDSchemaVersion +mosip.kernel.idobjectvalidator.mandatory-attributes.reg-processor.opencrvs_new=IDSchemaVersion +# Value used in IdObjectReferenceValidator when value is not available +mosip.kernel.idobjectvalidator.masterdata.value-not-available=NA + +## Bio attribute allowed to be stored in IDRepo as per Identity Schema +mosip.idrepo.identity.allowedBioAttributes=individualBiometrics + +## List of all bio attriutes defined in Identity Schema +mosip.idrepo.identity.bioAttributes=individualBiometrics,parentOrGuardianBiometrics + +mosip.country.code=MOR + +## Language supported by platform +mosip.supported-languages=eng,ara,fra +mosip.right_to_left_orientation=ara +mosip.left_to_right_orientation=eng,fra + +## Application IDs +mosip.prereg.app-id=PRE_REGISTRATION +mosip.reg.app-id=REGISTRATION +mosip.regproc.app-id=REGISTRATION_PROCESSOR +mosip.ida.app-id=IDA +mosip.ida.ref-id=INTERNAL +mosip.idrepo.app-id=ID_REPO + +mosip.utc-datetime-pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +mosip.sign.header=response-signature +mosip.signed.response.header=response-signature + +## CBEFF util +# Cbeff URL where the files will be stored in git, change it accordingly in case of change of storage location. +mosip.kernel.xsdstorage-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ +# Cbeff XSD file name in config server +mosip.kernel.xsdfile=mosip-cbeff.xsd + +## Applicant type +mosip.kernel.applicant.type.age.limit = 5 +mosip.kernel.applicantType.mvel.file=applicanttype.mvel +mosip.kernel.config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/ + + +## Various length parameters +mosip.kernel.pin.length=6 +mosip.kernel.tspid.length=4 +mosip.kernel.partnerid.length=4 +mosip.kernel.tokenid.length=36 +mosip.kernel.registrationcenterid.length=5 +mosip.kernel.machineid.length=5 + +## RID +mosip.kernel.rid.length=29 +mosip.kernel.rid.timestamp-length=14 +mosip.kernel.rid.sequence-length=5 + +## PRID +mosip.kernel.prid.length=14 +## Upper bound of number of digits in sequence allowed in id. For example if +## limit is 3, then 12 is allowed but 123 is not allowed in id (in both +## ascending and descending order) +mosip.kernel.tokenid.sequence-limit=3 +## Upper bound of number of digits in sequence allowed in id. For example if +## limit is 3, then 12 is allowed but 123 is not allowed in id (in both +## ascending and descending order) +## to disable validation assign zero or negative value +mosip.kernel.prid.sequence-limit=3 +## Number of digits in repeating block allowed in id. For example if limit is 2, +## then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +## to disable validation assign zero or negative value +mosip.kernel.prid.repeating-block-limit=3 +## Lower bound of number of digits allowed in between two repeating digits in +## id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) to disable validation assign zero or negative value +mosip.kernel.prid.repeating-limit=2 +## list of number that id should not be start with to disable null +mosip.kernel.prid.not-start-with=0,1 +## restricted numbers for prid +mosip.kernel.prid.restricted-numbers=786,666 + +## VID +mosip.kernel.vid.length=16 +# Upper bound of number of digits in sequence allowed in id. For example if +# limit is 3, then 12 is allowed but 123 is not allowed in id (in both +# ascending and descending order) +# to disable sequence limit validation assign 1 +mosip.kernel.vid.length.sequence-limit=3 +# Number of digits in repeating block allowed in id. For example if limit is 2, +# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +# to disable repeating block validation assign 0 or negative value +mosip.kernel.vid.length.repeating-block-limit=2 +# Lower bound of number of digits allowed in between two repeating digits in +# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) +# to disable repeating limit validation, assign 0 or negative value +mosip.kernel.vid.length.repeating-limit=2 +# list of number that id should not be start with to disable null +mosip.kernel.vid.not-start-with=0,1 +mosip.kernel.vid.restricted-numbers=786,666 + +## UIN +mosip.kernel.uin.length=10 +mosip.kernel.uin.min-unused-threshold=200000 +mosip.kernel.uin.uins-to-generate=500000 +mosip.kernel.uin.restricted-numbers=786,666 +# Upper bound of number of digits in sequence allowed in id. For example if +# limit is 3, then 12 is allowed but 123 is not allowed in id (in both +# ascending and descending order) +# to disable sequence limit validation assign 1 +mosip.kernel.uin.length.sequence-limit=3 +# Number of digits in repeating block allowed in id. For example if limit is 2, +# then 4xxx4 is allowed but 48xxx48 is not allowed in id (x is any digit) +#to disable validation assign zero or negative value +mosip.kernel.uin.length.repeating-block-limit=2 +# Lower bound of number of digits allowed in between two repeating digits in +# id. For example if limit is 2, then 11 and 1x1 is not allowed in id (x is any digit) +# to disable repeating limit validation, assign 0 or negative value +mosip.kernel.uin.length.repeating-limit=2 +#reverse group digit limit for uin filter +mosip.kernel.uin.length.reverse-digits-limit=5 +#group digit limit for uin filter +mosip.kernel.uin.length.digits-limit=5 +#should not start with +mosip.kernel.uin.not-start-with=0,1 +#adjacent even digit limit for uin filter +mosip.kernel.uin.length.conjugative-even-digits-limit=3 + +## Auth adapter +auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken + +#This is the frontend url configured in the open-id system. This url should match the issuer attribute in JWT. +auth.server.admin.issuer.internal.uri=${keycloak.internal.url}/auth/realms/ +auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/ +auth-token-generator.rest.issuerUrl=${keycloak.internal.url}/auth/realms/mosip +mosip.keycloak.issuerUrl=${keycloak.internal.url}/auth/realms/mosip + +## iam adapter +mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter +mosip.kernel.auth.adapter.ssl-bypass=true +mosip.kernel.auth.appid-realm-map={prereg:'mosip',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip',idrepo:'mosip',hotlist:'mosip',digitalcard:'mosip'} +mosip.kernel.auth.appids.realm.map={prereg:'mosip',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip',idrepo:'mosip',hotlist:'mosip',digitalcard:'mosip'} + +## Crypto +mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING +mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +mosip.kernel.keygenerator.asymmetric-key-length=2048 +mosip.kernel.keygenerator.symmetric-key-length=256 +mosip.kernel.data-key-splitter=#KEY_SPLITTER# +mosip.kernel.crypto.gcm-tag-length=128 +mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 +mosip.kernel.crypto.hash-symmetric-key-length=256 +mosip.kernel.crypto.hash-iteration=100000 +mosip.kernel.crypto.sign-algorithm-name=RS256 +mosip.kernel.keymanager-service-publickey-url=${mosip.kernel.keymanager.url}/v1/keymanager/publickey/{applicationId} +mosip.kernel.keymanager-service-decrypt-url=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt +mosip.kernel.keymanager-service-auth-decrypt-url=${mosip.kernel.keymanager.url}/v1/keymanager/auth/decrypt +mosip.kernel.keymanager-service-sign-url=${mosip.kernel.keymanager.url}/v1/keymanager/sign +mosip.kernel.keymanager.cert.url=${mosip.kernel.keymanager.url}/v1/keymanager/getCertificate +mosip.kernel.keymanager-service-CsSign-url=${mosip.kernel.keymanager.url}/v1/keymanager/cssign +mosip.sign.applicationid=KERNEL +mosip.sign.refid=SIGN +mosip.kernel.cryptomanager.request_id=CRYPTOMANAGER.REQUEST +mosip.kernel.cryptomanager.request_version=v1.0 +mosip.kernel.signature.signature-request-id=SIGNATURE.REQUEST +mosip.kernel.signature.signature-version-id=v1.0 + +## ID repo +mosip.idrepo.identity.uin-status.registered=ACTIVATED +mosip.idrepo.identity.uin-status=ACTIVATED,BLOCKED,DEACTIVATED + +## OTP manager +mosip.kernel.otp.default-length=6 +## Default crypto function: HmacSHA512, HmacSHA256, HmacSHA1. +mosip.kernel.otp.mac-algorithm=HmacSHA512 +## OTP expires after the given time (in seconds). +mosip.kernel.otp.expiry-time=180 +## Key is frozen for the given time (in seconds). +mosip.kernel.otp.key-freeze-time=1800 +## Number of validation attempts allowed. +## mosip.kernel.otp.validation-attempt-threshold =3 means , the validation and generation will be blocked from 4th time. +mosip.kernel.otp.validation-attempt-threshold=10 +mosip.kernel.otp.min-key-length=3 +mosip.kernel.otp.max-key-length=64 + +## Licence key manager +mosip.kernel.licensekey.length=16 +# List of permissions +## NOTE: ',' in the below list is used as splitter in the implementation. +## Use of ',' in the values for below key should be avoided. +## Use of spaces before and after ',' also should be avoided. +mosip.kernel.licensekey.permissions=OTP Trigger,OTP Authentication,Demo Authentication - Identity Data Match,Demo Authentication - Address Data Match,Demo Authentication - Full Address Data Match,Demo Authentication - Secondary Language Match,Biometric Authentication - FMR Data Match,Biometric Authentication - IIR Data Match,Biometric Authentication - FID Data Match,Static Pin Authentication,eKYC - limited,eKYC - Full,eKYC - No + +## Virus scanner +# Here we specify the Kubernetes service name if clamav runs inside cluster +mosip.kernel.virus-scanner.host=clamav.clamav +mosip.kernel.virus-scanner.port=3310 + +## Transliteration +mosip.kernel.transliteration.arabic-language-code=ara +mosip.kernel.transliteration.english-language-code=eng +mosip.kernel.transliteration.french-language-code=fra + +## DOB +mosip.default.dob.month=01 +mosip.default.dob.day=01 +mosip.login.mode= email,mobile + +## Notification +mosip.registration.processor.notification.types=EMAIL +mosip.notificationtype=SMS|EMAIL +mosip.kernel.sms.proxy-sms=false +mosip.kernel.auth.proxy-otp=true +mosip.kernel.auth.proxy-email=true +## Notification lanugage types: either PRIMARY or BOTH +mosip.notification.language-type=BOTH + +## System +logging.level.org.springframework.web.filter.CommonsRequestLoggingFilter=INFO + +## Admin +mosip.min-digit-longitude-latitude=4 +mosip.kernel.filtervalue.max_columns=20 +auth.server.admin.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken + +## PDF generation. TODO: this password must be passed as config server env variable +mosip.kernel.pdf_owner_password={cipher}6cbd7358f7a821132862475c16cf48e575c8e2c5f994fa7140ee08f364015b24 + +## Quality check treshold +mosip.iris_threshold=0 +mosip.leftslap_fingerprint_threshold=0 +mosip.rightslap_fingerprint_threshold=0 +mosip.thumbs_fingerprint_threshold=0 +mosip.facequalitythreshold=0 + +## Bio SDK Integration +mosip.fingerprint.provider=io.mosip.kernel.bioapi.impl.BioApiImpl +mosip.face.provider=io.mosip.kernel.bioapi.impl.BioApiImpl +mosip.iris.provider=io.mosip.kernel.bioapi.impl.BioApiImpl + +## UIN alias +mosip.uin.alias= + +## Kernel salt generator +mosip.kernel.salt-generator.chunk-size=10 +mosip.kernel.salt-generator.start-sequence=0 +mosip.kernel.salt-generator.end-sequence=999 + +## HTTP +server.max-http-header-size=10000000 + + +## Prometheus +management.endpoint.metrics.enabled=true +management.endpoints.web.exposure.include=* +management.endpoint.prometheus.enabled=true +management.metrics.export.prometheus.enabled=true + +mosip.kernel.syncdata-service-idschema-url=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest +mosip.kernel.syncdata-service-dynamicfield-url=${mosip.kernel.masterdata.url}/v1/masterdata/dynamicfields +mosip.kernel.syncdata-service-get-tpm-publicKey-url=${mosip.kernel.syncdata.url}/v1/syncdata/tpm/publickey/ +mosip.kernel.keymanager-service-validate-url=${mosip.kernel.keymanager.url}/v1/keymanager/validate +mosip.kernel.keymanager-service-csverifysign-url=${mosip.kernel.keymanager.url}/v1/keymanager/csverifysign + +## GPS +mosip.registration.gps_device_enable_flag=n + +## Packet manager +## if source is not passed, packetmanager supports below default strategy - +## 1. 'exception' : it will throw exception. +## 2. 'defaultPriority' : use default priority packetmanager.default.priority. +packetmanager.default.read.strategy=defaultPriority +packetmanager.default.priority=source:REGISTRATION_CLIENT\/process:BIOMETRIC_CORRECTION|NEW|UPDATE|LOST,source:RESIDENT\/process:ACTIVATED|DEACTIVATED|RES_UPDATE|RES_REPRINT,source:OPENCRVS\/process:OPENCRVS_NEW +packetmanager.name.source={default:'REGISTRATION_CLIENT',resident:'RESIDENT',opencrvs:'OPENCRVS'} +packetmanager.packet.signature.disable-verification=true +mosip.commons.packetnames=id,evidence,optional +provider.packetreader.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|BIOMETRIC_CORRECTION,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetreader.resident=source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|LOST|RES_REPRINT,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetreader.opencrvs=source:OPENCRVS,process:OPENCRVS_NEW,classname:io.mosip.commons.packet.impl.PacketReaderImpl +provider.packetwriter.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|BIOMETRIC_CORRECTION,classname:io.mosip.commons.packet.impl.PacketWriterImpl +provider.packetwriter.resident=source:RESIDENT,process:ACTIVATED|DEACTIVATED|RES_UPDATE|LOST|RES_REPRINT,classname:io.mosip.commons.packet.impl.PacketWriterImpl +provider.packetwriter.opencrvs=source:OPENCRVS,process:OPENCRVS_NEW,classname:io.mosip.commons.packet.impl.PacketWriterImpl +objectstore.adapter.name=S3Adapter +## When we use AWS as an object store, we see that buckets with the same name across deployments cannot be created.so use the prefix with bucket name +object.store.s3.bucket-name-prefix=${s3.pretext.value:} +# the idschema is double by default. If country wish to change it to string then make this property false +mosip.commons.packet.manager.schema.validator.convertIdSchemaToDouble=true +## can be OnlinePacketCryptoServiceImpl OR OfflinePacketCryptoServiceImpl +objectstore.crypto.name=OnlinePacketCryptoServiceImpl +default.provider.version=v1.0 +## posix adapter config +object.store.base.location=/home/mosip +hazelcast.config=classpath:hazelcast_default.xml + + + +## Swift +object.store.swift.username=test +object.store.swift.password=test +object.store.swift.url=http://localhost:8080 + +packet.manager.account.name=${s3.pretext.value:}packet-manager +CRYPTOMANAGER_DECRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt +CRYPTOMANAGER_ENCRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt +IDSCHEMAURL=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest +KEYMANAGER_SIGN=${mosip.kernel.keymanager.url}/v1/keymanager/sign +AUDIT_URL=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +packet.default.source=id +schema.default.fieldCategory=pvt,none + +## Device registration/deregistration config +mosip.stage.environment=Developer + +## Log level + +logging.level.root=INFO +logging.level.io.mosip=INFO +logging.level.io.vertx=INFO +logging.level.io.mosip.registration.processor.status=DEBUG +logging.level.io.mosip.kernel.auth.defaultadapter.filter=INFO + +## Tomcat access logs +server.tomcat.accesslog.enabled=true +server.tomcat.accesslog.directory=/dev +server.tomcat.accesslog.prefix=stdout +server.tomcat.accesslog.buffered=false +server.tomcat.accesslog.suffix= +server.tomcat.accesslog.file-date-format= +server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}","req.userAgent":"%{User-Agent}i","req.xForwardedFor":"%{X-Forwarded-For}i","req.referer":"%{Referer}i","req.method":"%m","req.remoteHost":"%a"} +server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve + +## Websub (internal url) +websub.hub.url=${mosip.websub.url}/hub/ +websub.publish.url=${mosip.websub.url}/hub/ + +mosip.mandatory-languages=eng +## Leave blank if no optional langauges +mosip.optional-languages=fra,ara,hin,tam,kan,spa +mosip.min-languages.count=2 +mosip.max-languages.count=3 + +# These are default languages used for sending notifications +mosip.default.template-languages=eng,ara,fra + +# Config key to pick the preferred language for communicating to the Resident +mosip.default.user-preferred-language-attribute=preferredLang + +# Path to identity mapping json file +mosip.identity.mapping-file=${mosip.kernel.xsdstorage-uri}/identity-mapping.json + +mosip.notification.timezone=GMT+05:30 + +# registration center type validation regex, used to restrict the special charecter +mosip.centertypecode.validate.regex=^[a-zA-Z0-9]([_-](?![_-])|[a-zA-Z0-9]){0,34}[a-zA-Z0-9]$ + +## Swagger +openapi.service.servers[0].url=${mosip.api.internal.url}${server.servlet.context-path:${server.servlet.path:}} +openapi.service.servers[0].description=For Swagger + +mosip.auth.filter_disable=false + +# PDF Digital card is protected with password using below property based on define attribute it will encrypt by taking first 4 character. +mosip.digitalcard.uincard.password=fullName|dateOfBirth +mosip.digitalcard.pdf.password.enable.flag=true + +# Web UI Idle timeout related properties +mosip.webui.auto.logout.idle=180 +mosip.webui.auto.logout.ping=30 +mosip.webui.auto.logout.timeout=60 + +mosip.access_token.subject.claim-name=sub + +# It is used as a suffix for creating credential request ID using the RID. +mosip.registration.processor.rid.delimiter=-PDF \ No newline at end of file diff --git a/esignet-120.properties b/esignet-120.properties new file mode 100644 index 00000000000..5065b735418 --- /dev/null +++ b/esignet-120.properties @@ -0,0 +1,449 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at https://mozilla.org/MPL/2.0/. + +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# keycloak.external.url +# keycloak.internal.host +# keycloak.internal.url +# keycloak.admin.password +# mosip.auth.client.secret (convention: ..secret) +# mosip.ida.client.secret +# mosip.admin.client.secret +# mosip.reg.client.secret +# mosip.prereg.client.secret +# softhsm.kernel.pin +# softhsm-security-pin +# email.smtp.host +# email.smtp.username +# email.smtp.secret +# mosip.kernel.tokenid.uin.salt +# mosip.kernel.tokenid.partnercode.salt +# mosip.api.internal.url +# mosip.api.public.url + + +## ------------------------------------------------- e-Signet ---------------------------------------------------------- +mosip.esignet.misp.license.key=${mosip.esignet.120.misp.key} +mosip.esignet.amr-acr-mapping-file-url=${spring_config_url_env}/*/${active_profile_env}/${spring_config_label_env}/amr-acr-mapping.json +mosip.esignet.auth-txn-id-length=10 +mosip.esignet.supported-id-regex=\\S* +# Generated ID and access tokens 'exp' depends on the below properties, default value is 1-hour +mosip.esignet.id-token-expire-seconds=3600 +mosip.esignet.access-token-expire-seconds=3600 +# By default, only 2 link codes can be active, and the time period it can be active is defined here, default value is 1 minute +mosip.esignet.link-code-expire-in-secs=60 +# Number of link code allowed to be generated in a transaction, the default value is 10 +mosip.esignet.generate-link-code.limit-per-transaction=10 +# Time to complete consent after successful authentication, the default value is 120 +mosip.esignet.authentication-expire-in-secs=120 + +mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authorization/send-otp', \ + '${server.servlet.path}/authorization/authenticate', \ + '${server.servlet.path}/authorization/v2/authenticate', \ + '${server.servlet.path}/authorization/auth-code'} + +## ------------------------------------------ e-Signet binding --------------------------------------------------------- + +mosip.esignet.binding.salt-length=16 +mosip.esignet.binding.audience-id=esignet-binding +mosip.esignet.binding.key-expire-days=10 +mosip.esignet.binding.encrypt-binding-id=false + +## -------------------------------------- Authentication & Authorization ----------------------------------------------- + +mosip.esignet.security.auth.post-urls={'${server.servlet.path}/client-mgmt/**' : {'SCOPE_add_oidc_client'} , \ + \ '${server.servlet.path}/system-info/**' : { 'SCOPE_upload_certificate'},\ + \ '${server.servlet.path}/binding/wallet-binding' : { 'SCOPE_wallet_binding'}, \ + \ '${server.servlet.path}/binding/binding-otp' : { 'SCOPE_send_binding_otp'}} +mosip.esignet.security.auth.put-urls={'${server.servlet.path}/client-mgmt/**' : { 'SCOPE_update_oidc_client'} } +mosip.esignet.security.auth.get-urls={'${server.servlet.path}/system-info/**' : { 'SCOPE_get_certificate'} } + +mosip.esignet.security.ignore-csrf-urls=${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\ + ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,\ + ${server.servlet.path}/swagger-ui/**,${server.servlet.path}/v3/api-docs/**,\ + ${server.servlet.path}/linked-authorization/link-transaction,${server.servlet.path}/linked-authorization/authenticate,\ + ${server.servlet.path}/linked-authorization/consent,${server.servlet.path}/binding/**,${server.servlet.path}/client-mgmt/**,\ + ${server.servlet.path}/vci/**,${server.servlet.path}/system-info/**,${server.servlet.path}/linked-authorization/v2/link-transaction,\ + ${server.servlet.path}/linked-authorization/v2/authenticate,${server.servlet.path}/linked-authorization/v2/consent + +mosip.esignet.security.ignore-auth-urls=${server.servlet.path}/csrf/**,${server.servlet.path}/authorization/**,\ + ${server.servlet.path}/linked-authorization/**,${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\ + ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,${server.servlet.path}/swagger-ui/**,\ + ${server.servlet.path}/v3/api-docs/**,${server.servlet.path}/binding/**,${server.servlet.path}/vci/** + +spring.security.oauth2.resourceserver.jwt.issuer-uri=${keycloak.external.url}/auth/realms/mosip +spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs + +##------------------------------------------ Kafka configurations ------------------------------------------------------ +spring.kafka.bootstrap-servers=kafka-0.kafka-headless.${kafka.profile}:${kafka.port},kafka-1.kafka-headless.${kafka.profile}:${kafka.port},kafka-2.kafka-headless.${kafka.profile}:${kafka.port} +spring.kafka.consumer.group-id=esignet-consumer +spring.kafka.consumer.enable-auto-commit=true +#spring.kafka.listener.concurrency=1 + +mosip.esignet.kafka.linked-session.topic=esignet-linked +mosip.esignet.kafka.linked-auth-code.topic=esignet-consented + +## ------------------------------------------- Integrations ------------------------------------------------------------ + +mosip.esignet.integration.scan-base-package=io.mosip.authentication.esignet.integration,io.mosip.esignet.mock.integration +mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl +mosip.esignet.integration.authenticator=IdaAuthenticatorImpl +mosip.esignet.integration.key-binder=IdaKeyBinderImpl +mosip.esignet.integration.audit-plugin=IdaAuditPluginImpl +mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService +mosip.esignet.integration.vci-plugin=IdaVCIssuancePluginImpl + +# captcha validator +mosip.esignet.send-otp.captcha-required=false +mosip.esignet.captcha-validator.url=https://www.google.com/recaptcha/api/siteverify +mosip.esignet.captcha-validator.secret=${esignet.captcha.120.secret.key} +mosip.esignet.captcha-validator.site-key=${esignet.captcha.120.site.key} + +# IDA integration props +mosip.esignet.authenticator.ida-auth-id=mosip.identity.kycauth +mosip.esignet.authenticator.ida-exchange-id=mosip.identity.kycexchange +mosip.esignet.authenticator.ida-send-otp-id=mosip.identity.otp +mosip.esignet.authenticator.ida-version=1.0 +mosip.esignet.authenticator.ida-domainUri=https://${mosip.esignet.120.host} +mosip.esignet.authenticator.ida.cert-url=https://${mosip.api.public.host}/mosip-certs/ida-partner.cer +mosip.esignet.authenticator.ida.kyc-auth-url=https://${mosip.api.internal.host}/idauthentication/v1/kyc-auth/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.kyc-exchange-url=https://${mosip.api.internal.host}/idauthentication/v1/kyc-exchange/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.send-otp-url=https://${mosip.api.internal.host}/idauthentication/v1/otp/${mosip.esignet.misp.license.key}/ +mosip.esignet.binder.ida.key-binding-url=https://${mosip.api.internal.host}/idauthentication/v1/identity-key-binding/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.get-certificates-url=https://${mosip.api.internal.host}/idauthentication/v1/internal/getAllCertificates +mosip.esignet.authenticator.ida.auth-token-url=https://${mosip.api.internal.host}/v1/authmanager/authenticate/clientidsecretkey +mosip.esignet.authenticator.ida.audit-manager-url=https://${mosip.api.internal.host}/v1/auditmanager/audits +mosip.esignet.authenticator.ida.client-id=mosip-ida-client +mosip.esignet.authenticator.ida.secret-key=${mosip.ida.client.secret} +mosip.esignet.authenticator.ida.app-id=ida +mosip.esignet.authenticator.ida-env=Developer +mosip.esignet.authenticator.ida.otp-channels=email,phone + +mosip.esignet.ida.vci-user-info-cache=userinfo +mosip.esignet.ida.vci-exchange-id=mosip.identity.vciexchange +mosip.esignet.ida.vci-exchange-version=1.0 +mosip.esignet.ida.vci-exchange-url=https://${mosip.api.internal.host}/idauthentication/v1/vci-exchange/delegated/${mosip.esignet.misp.license.key}/ + +# Mock IDA integration props +mosip.esignet.mock.authenticator.get-identity-url=https://${mosip.api.public.host}/v1/mock-identity-system/identity +mosip.esignet.mock.authenticator.kyc-auth-url=https://${mosip.api.public.host}/v1/mock-identity-system/kyc-auth +mosip.esignet.mock.authenticator.kyc-exchange-url=https://${mosip.api.public.host}/v1/mock-identity-system/kyc-exchange +mosip.esignet.mock.authenticator.ida.otp-channels=${mosip.esignet.authenticator.ida.otp-channels} +mosip.esignet.mock.authenticator.send-otp=https://${mosip.api.public.host}/v1/mock-identity-system/send-otp +mosip.esignet.mock.supported.bind-auth-factor-types={'WLA'} +mosip.esignet.mock.vciplugin.verification-method=${mosip.esignet.vci.authn.jwk-set-uri} + +## ------------------------------------------ oauth & openid supported values ------------------------------------------ + +## supported scopes +mosip.esignet.supported.authorize.scopes={'Manage-Identity-Data','Manage-VID','Manage-Authentication','Manage-Service-Requests','Manage-Credentials'} +mosip.esignet.supported.openid.scopes={'profile','email','phone'} +mosip.esignet.openid.scope.claims={'profile' : {'name','address','gender','birthdate','picture','email','phone_number'},'email' : {'email'}, 'phone' : {'phone_number'}} +mosip.esignet.supported.credential.scopes={'mock_identity_vc_ldp', 'mosip_identity_vc_ldp'} +mosip.esignet.credential.scope-resource-mapping={'mock_identity_vc_ldp' : '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential', 'mosip_identity_vc_ldp': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential'} + +## supported authorization processing flow to be used, Currently only supports Authorization Code Flow. +mosip.esignet.supported.response.types={'code'} + +## Form of Authorization Grant presented to token endpoint +mosip.esignet.supported.grant.types={'authorization_code'} + +## specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User +# page-The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. +# popup-The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. +# touch-The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. +# wap-The Authorization Server SHOULD display the authentication and consent UI consistent with a "feature phone" type display. +mosip.esignet.supported.ui.displays={'page','popup','touch','wap'} + +## specifies whether the Authorization Server prompts the End-User for reauthentication and consent +# none-The Authorization Server MUST NOT display any authentication or consent user interface pages. +# An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent +# for the requested Claims or does not fulfill other conditions for processing the request. +# The error code will typically be login_required, interaction_required, or another code defined in Section 3.1.2.6. +# This can be used as a method to check for existing authentication and/or consent. +# login-The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, \ +# it MUST return an error, typically login_required. +# consent-The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. +# If it cannot obtain consent, it MUST return an error, typically consent_required. +# select_account-The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User +# who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current +# sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, +# typically account_selection_required. +mosip.esignet.supported.ui.prompts={'none','login','consent','select_account'} + +## Type of the client assertion +mosip.esignet.supported.client.assertion.types={'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'} + +## Type of the client authentication methods for token endpoint +mosip.esignet.supported.client.auth.methods={'private_key_jwt'} + +## Only S256 method supported +mosip.esignet.supported-pkce-methods={'S256'} + +## ---------------------------------------- Cache configuration -------------------------------------------------------- + +mosip.esignet.cache.secure.individual-id=true +mosip.esignet.cache.store.individual-id=true +mosip.esignet.cache.security.secretkey.reference-id=TRANSACTION_CACHE +mosip.esignet.cache.security.algorithm-name=AES/ECB/PKCS5Padding + +mosip.esignet.cache.names=clientdetails,preauth,authenticated,authcodegenerated,userinfo,linkcodegenerated,linked,linkedcode,linkedauth,consented,authtokens,bindingtransaction,vcissuance + +#spring.cache.type=redis +#spring.cache.cache-names=${mosip.esignet.cache.names} +#spring.redis.host=localhost +#spring.redis.port=6379 +management.health.redis.enabled=false + +# 'simple' cache type is only applicable only for Non-Production setup +spring.cache.type=simple +mosip.esignet.cache.key.hash.algorithm=SHA3-256 + +# Cache size setup is applicable only for 'simple' cache type. +# Cache size configuration will not be considered with 'Redis' cache type +mosip.esignet.cache.size={'clientdetails' : 200, \ +'preauth': 200, \ +'authenticated': 200, \ +'authcodegenerated': 200, \ +'userinfo': 200, \ +'linkcodegenerated' : 500, \ +'linked': 200 , \ +'linkedcode': 200, \ +'linkedauth' : 200 , \ +'consented' :200, \ +'authtokens': 2, \ +'bindingtransaction': 200, \ +'vcissuance' : 200 } + +# Cache expire in seconds is applicable for both 'simple' and 'Redis' cache type +mosip.esignet.cache.expire-in-seconds={'clientdetails' : 86400, \ +'preauth': 300,\ +'authenticated': ${mosip.esignet.authentication-expire-in-secs}, \ +'authcodegenerated': 60, \ +'userinfo': ${mosip.esignet.access-token-expire-seconds}, \ +'linkcodegenerated' : ${mosip.esignet.link-code-expire-in-secs}, \ +'linked': 120, \ +'linkedcode': ${mosip.esignet.link-code-expire-in-secs}, \ +'linkedauth' : ${mosip.esignet.authentication-expire-in-secs}, \ +'consented': 60, \ +'authtokens': 86400, \ +'bindingtransaction': 600, \ +'vcissuance': ${mosip.esignet.access-token-expire-seconds} } + +## ------------------------------------------ Discovery openid-configuration ------------------------------------------- + +mosip.esignet.domain.url=https://${mosip.esignet.120.host} +mosip.esignet.discovery.issuer-id=${mosip.esignet.domain.url}${server.servlet.path} + +# This property holds ./wellknown/jwks.json URL, +# for local deployments without esignet-ui nginx change the value to ${mosip.esignet.domain.url}${server.servlet.path}/oauth/.well-known/jwks.json +mosip.esignet.jwks-uri=${mosip.esignet.domain.url}/.well-known/jwks.json + +mosip.esignet.oauth.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/authorize' , \ + \ 'token_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/oauth/token' , \ + \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ + \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ + \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'},\ + \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \ + \ 'response_modes_supported' : { 'query' }, \ + \ 'grant_types_supported' : ${mosip.esignet.supported.grant.types},\ + \ 'response_types_supported' : ${mosip.esignet.supported.response.types}} + +mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/authorize' , \ + \ 'token_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/oauth/token' ,\ + \ 'userinfo_endpoint' : '${mosip.esignet.domain.url}${server.servlet.path}/oidc/userinfo' ,\ + \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ + \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \ + \ 'response_types_supported' : ${mosip.esignet.supported.response.types}, \ + \ 'response_modes_supported' : { 'query' }, \ + \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ + \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'}, \ + \ 'userinfo_signing_alg_values_supported' : {'RS256'}, \ + \ 'userinfo_encryption_alg_values_supported' : {'RSAXXXXX'},\ + \ 'userinfo_encryption_enc_values_supported' : {'A128GCM'}, \ + \ 'id_token_signing_alg_values_supported' : {'RS256'}, \ + \ 'claim_types_supported': {'normal'}, \ + \ 'claims_parameter_supported' : true, \ + \ 'display_values_supported' : ${mosip.esignet.supported.ui.displays}, \ + \ 'subject_types_supported' : { 'pairwise' }, \ + \ 'claims_supported' : {'name','address','gender','birthdate','picture','email','phone_number','individual_id'}, \ + \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics'},\ + \ 'request_parameter_supported' : false, \ + \ 'claims_locales_supported' : {'en'}, \ + \ 'ui_locales_supported' : {'en'} } + +##----------------------------------------- Database properties -------------------------------------------------------- + +mosip.esignet.database.hostname=172.31.1.102 +mosip.esignet.database.port=5432 +spring.datasource.url=jdbc:postgresql://${mosip.esignet.database.hostname}:${mosip.esignet.database.port}/mosip_esignet_120?currentSchema=esignet +spring.datasource.username=esignetuser +spring.datasource.password=${db.dbuser.password} + +spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL95Dialect +spring.jpa.show-sql=false +spring.jpa.hibernate.ddl-auto=none +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true + +#------------------------------------ Key-manager specific properties -------------------------------------------------- +#Crypto asymmetric algorithm name +mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING +#Crypto symmetric algorithm name +mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding +#Keygenerator asymmetric algorithm name +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +#Keygenerator symmetric algorithm name +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +#Asymmetric algorithm key length +mosip.kernel.keygenerator.asymmetric-key-length=2048 +#Symmetric algorithm key length +mosip.kernel.keygenerator.symmetric-key-length=256 +#Encrypted data and encrypted symmetric key separator +mosip.kernel.data-key-splitter=#KEY_SPLITTER# +#GCM tag length +mosip.kernel.crypto.gcm-tag-length=128 +#Hash algo name +mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 +#Symmtric key length used in hash +mosip.kernel.crypto.hash-symmetric-key-length=256 +#No of iterations in hash +mosip.kernel.crypto.hash-iteration=100000 +#Sign algo name +mosip.kernel.crypto.sign-algorithm-name=RS256 +#Certificate Sign algo name +mosip.kernel.certificate.sign.algorithm=SHA256withRSA + +#mosip.kernel.keymanager.hsm.config-path=local.p12 +#mosip.kernel.keymanager.hsm.keystore-type=PKCS12 +#mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.idp.pin} + +#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE +mosip.kernel.keymanager.hsm.keystore-type=PKCS11 +# For PKCS11 provide Path of config file. +# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name. +# For Offline & JCE property can be left blank, specified value will be ignored. +mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf +# Passkey of keystore for PKCS11, PKCS12 +# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties. +mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.esignet.120.security.pin} + + +mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io +mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER +mosip.kernel.keymanager.certificate.default.organization=IITB +mosip.kernel.keymanager.certificate.default.location=BANGALORE +mosip.kernel.keymanager.certificate.default.state=KA +mosip.kernel.keymanager.certificate.default.country=IN + +mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io +mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP +mosip.kernel.keymanager.softhsm.certificate.organization=IITB +mosip.kernel.keymanager.softhsm.certificate.country=IN + +# Application Id for PMS master key. +mosip.kernel.partner.sign.masterkey.application.id=PMS +mosip.kernel.partner.allowed.domains=DEVICE + +mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate +mosip.kernel.keymanager.jwtsign.validate.json=false +mosip.keymanager.dao.enabled=false +crypto.PrependThumbprint.enable=true + +mosip.kernel.keymgr.hsm.health.check.enabled=true +mosip.kernel.keymgr.hsm.health.key.app-id=OIDC_SERVICE +mosip.kernel.keymgr.hsm.healthkey.ref-id=TRANSACTION_CACHE +mosip.kernel.keymgr.hsm.health.check.encrypt=true + +## -------------------------------------------- IDP-UI config ---------------------------------------------------------- +# NOTE: +# 1. linked-transaction-expire-in-secs value should be a sum of 'mosip.esignet.authentication-expire-in-secs' and 'linked' cache expire in seconds under mosip.esignet.cache.expire-in-seconds property +# 2. A new Qrcode will be autogenerated before the expiry of current qr-code, and the time difference in seconds for the same is defined in wallet.qr-code-buffer-in-secs property +# 3. If esignet is deployed with MOSIP IDA, then 'resend.otp.delay.secs' must be the same as 'mosip.kernel.otp.expiry-time' + +mosip.esignet.ui.wallet.config={{'wallet.name': 'Inji Mobile App', 'wallet.logo-url': 'inji_logo.png', 'wallet.download-uri': '#', \ + 'wallet.deep-link-uri': 'inji://landing-page-name?linkCode=LINK_CODE&linkExpireDateTime=LINK_EXPIRE_DT' },{'wallet.name': 'Inji Mobile App1', 'wallet.logo-url': 'inji_logo.png', 'wallet.download-uri': '#', \ + 'wallet.deep-link-uri': 'inji://landing-page-name?linkCode=LINK_CODE&linkExpireDateTime=LINK_EXPIRE_DT' }} + +mosip.esignet.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 30, \ + 'sbi.timeout.DINFO': 30, 'sbi.timeout.CAPTURE': 30, 'sbi.capture.count.face': 1, 'sbi.capture.count.finger': 1, \ + 'sbi.capture.count.iris': 1, 'sbi.capture.score.face': 70, 'sbi.capture.score.finger':70, 'sbi.capture.score.iris':70, \ + 'resend.otp.delay.secs': 180, 'send.otp.channels' : '${mosip.esignet.authenticator.ida.otp-channels}', \ + 'captcha.sitekey' : '${mosip.esignet.captcha-validator.site-key}', 'captcha.enable' : '', \ + 'auth.txnid.length' : '${mosip.esignet.auth-txn-id-length}', 'consent.screen.timeout-in-secs':${mosip.esignet.authentication-expire-in-secs}, \ + 'consent.screen.timeout-buffer-in-secs': 5, 'linked-transaction-expire-in-secs': 240, 'sbi.port.range': 4501-4600, \ + 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': 6, \ + 'password.regex': '\\S*', 'wallet.config': ${mosip.esignet.ui.wallet.config} } + +## ---------------------------------------------- VCI ------------------------------------------------------------------ +# Used to verify audience in the PoP JWT +mosip.esignet.vci.identifier=${mosip.esignet.domain.url}${server.servlet.path} +mosip.esignet.vci.authn.filter-urls={ '${server.servlet.path}/vci/credential' } +# Change this if the VCI is used with different OAUTH2.0 server +mosip.esignet.vci.authn.issuer-uri=${mosip.esignet.discovery.issuer-id} +mosip.esignet.vci.authn.jwk-set-uri=${mosip.esignet.jwks-uri} + +mosip.esignet.vci.authn.allowed-audiences={ '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential' } + +mosip.esignet.cnonce-expire-seconds=40 +mosip.esignet.vci.supported.jwt-proof-alg={'RS256'} +mosip.esignet.vci.key-values={ 'credential_issuer': '${mosip.esignet.domain.url}', \ + 'credential_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential', \ + 'credentials_supported': {{\ + 'format': 'ldp_vc',\ + 'id': 'MockVerifiableCredential', \ + 'scope' : 'mock_identity_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'RsaSignature2018'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential'},\ + 'credentialSubject': {\ + 'name': { 'display': {{'name': 'Given Name', 'locale': 'en' }}}, \ + 'age': { 'display': {{ 'name': 'Age', 'locale': 'en'}}}\ + }},\ + 'display': {{'name': 'Mock Verifiable Credential by e-Signet', \ + 'locale': 'en', \ + 'logo': {'url': '${mosip.esignet.domain.url}/logo.png',\ + 'alt_text': 'a square logo of a MOSIP'},\ + 'background_color': '#12107c',\ + 'text_color': '#FFFFFF'}}\ + \ },{\ + 'format': 'ldp_vc',\ + 'id': 'MOSIPVerifiableCredential', \ + 'scope' : 'mosip_identity_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'RsaSignature2018'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential'},\ + 'credentialSubject': {\ + 'fullName': { 'display': {{'name': 'Full Name', 'locale': 'en' }}},\ + 'phone': { 'display': {{'name': 'Phone Number', 'locale': 'en' }}},\ + 'dateOfBirth': { 'display': {{'name': 'DOB', 'locale': 'en' }}},\ + 'gender': { 'display': {{'name': 'Gender', 'locale': 'en' }}},\ + 'residenceStatus': { 'display': {{'name': 'Residence Status', 'locale': 'en' }}},\ + 'email': { 'display': {{'name': 'Email Id', 'locale': 'en' }}},\ + 'region': { 'display': {{'name': 'Region', 'locale': 'en' }}},\ + 'province': { 'display': {{'name': 'Province', 'locale': 'en' }}},\ + 'city': { 'display': {{'name': 'City', 'locale': 'en' }}},\ + 'postalCode': { 'display': {{'name': 'Postal Code', 'locale': 'en' }}}\ + }},\ + 'display': {{'name': 'MOSIP Identity Verifiable Credential', \ + 'locale': 'en', \ + 'logo': {'url': '${mosip.esignet.domain.url}/logo.png',\ + 'alt_text': 'a square logo of a MOSIP'},\ + 'background_color': '#12107c',\ + 'text_color': '#FFFFFF'}}\ + \ }},\ + 'display': {{'name': 'MOSIP', 'locale': 'en'}}\ + } +## -------------------------------------------- Others ---------------------------------------------------------- + +#logging.level.org.springframework.web.client.RestTemplate=DEBUG +#logging.level.io.mosip.esignet=DEBUG \ No newline at end of file diff --git a/esignet-farmer.properties b/esignet-farmer.properties new file mode 100644 index 00000000000..96fb0dea9e0 --- /dev/null +++ b/esignet-farmer.properties @@ -0,0 +1,618 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at https://mozilla.org/MPL/2.0/. + +# Follow properites have their values assigned via 'overrides' environment variables of config server docker. +# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server +# helm chart: +# db.dbuser.password +# keycloak.external.url +# keycloak.internal.host +# keycloak.internal.url +# keycloak.admin.password +# mosip.auth.client.secret (convention: ..secret) +# mosip.ida.client.secret +# mosip.admin.client.secret +# mosip.reg.client.secret +# mosip.prereg.client.secret +# softhsm.kernel.pin +# softhsm-security-pin +# email.smtp.host +# email.smtp.username +# email.smtp.secret +# mosip.kernel.tokenid.uin.salt +# mosip.kernel.tokenid.partnercode.salt +# mosip.api.internal.url +# mosip.api.public.url + + +## ------------------------------------------------- e-Signet ---------------------------------------------------------- + +mosip.esignet.misp.license.key=${mosip.esignet.farmer.misp.key} +mosip.esignet.amr-acr-mapping-file-url=${spring_config_url_env}/*/${active_profile_env}/${spring_config_label_env}/amr-acr-mapping.json +mosip.esignet.auth-txn-id-length=10 +mosip.esignet.supported-id-regex=\\S* +# Generated ID and access tokens 'exp' depends on the below properties, default value is 1-hour +mosip.esignet.id-token-expire-seconds=3600 +mosip.esignet.access-token-expire-seconds=3600 +# By default, only 2 link codes can be active, and the time period it can be active is defined here, default value is 1 minute +mosip.esignet.link-code-expire-in-secs=60 +# Number of link code allowed to be generated in a transaction, the default value is 10 +mosip.esignet.generate-link-code.limit-per-transaction=10 +# Time to complete consent after successful authentication, the default value is 120 +mosip.esignet.authentication-expire-in-secs=120 + +# Auth challenge type & format mapping. Auth challenge length validations for each auth factor type. +mosip.esignet.auth-challenge.OTP.format=alpha-numeric +mosip.esignet.auth-challenge.OTP.min-length=6 +mosip.esignet.auth-challenge.OTP.max-length=6 + +mosip.esignet.auth-challenge.PWD.format=alpha-numeric +mosip.esignet.auth-challenge.PWD.min-length=8 +mosip.esignet.auth-challenge.PWD.max-length=30 + +mosip.esignet.auth-challenge.BIO.format=encoded-json +mosip.esignet.auth-challenge.BIO.min-length=5000 +mosip.esignet.auth-challenge.BIO.max-length=300000 + +mosip.esignet.auth-challenge.WLA.format=jwt +mosip.esignet.auth-challenge.WLA.min-length=100 +mosip.esignet.auth-challenge.WLA.max-length=1500 + +mosip.esignet.auth-challenge.KBA.format=base64url-encoded-json +mosip.esignet.auth-challenge.KBA.min-length=50 +mosip.esignet.auth-challenge.KBA.max-length=500 + +mosip.esignet.auth-challenge.PIN.format=number +mosip.esignet.auth-challenge.PIN.min-length=4 +mosip.esignet.auth-challenge.PIN.max-length=4 + + +# Endpoints required to have oauth-details-hash and oauth-details-key HTTP header +mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authorization/send-otp', \ + '${server.servlet.path}/authorization/authenticate', \ + '${server.servlet.path}/authorization/v2/authenticate', \ + '${server.servlet.path}/authorization/v3/authenticate', \ + '${server.servlet.path}/authorization/auth-code'} + +#This property is used for captcha validation and allowed values are send-otp, pwd and kba. +#captcha validation is enabled for send-otp, pwd and kba. +mosip.esignet.captcha.required=send-otp,pwd + +#Properties used to ratelimit the incoming requests +mosip.esignet.send-otp.attempts=3 +mosip.esignet.authenticate.attempts=3 + +## ------------------------------------------ e-Signet binding --------------------------------------------------------- + +mosip.esignet.binding.salt-length=16 +mosip.esignet.binding.audience-id=esignet-binding +mosip.esignet.binding.key-expire-days=10 +mosip.esignet.binding.encrypt-binding-id=false + +## -------------------------------------- Authentication & Authorization ----------------------------------------------- + +mosip.esignet.security.auth.post-urls={'${server.servlet.path}/client-mgmt/**' : {'SCOPE_add_oidc_client'} , \ + \ '${server.servlet.path}/system-info/**' : { 'SCOPE_upload_certificate'},\ + \ '${server.servlet.path}/binding/wallet-binding' : { 'SCOPE_wallet_binding'}, \ + \ '${server.servlet.path}/binding/binding-otp' : { 'SCOPE_send_binding_otp'}} +mosip.esignet.security.auth.put-urls={'${server.servlet.path}/client-mgmt/**' : { 'SCOPE_update_oidc_client'} } +mosip.esignet.security.auth.get-urls={'${server.servlet.path}/system-info/**' : { 'SCOPE_get_certificate'} } + +mosip.esignet.security.ignore-csrf-urls=${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\ + ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,\ + ${server.servlet.path}/swagger-ui/**,${server.servlet.path}/v3/api-docs/**,\ + ${server.servlet.path}/linked-authorization/link-transaction,${server.servlet.path}/linked-authorization/authenticate,\ + ${server.servlet.path}/linked-authorization/consent,${server.servlet.path}/binding/**,${server.servlet.path}/client-mgmt/**,\ + ${server.servlet.path}/vci/**,${server.servlet.path}/system-info/**,${server.servlet.path}/linked-authorization/v2/link-transaction,\ + ${server.servlet.path}/linked-authorization/v2/authenticate,${server.servlet.path}/linked-authorization/v2/consent + +mosip.esignet.security.ignore-auth-urls=${server.servlet.path}/csrf/**,${server.servlet.path}/authorization/**,\ + ${server.servlet.path}/linked-authorization/**,${server.servlet.path}/oidc/**,${server.servlet.path}/oauth/**,\ + ${server.servlet.path}/actuator/**,/favicon.ico,${server.servlet.path}/error,${server.servlet.path}/swagger-ui/**,\ + ${server.servlet.path}/v3/api-docs/**,${server.servlet.path}/binding/**,${server.servlet.path}/vci/** + +spring.security.oauth2.resourceserver.jwt.issuer-uri=${keycloak.external.url}/auth/realms/mosip +spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs + +##------------------------------------------ Kafka configurations ------------------------------------------------------ +spring.kafka.bootstrap-servers=kafka-0.kafka-headless.${kafka.profile}:${kafka.port},kafka-1.kafka-headless.${kafka.profile}:${kafka.port},kafka-2.kafka-headless.${kafka.profile}:${kafka.port} +spring.kafka.consumer.group-id=esignet-consumer +spring.kafka.consumer.enable-auto-commit=true +#spring.kafka.listener.concurrency=1 + +mosip.esignet.kafka.linked-session.topic=esignet-linked +mosip.esignet.kafka.linked-auth-code.topic=esignet-consented + +## ------------------------------------------- Integrations ------------------------------------------------------------ + +mosip.esignet.integration.scan-base-package=io.mosip.esignet.mock.integration,io.mosip.authentication.esignet.integration +mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl +mosip.esignet.integration.authenticator=SunbirdRCAuthenticationService +mosip.esignet.integration.key-binder=MockKeyBindingWrapperService +mosip.esignet.integration.audit-plugin=LoggerAuditService +mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService +mosip.esignet.integration.vci-plugin=SunbirdRCVCIssuancePlugin + +# captcha validator +mosip.esignet.send-otp.captcha-required=false +mosip.esignet.captcha-validator.url=https://www.google.com/recaptcha/api/siteverify +mosip.esignet.captcha-validator.secret=${esignet.captcha.farmer.secret.key} +mosip.esignet.captcha-validator.site-key=${esignet.captcha.farmer.site.key} + +# IDA integration props +mosip.esignet.authenticator.ida-auth-id=mosip.identity.kycauth +mosip.esignet.authenticator.ida-exchange-id=mosip.identity.kycexchange +mosip.esignet.authenticator.ida-send-otp-id=mosip.identity.otp +mosip.esignet.authenticator.ida-version=1.0 +mosip.esignet.authenticator.ida-domainUri=https://${mosip.esignet.insurance.host} +mosip.esignet.authenticator.ida.cert-url=${mosip.file.server.url}/mosip-certs/ida-partner.cer +mosip.esignet.authenticator.ida.kyc-auth-url=${mosip.ida.auth.url}/idauthentication/v1/kyc-auth/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.kyc-exchange-url=${mosip.ida.auth.url}/idauthentication/v1/kyc-exchange/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.send-otp-url=${mosip.ida.otp.url}/idauthentication/v1/otp/${mosip.esignet.misp.license.key}/ +mosip.esignet.binder.ida.key-binding-url=${mosip.ida.auth.url}/idauthentication/v1/identity-key-binding/delegated/${mosip.esignet.misp.license.key}/ +mosip.esignet.authenticator.ida.get-certificates-url=${mosip.ida.internal.url}/idauthentication/v1/internal/getAllCertificates +mosip.esignet.authenticator.ida.auth-token-url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey +mosip.esignet.authenticator.ida.audit-manager-url=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits +mosip.esignet.authenticator.ida.client-id=mosip-ida-client +mosip.esignet.authenticator.ida.secret-key=${mosip.ida.client.secret} +mosip.esignet.authenticator.ida.app-id=ida +mosip.esignet.authenticator.ida-env=Developer +mosip.esignet.authenticator.ida.otp-channels=email,phone + +mosip.esignet.ida.vci-user-info-cache=userinfo +mosip.esignet.ida.vci-exchange-id=mosip.identity.vciexchange +mosip.esignet.ida.vci-exchange-version=1.0 +mosip.esignet.ida.vci-exchange-url=https://${mosip.api.internal.host}/idauthentication/v1/vci-exchange/delegated/${mosip.esignet.misp.license.key}/ + +# Mock IDA integration props +mosip.esignet.mock.authenticator.get-identity-url=https://${mosip.api.public.host}/v1/mock-identity-system/identity +mosip.esignet.mock.authenticator.kyc-auth-url=https://${mosip.api.public.host}/v1/mock-identity-system/kyc-auth +mosip.esignet.mock.authenticator.kyc-exchange-url=https://${mosip.api.public.host}/v1/mock-identity-system/kyc-exchange +mosip.esignet.mock.authenticator.ida.otp-channels=${mosip.esignet.authenticator.ida.otp-channels} +mosip.esignet.mock.authenticator.send-otp=https://${mosip.api.public.host}/v1/mock-identity-system/send-otp +mosip.esignet.mock.supported.bind-auth-factor-types={'WLA'} +mosip.esignet.mock.vciplugin.verification-method=${mosip.esignet.vci.authn.jwk-set-uri} + +## ------------------------------------------ oauth & openid supported values ------------------------------------------ + +## supported scopes +mosip.esignet.supported.authorize.scopes={'Manage-Identity-Data','Manage-VID','Manage-Authentication','Manage-Service-Requests','Manage-Credentials'} +mosip.esignet.supported.openid.scopes={'profile','email','phone'} +mosip.esignet.openid.scope.claims={'profile' : {'name','address','gender','birthdate','picture','email','phone_number'},'email' : {'email'}, 'phone' : {'phone_number'}} +mosip.esignet.supported.credential.scopes={'mock_identity_vc_ldp', 'mosip_identity_vc_ldp', 'sunbird_rc_insurance_vc_ldp','life_insurance_vc_ldp'} +mosip.esignet.credential.scope-resource-mapping={'mock_identity_vc_ldp' : '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential', 'mosip_identity_vc_ldp': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential', 'sunbird_rc_insurance_vc_ldp': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential','life_insurance_vc_ldp' : '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential'} + +## supported authorization processing flow to be used, Currently only supports Authorization Code Flow. +mosip.esignet.supported.response.types={'code'} + +## Form of Authorization Grant presented to token endpoint +mosip.esignet.supported.grant.types={'authorization_code'} + +## specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User +# page-The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. +# popup-The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. +# touch-The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. +# wap-The Authorization Server SHOULD display the authentication and consent UI consistent with a "feature phone" type display. +mosip.esignet.supported.ui.displays={'page','popup','touch','wap'} + +## specifies whether the Authorization Server prompts the End-User for reauthentication and consent +# none-The Authorization Server MUST NOT display any authentication or consent user interface pages. +# An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent +# for the requested Claims or does not fulfill other conditions for processing the request. +# The error code will typically be login_required, interaction_required, or another code defined in Section 3.1.2.6. +# This can be used as a method to check for existing authentication and/or consent. +# login-The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, \ +# it MUST return an error, typically login_required. +# consent-The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. +# If it cannot obtain consent, it MUST return an error, typically consent_required. +# select_account-The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User +# who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current +# sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error, +# typically account_selection_required. +mosip.esignet.supported.ui.prompts={'none','login','consent','select_account'} + +## Type of the client assertion +mosip.esignet.supported.client.assertion.types={'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'} + +## Type of the client authentication methods for token endpoint +mosip.esignet.supported.client.auth.methods={'private_key_jwt'} + +## Only S256 method supported +mosip.esignet.supported-pkce-methods={'S256'} + +## ---------------------------------------- Cache configuration -------------------------------------------------------- + +mosip.esignet.cache.secure.individual-id=true +mosip.esignet.cache.store.individual-id=true +mosip.esignet.cache.security.secretkey.reference-id=TRANSACTION_CACHE +mosip.esignet.cache.security.algorithm-name=AES/ECB/PKCS5Padding + +mosip.esignet.cache.names=clientdetails,preauth,authenticated,authcodegenerated,userinfo,linkcodegenerated,linked,linkedcode,linkedauth,consented,authtokens,bindingtransaction,vcissuance,apiRateLimit,blocked + +#spring.cache.type=redis +#spring.cache.cache-names=${mosip.esignet.cache.names} +#spring.redis.host=localhost +#spring.redis.port=6379 +management.health.redis.enabled=false + +# 'simple' cache type is only applicable only for Non-Production setup +spring.cache.type=simple +mosip.esignet.cache.key.hash.algorithm=SHA3-256 + +# Cache size setup is applicable only for 'simple' cache type. +# Cache size configuration will not be considered with 'Redis' cache type +mosip.esignet.cache.size={'clientdetails' : 200, \ +'preauth': 200, \ +'authenticated': 200, \ +'authcodegenerated': 200, \ +'userinfo': 200, \ +'linkcodegenerated' : 500, \ +'linked': 200 , \ +'linkedcode': 200, \ +'linkedauth' : 200 , \ +'consented' :200, \ +'authtokens': 2, \ +'bindingtransaction': 200, \ +'vcissuance' : 200, \ +'apiRateLimit' : 500, \ +'blocked': 500 } + +# Cache expire in seconds is applicable for both 'simple' and 'Redis' cache type +mosip.esignet.cache.expire-in-seconds={'clientdetails' : 86400, \ +'preauth': 300,\ +'authenticated': ${mosip.esignet.authentication-expire-in-secs}, \ +'authcodegenerated': 60, \ +'userinfo': ${mosip.esignet.access-token-expire-seconds}, \ +'linkcodegenerated' : ${mosip.esignet.link-code-expire-in-secs}, \ +'linked': 120, \ +'linkedcode': ${mosip.esignet.link-code-expire-in-secs}, \ +'linkedauth' : ${mosip.esignet.authentication-expire-in-secs}, \ +'consented': 60, \ +'authtokens': 86400, \ +'bindingtransaction': 600, \ +'vcissuance': ${mosip.esignet.access-token-expire-seconds}, \ +'apiRateLimit' : 180, \ +'blocked': 300 } + +## ------------------------------------------ Discovery openid-configuration ------------------------------------------- + +mosip.esignet.domain.url=https://${mosip.esignet.farmer.host} +mosip.esignet.discovery.issuer-id=${mosip.esignet.domain.url}${server.servlet.path} + +# This property holds ./wellknown/jwks.json URL, +# for local deployments without esignet-ui nginx change the value to ${mosip.esignet.domain.url}${server.servlet.path}/oauth/.well-known/jwks.json +mosip.esignet.jwks-uri=${mosip.esignet.domain.url}/.well-known/jwks.json + +mosip.esignet.token.endpoint=${mosip.esignet.domain.url}${server.servlet.path}/oauth/v2/token + +mosip.esignet.oauth.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}/authorize' , \ + \ 'token_endpoint': '${mosip.esignet.token.endpoint}' , \ + \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ + \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ + \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'},\ + \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \ + \ 'response_modes_supported' : { 'query' }, \ + \ 'grant_types_supported' : ${mosip.esignet.supported.grant.types},\ + \ 'response_types_supported' : ${mosip.esignet.supported.response.types}} + +mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}/authorize' , \ + \ 'token_endpoint': '${mosip.esignet.token.endpoint}' ,\ + \ 'userinfo_endpoint' : '${mosip.esignet.domain.url}${server.servlet.path}/oidc/userinfo' ,\ + \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ + \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \ + \ 'response_types_supported' : ${mosip.esignet.supported.response.types}, \ + \ 'response_modes_supported' : { 'query' }, \ + \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ + \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'}, \ + \ 'userinfo_signing_alg_values_supported' : {'RS256'}, \ + \ 'userinfo_encryption_alg_values_supported' : {'RSAXXXXX'},\ + \ 'userinfo_encryption_enc_values_supported' : {'A128GCM'}, \ + \ 'id_token_signing_alg_values_supported' : {'RS256'}, \ + \ 'claim_types_supported': {'normal'}, \ + \ 'claims_parameter_supported' : true, \ + \ 'display_values_supported' : ${mosip.esignet.supported.ui.displays}, \ + \ 'subject_types_supported' : { 'pairwise' }, \ + \ 'claims_supported' : {'name','address','gender','birthdate','picture','email','phone_number','individual_id'}, \ + \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics', 'mosip:idp:acr:knowledge', 'mosip:idp:acr:password'},\ + \ 'request_parameter_supported' : false, \ + \ 'claims_locales_supported' : {'en'}, \ + \ 'ui_locales_supported' : {'en'} } + +##----------------------------------------- Database properties -------------------------------------------------------- + +mosip.esignet.database.hostname=172.31.1.102 +mosip.esignet.database.port=5432 +spring.datasource.url=jdbc:postgresql://${mosip.esignet.database.hostname}:${mosip.esignet.database.port}/mosip_esignet_farmer?currentSchema=esignet +spring.datasource.username=esignetuser +spring.datasource.password=${db.dbuser.password} + +spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL95Dialect +spring.jpa.show-sql=false +spring.jpa.hibernate.ddl-auto=none +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true + +#------------------------------------ Key-manager specific properties -------------------------------------------------- +#Crypto asymmetric algorithm name +mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING +#Crypto symmetric algorithm name +mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding +#Keygenerator asymmetric algorithm name +mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA +#Keygenerator symmetric algorithm name +mosip.kernel.keygenerator.symmetric-algorithm-name=AES +#Asymmetric algorithm key length +mosip.kernel.keygenerator.asymmetric-key-length=2048 +#Symmetric algorithm key length +mosip.kernel.keygenerator.symmetric-key-length=256 +#Encrypted data and encrypted symmetric key separator +mosip.kernel.data-key-splitter=#KEY_SPLITTER# +#GCM tag length +mosip.kernel.crypto.gcm-tag-length=128 +#Hash algo name +mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512 +#Symmtric key length used in hash +mosip.kernel.crypto.hash-symmetric-key-length=256 +#No of iterations in hash +mosip.kernel.crypto.hash-iteration=100000 +#Sign algo name +mosip.kernel.crypto.sign-algorithm-name=RS256 +#Certificate Sign algo name +mosip.kernel.certificate.sign.algorithm=SHA256withRSA + +#mosip.kernel.keymanager.hsm.config-path=local.p12 +#mosip.kernel.keymanager.hsm.keystore-type=PKCS12 +#mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.idp.pin} + +#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE +mosip.kernel.keymanager.hsm.keystore-type=PKCS11 +# For PKCS11 provide Path of config file. +# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name. +# For Offline & JCE property can be left blank, specified value will be ignored. +mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf +# Passkey of keystore for PKCS11, PKCS12 +# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties. +mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.esignet.farmer.security.pin} + + +mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io +mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER +mosip.kernel.keymanager.certificate.default.organization=IITB +mosip.kernel.keymanager.certificate.default.location=BANGALORE +mosip.kernel.keymanager.certificate.default.state=KA +mosip.kernel.keymanager.certificate.default.country=IN + +mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io +mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP +mosip.kernel.keymanager.softhsm.certificate.organization=IITB +mosip.kernel.keymanager.softhsm.certificate.country=IN + +# Application Id for PMS master key. +mosip.kernel.partner.sign.masterkey.application.id=PMS +mosip.kernel.partner.allowed.domains=DEVICE + +mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate +mosip.kernel.keymanager.jwtsign.validate.json=false +mosip.keymanager.dao.enabled=false +crypto.PrependThumbprint.enable=true + +mosip.kernel.keymgr.hsm.health.check.enabled=true +mosip.kernel.keymgr.hsm.health.key.app-id=OIDC_SERVICE +mosip.kernel.keymgr.hsm.healthkey.ref-id=TRANSACTION_CACHE +mosip.kernel.keymgr.hsm.health.check.encrypt=true + +## -------------------------------------------- IDP-UI config ---------------------------------------------------------- +# NOTE: +# 1. linked-transaction-expire-in-secs value should be a sum of 'mosip.esignet.authentication-expire-in-secs' and 'linked' cache expire in seconds under mosip.esignet.cache.expire-in-seconds property +# 2. A new Qrcode will be autogenerated before the expiry of current qr-code, and the time difference in seconds for the same is defined in wallet.qr-code-buffer-in-secs property +# 3. If esignet is deployed with MOSIP IDA, then 'resend.otp.delay.secs' must be the same as 'mosip.kernel.otp.expiry-time' + +mosip.esignet.ui.wallet.config={{'wallet.name': 'Inji Mobile App', 'wallet.logo-url': 'inji_logo.png', 'wallet.download-uri': '#', \ + 'wallet.deep-link-uri': 'inji://landing-page-name?linkCode=LINK_CODE&linkExpireDateTime=LINK_EXPIRE_DT' }} + +mosip.esignet.authenticator.default.auth-factor.kba.field-details=${mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.field-details} +mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field=${mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.individual-id-field} + +mosip.esignet.ui.signup.config={'signup.banner': true, 'signup.url': 'https://${mosip.signup.host}/signup'} +mosip.esignet.ui.forgot-password.config={'forgot-password': true, 'forgot-password.url': 'https://${mosip.signup.host}/reset-password'} + +## Configuration required to display KBI form. +# individual-id-field is set with field id which should be considered as an individual ID in the authenticate request. +# form-details holds the list of field details like below: +# id -> unique field Id, type -> holds datatype, format -> only supported for date fields, regex -> pattern to validate the input value, maxLength -> number of allowed characters +# Example: mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id': '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^[A-Za-z\\s]{1,}[\\.]{0,1}[A-Za-z\\s]{0,}$'},{'id':'dob', 'type':'date', 'format':'dd/mm/yyyy'}} +mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id':'policyNumber', 'type':'text', 'format':'', 'maxLength': 50, 'regex': ''},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '[a-zA-Z]+(\\s+[a-zA-Z]+)*'},{"id":"dob", "type":"date"}} +mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field=policyNumber + +# username.prefix -> Prefix to be appended to the username, eg: if the username is phone_number then the prefix could be the country code +# username.postfix -> This is required only when a postfix should be automatically appended to the input username +# username.regex -> Regex to be used to validate the input username +# auth.factor.kba.individual-id-field -> Field ID to be used as username in the authenticate API, Must be one of the field defined in `auth.factor.kba.field-details` +# auth.factor.kba.field-details -> List of form fields used to display for Knowledge-based authentication. eg: {{"id":"policyNumber", "type":"text", "format":""},{"id":"fullName", "type":"text", "format":""}} +mosip.esignet.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 30, \ + 'sbi.timeout.DINFO': 30, 'sbi.timeout.CAPTURE': 30, 'sbi.capture.count.face': 1, 'sbi.capture.count.finger': 1, \ + 'sbi.capture.count.iris': 1, 'sbi.capture.score.face': 70, 'sbi.capture.score.finger':70, 'sbi.capture.score.iris':70, \ + 'resend.otp.delay.secs': ${mosip.kernel.otp.expiry-time}, 'send.otp.channels' : '${mosip.esignet.authenticator.ida.otp-channels}', \ + 'captcha.sitekey' : '${mosip.esignet.captcha-validator.site-key}', 'captcha.enable' : '${mosip.esignet.captcha.required}', \ + 'auth.txnid.length' : '${mosip.esignet.auth-txn-id-length}', 'consent.screen.timeout-in-secs':${mosip.esignet.authentication-expire-in-secs}, \ + 'consent.screen.timeout-buffer-in-secs': 5, 'linked-transaction-expire-in-secs': 240, 'sbi.port.range': '4501-4600', \ + 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': ${mosip.esignet.auth-challenge.OTP.max-length}, \ + 'password.regex': '^.{8,20}$', \ + 'password.max-length': ${mosip.esignet.auth-challenge.PWD.max-length}, \ + 'username.regex': '^[0-9]{10,30}$',\ + 'username.prefix': '', \ + 'username.postfix': '', \ + 'username.max-length': 9, \ + 'username.input-type': 'number', 'wallet.config': ${mosip.esignet.ui.wallet.config}, \'signup.config': ${mosip.esignet.ui.signup.config}, \ + 'forgot-password.config': ${mosip.esignet.ui.forgot-password.config}, \ + 'error.banner.close-timer': 10,\ + 'auth.factor.kba.individual-id-field' : '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}',\ + 'auth.factor.kba.field-details': ${mosip.esignet.authenticator.default.auth-factor.kba.field-details} } + + +## ---------------------------------------------- VCI ------------------------------------------------------------------ +# Used to verify audience in the PoP JWT +mosip.esignet.vci.identifier=${mosip.esignet.domain.url} +mosip.esignet.vci.authn.filter-urls={ '${server.servlet.path}/vci/credential' } +# Change this if the VCI is used with different OAUTH2.0 server +mosip.esignet.vci.authn.issuer-uri=${mosip.esignet.discovery.issuer-id} +mosip.esignet.vci.authn.jwk-set-uri=${mosip.esignet.jwks-uri} + +mosip.esignet.vci.authn.allowed-audiences={ '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential' } + +mosip.esignet.cnonce-expire-seconds=40 +mosip.esignet.vci.supported.jwt-proof-alg={'RS256','PS256'} +mosip.esignet.vci.key-values={\ + 'v11' : {\ + 'credential_issuer': '${mosip.esignet.vci.identifier}', \ + 'credential_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential', \ + 'display': {{'name': 'Insurance', 'locale': 'en'}},\ + 'credentials_supported': {{\ + 'format': 'ldp_vc',\ + 'id': 'InsuranceCredential', \ + 'scope' : 'sunbird_rc_insurance_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'Ed25519Signature2020'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential','InsuranceCredential'},\ + 'credentialSubject': {\ + 'fullName': {'display': {{'name': 'Name','locale': 'en'}}}, \ + 'mobile': {'display': {{'name': 'Phone Number','locale': 'en'}}},\ + 'dob': {'display': {{'name': 'Date of Birth','locale': 'en'}}},\ + 'gender': {'display': {{'name': 'Gender','locale': 'en'}}},\ + 'benefits': {'display': {{'name': 'Benefits','locale': 'en'}}},\ + 'email': {'display': {{'name': 'Email Id','locale': 'en'}}},\ + 'policyIssuedOn': {'display': {{'name': 'Policy Issued On','locale': 'en'}}},\ + 'policyExpiresOn': {'display': {{'name': 'Policy Expires On','locale': 'en'}}},\ + 'policyName': {'display': {{'name': 'Policy Name','locale': 'en'}}},\ + 'policyNumber': {'display': {{'name': 'Policy Number','locale': 'en'}}}\ + }},\ + 'display': {{'name': 'Health Insurance', \ + 'locale': 'en', \ + 'logo': {'url': 'https://raw.githubusercontent.com/tw-mosip/file-server/master/StayProtectedInsurance.png', 'alt_text': 'a square logo of a StayProtected'},\ + 'background_color': '#FDFAF9',\ + 'text_color': '#7C4616'}},\ + 'order' : {'fullName','policyName','policyExpiresOn','policyIssuedOn','policyNumber','mobile','dob','gender','benefits','email'}\ + },\ + {\ + 'format': 'ldp_vc',\ + 'id': 'LifeInsuranceCredential', \ + 'scope' : 'life_insurance_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'Ed25519Signature2020'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential', 'LifeInsuranceCredential'},\ + 'credentialSubject': {\ + 'fullName': {'display': {{'name': 'Name','locale': 'en'}}}, \ + 'mobile': {'display': {{'name': 'Phone Number','locale': 'en'}}},\ + 'dob': {'display': {{'name': 'Date of Birth','locale': 'en'}}},\ + 'gender': {'display': {{'name': 'Gender','locale': 'en'}}},\ + 'benefits': {'display': {{'name': 'Benefits','locale': 'en'}}},\ + 'email': {'display': {{'name': 'Email Id','locale': 'en'}}},\ + 'policyIssuedOn': {'display': {{'name': 'Policy Issued On','locale': 'en'}}},\ + 'policyExpiresOn': {'display': {{'name': 'Policy Expires On','locale': 'en'}}},\ + 'policyName': {'display': {{'name': 'Policy Name','locale': 'en'}}},\ + 'policyNumber': {'display': {{'name': 'Policy Number','locale': 'en'}}}\ + }},\ + 'display': {{'name': 'Life Insurance', \ + 'locale': 'en', \ + 'logo': {'url': 'https://raw.githubusercontent.com/tw-mosip/file-server/master/StayProtectedInsurance.png','alt_text': 'a square logo of a StayProtected'},\ + 'background_color': '#FDFAF9',\ + 'text_color': '#7C4616'}},\ + 'order' : {'fullName','policyName','policyExpiresOn','policyIssuedOn','policyNumber','mobile','dob','gender','benefits','email'}\ + }}\ + },\ + 'latest' : {\ + 'credential_issuer': '${mosip.esignet.vci.identifier}', \ + 'credential_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential', \ + 'display': {{'name': 'Insurance', 'locale': 'en'}},\ + 'credentials_supported' : { \ + "InsuranceCredential" : {\ + 'format': 'ldp_vc',\ + 'scope' : 'sunbird_rc_insurance_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'Ed25519Signature2020'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential','InsuranceCredential'},\ + 'credentialSubject': {\ + 'fullName': {'display': {{'name': 'Name','locale': 'en'}}}, \ + 'mobile': {'display': {{'name': 'Phone Number','locale': 'en'}}},\ + 'dob': {'display': {{'name': 'Date of Birth','locale': 'en'}}},\ + 'gender': {'display': {{'name': 'Gender','locale': 'en'}}},\ + 'benefits': {'display': {{'name': 'Benefits','locale': 'en'}}},\ + 'email': {'display': {{'name': 'Email Id','locale': 'en'}}},\ + 'policyIssuedOn': {'display': {{'name': 'Policy Issued On','locale': 'en'}}},\ + 'policyExpiresOn': {'display': {{'name': 'Policy Expires On','locale': 'en'}}},\ + 'policyName': {'display': {{'name': 'Policy Name','locale': 'en'}}},\ + 'policyNumber': {'display': {{'name': 'Policy Number','locale': 'en'}}}\ + }},\ + 'display': {{'name': 'Health Insurance', \ + 'locale': 'en', \ + 'logo': {'url': 'https://raw.githubusercontent.com/tw-mosip/file-server/master/StayProtectedInsurance.png','alt_text': 'a square logo of a StayProtected'},\ + 'background_color': '#FDFAF9',\ + 'text_color': '#7C4616'}},\ + 'order' : {'fullName','policyName','policyExpiresOn','policyIssuedOn','policyNumber','mobile','dob','gender','benefits','email'}\ + },\ + "LifeInsuranceCredential":{\ + 'format': 'ldp_vc',\ + 'scope' : 'life_insurance_vc_ldp',\ + 'cryptographic_binding_methods_supported': {'did:jwk'},\ + 'cryptographic_suites_supported': {'Ed25519Signature2020'},\ + 'proof_types_supported': {'jwt'},\ + 'credential_definition': {\ + 'type': {'VerifiableCredential', 'LifeInsuranceCredential'},\ + 'credentialSubject': {\ + 'fullName': {'display': {{'name': 'Name','locale': 'en'}}}, \ + 'mobile': {'display': {{'name': 'Phone Number','locale': 'en'}}},\ + 'dob': {'display': {{'name': 'Date of Birth','locale': 'en'}}},\ + 'gender': {'display': {{'name': 'Gender','locale': 'en'}}},\ + 'benefits': {'display': {{'name': 'Benefits','locale': 'en'}}},\ + 'email': {'display': {{'name': 'Email Id','locale': 'en'}}},\ + 'policyIssuedOn': {'display': {{'name': 'Policy Issued On','locale': 'en'}}},\ + 'policyExpiresOn': {'display': {{'name': 'Policy Expires On','locale': 'en'}}},\ + 'policyName': {'display': {{'name': 'Policy Name','locale': 'en'}}},\ + 'policyNumber': {'display': {{'name': 'Policy Number','locale': 'en'}}}\ + }},\ + 'display': {{'name': 'Life Insurance', \ + 'locale': 'en', \ + 'logo': {'url': 'https://raw.githubusercontent.com/tw-mosip/file-server/master/StayProtectedInsurance.png','alt_text': 'a square logo of a StayProtected'},\ + 'background_color': '#FDFAF9',\ + 'text_color': '#7C4616'}},\ + 'order' : {'fullName','policyName','policyExpiresOn','policyIssuedOn','policyNumber','mobile','dob','gender','benefits','email'}\ + }}\ + }\ +} + +## -------------------------------------------- Others ---------------------------------------------------------- + +logging.level.org.springframework.web.client.RestTemplate=DEBUG +logging.level.io.mosip.esignet=DEBUG + +##---------------------------------Sunbird-RC Plugin Configurations------------------------------------------------------ + +mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.individual-id-field=${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field} +mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.field-details=${mosip.esignet.authenticator.default.auth-factor.kba.field-details} +mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.registry-search-url=${mosip.sunbird.url}/api/v1/Insurance/search +mosip.esignet.authenticator.sunbird-rc.kba.entity-id-field=osid + +mosip.esignet.vciplugin.sunbird-rc.enable-psut-based-registry-search=false +mosip.esignet.vciplugin.sunbird-rc.issue-credential-url=${mosip.sunbird.url}/credentials-service/credentials/issue +mosip.esignet.vciplugin.sunbird-rc.supported-credential-types=LifeInsuranceCredential,InsuranceCredential +mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.static-value-map.issuerId=did:web:api.dev1.mosip.net:identity-service:8ebda1d0-665b-4bb7-abc7-d4bf56b6ee09 +mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.template-url=${spring_config_url_env}/*/${active_profile_env}/${spring_config_label_env}/insurance-credential.json +mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.registry-get-url=${mosip.sunbird.url}/api/v1/Insurance/ +mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.cred-schema-id=did:schema:e1f8df1d-c46c-483c-a882-3fc823666b9f +mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.cred-schema-version=1.0.0 +mosip.esignet.vciplugin.sunbird-rc.credential-type.InsuranceCredential.registry-search-url=${mosip.sunbird.url}/api/v1/Insurance/search + +mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.static-value-map.issuerId=did:web:api.dev1.mosip.net:identity-service:8ebda1d0-665b-4bb7-abc7-d4bf56b6ee09 +mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.template-url=${spring_config_url_env}/*/${active_profile_env}/${spring_config_label_env}/life-insurance-credential.json +mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.registry-get-url=${mosip.sunbird.url}/api/v1/Insurance/ +mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.cred-schema-id=did:schema:e1f8df1d-c46c-483c-a882-3fc823666b9f +mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.cred-schema-version=1.0.0 +mosip.esignet.vciplugin.sunbird-rc.credential-type.LifeInsuranceCredential.registry-search-url=${mosip.sunbird.url}/api/v1/Insurance/search \ No newline at end of file