Auth Partner certificate not matching with signature header during esignet send otp

Dear MOSIP Team,

I have deployed MOSIP v1.2.0.1 on prem with Esignet v1.5.0 with mosipid plugin. I have done onboarding of Auth partner as well by doing self registration and uploading ROOT, INTERMEDIATE and PARTNER certificates, however the certificates did not sync with IDA and thus the tables ca_cert_store, partner_data, partner_mapping, oidc_client_data in mosip_ida db were empty, so I manually copied the data from keymgr db.

I am able to create oidc client as well but /v1/esignet/authorization/send-otp endpoint is failing :

POST /v1/esignet/authorization/send-otp
Request Body:

{
    "requestTime": "2025-09-18T18:34:25.978Z",
    "request": {
        "transactionId": "NIKIfv2Kwz2twvF622SHNBFJz7-pNZG9IUXbBJHWeMU",
        "individualId": "4276980951",
        "otpChannels" : ["email"],
        "captchaToken" : "dummy"
    }
}

Response Body:

{
    "responseTime": "2025-09-18T18:32:58.961Z",
    "response": null,
    "errors": [
        {
            "errorCode": "IDA-MLC-007",
            "errorMessage": "IDA-MLC-007"
        }
    ]
}

These are Logs from IDA-OTP pod:

{"@timestamp":"2025-09-18T10:44:57.656Z","@version":"1","message":"sessionId - Event_filter - BaseIDAFilter - Data size of request : 0.18359375 kb","logger_name":"io.mosip.authentication.common.service.filter.BaseIDAFilter","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.666Z","@version":"1","message":"SignatureSessionId - JWTSignature -  - Certificate found in JWT Header.","logger_name":"io.mosip.kernel.signature.service.impl.SignatureServiceImpl","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.758Z","@version":"1","message":"pcSessionId - CertTrustPathValidation -  - Certificate Trust Path Validation.","logger_name":"io.mosip.kernel.partnercertservice.service.impl.PartnerCertificateManagerServiceImpl","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.760Z","@version":"1","message":"pcSessionId - CertTrustPathValidation -  - Certificate Trust Path Validation for domain: AUTH","logger_name":"io.mosip.kernel.partnercertservice.service.impl.PartnerCertificateManagerServiceImpl","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.760Z","@version":"1","message":"pcSessionId -  -  - Loading CA TrustStore Cache for partnerDomain: AUTH","logger_name":"io.mosip.kernel.partnercertservice.service.impl.PartnerCertificateManagerServiceImpl","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.808Z","@version":"1","message":"pcSessionId - CertTrustPathValidation -  - Certificate Trust Path Validation for domain: AUTH","logger_name":"io.mosip.kernel.partnercertservice.service.impl.PartnerCertificateManagerServiceImpl","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.809Z","@version":"1","message":"pcSessionId - CertTrustPathValidation -  - Total Number of ROOT Trust Found: 9","logger_name":"io.mosip.kernel.partnercertservice.service.impl.PartnerCertificateManagerServiceImpl","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.809Z","@version":"1","message":"pcSessionId - CertTrustPathValidation -  - Total Number of INTERMEDIATE Trust Found: 20","logger_name":"io.mosip.kernel.partnercertservice.service.impl.PartnerCertificateManagerServiceImpl","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.830Z","@version":"1","message":"mpartner-default-auth - IdAuthSecurityManager - verifySignature - SIGNATURE VALID : true - TRUST VALID : true","logger_name":"io.mosip.authentication.common.service.transaction.manager.IdAuthSecurityManager","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.835Z","@version":"1","message":"sessionId - io.mosip.authentication.otp.service.filter.OTPFilter - getAuthPart - List of Path Parameters received in url: 7DZdwPjCutzNCb7J9AE6wG7AJeTG2kCjMxR4GmttfHQbtgZ0v0, authpartner-egt2, EXsoI-Jr33hB3Fr0Eocsov4Pcd34T5fOSX55uaNi6sM","logger_name":"io.mosip.authentication.common.service.filter.IdAuthFilter","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.862Z","@version":"1","message":"IDA - PartnerServiceManager - OIDC_client_validation - Checking for OIDC client exists or not","logger_name":"io.mosip.authentication.common.service.integration.PartnerServiceManager","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.862Z","@version":"1","message":"IDA - PartnerServiceManager - signature-header-certificate - Header Certificate: 56DB6953F3C7FBFD0A7052B17413D015935D16BAE17A30E82B0437F05E189AFB","logger_name":"io.mosip.authentication.common.service.integration.PartnerServiceManager","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.865Z","@version":"1","message":"IDA - PartnerServiceManager - isCertificateMatching - Warn - Comparing header certificate with DB Certificate.","logger_name":"io.mosip.authentication.common.service.integration.PartnerServiceManager","thread_name":"http-nio-8092-exec-9","level":"WARN","level_value":30000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.869Z","@version":"1","message":"sessionId - Event_filter - BaseIDAFilter - \nio.mosip.authentication.core.exception.IdAuthenticationAppException: IDA-MPA-021 --> Partner (Auth) Certificate not matching with signature header certificate.; \nnested exception is io.mosip.authentication.core.exception.IdAuthenticationBusinessException: IDA-MPA-021 --> Partner (Auth) Certificate not matching with signature header certificate.\n\tat io.mosip.authentication.common.service.filter.IdAuthFilter.getPartnerPolicyInfo(IdAuthFilter.java:436)\n\tat io.mosip.authentication.common.service.filter.IdAuthFilter.validateDecipheredRequest(IdAuthFilter.java:398)\n\tat io.mosip.authentication.common.service.filter.BaseAuthFilter.decipherAndValidateRequest(BaseAuthFilter.java:95)\n\tat io.mosip.authentication.common.service.filter.BaseAuthFilter.consumeRequest(BaseAuthFilter.java:76)\n\tat io.mosip.authentication.common.service.filter.BaseIDAFilter.doFilter(BaseIDAFilter.java:165)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:84)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat io.mosip.kernel.websub.api.filter.MultipleReadRequestBodyFilter.doFilter(MultipleReadRequestBodyFilter.java:28)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)\n\tat org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)\n\tat org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)\n\tat org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)\n\tat org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)\n\tat org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.cloud.sleuth.instrument.web.ExceptionLoggingFilter.doFilter(ExceptionLoggingFilter.java:48)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat brave.servlet.TracingFilter.doFilter(TracingFilter.java:86)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)\n\tat io.mosip.kernel.core.logger.config.SleuthValve.invoke(SleuthValve.java:36)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)\n\tat org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:615)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1627)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.base/java.lang.Thread.run(Thread.java:829)\nCaused by: io.mosip.authentication.core.exception.IdAuthenticationBusinessException: IDA-MPA-021 --> Partner (Auth) Certificate not matching with signature header certificate.\n\tat io.mosip.authentication.common.service.integration.PartnerServiceManager.validatePartnerMappingDetails(PartnerServiceManager.java:262)\n\tat io.mosip.authentication.common.service.integration.PartnerServiceManager.validateAndGetPolicy(PartnerServiceManager.java:123)\n\tat io.mosip.authentication.common.service.integration.PartnerServiceManager$$FastClassBySpringCGLIB$$5e4a8822.invoke(<generated>)\n\tat org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)\n\tat org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)\n\tat org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)\n\tat org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)\n\tat org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)\n\tat io.mosip.authentication.common.service.integration.PartnerServiceManager$$EnhancerBySpringCGLIB$$45f68e82.validateAndGetPolicy(<generated>)\n\tat io.mosip.authentication.common.service.impl.patrner.PartnerServiceImpl.validateAndGetPolicy(PartnerServiceImpl.java:51)\n\tat io.mosip.authentication.common.service.filter.IdAuthFilter.getPartnerPolicyInfo(IdAuthFilter.java:433)\n\t... 85 more\n","logger_name":"io.mosip.authentication.common.service.filter.BaseIDAFilter","thread_name":"http-nio-8092-exec-9","level":"ERROR","level_value":40000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.887Z","@version":"1","message":"SignatureSessionId - JWTSignature -  - JWT Signature Request.","logger_name":"io.mosip.kernel.signature.service.impl.SignatureServiceImpl","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.892Z","@version":"1","message":"sessionId - IDA - SIGN - Valid reference Id. Getting key alias with referenceId","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.892Z","@version":"1","message":"sessionId -  -  - Getting key alias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.894Z","@version":"1","message":"sessionId - IDA - SIGN - PreExpireDays found as key policy:60","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.894Z","@version":"1","message":"sessionId - keyAlias - [KeyAlias(alias=fe4bfd6b-cf6e-4585-bfe0-983042897663, applicationId=IDA, referenceId=SIGN, keyGenerationTime=2025-07-07T08:32:53.470600, keyExpiryTime=2028-07-06T08:32:53.470600, status=null, certThumbprint=31FCA2152D6B717FD6270CAB0A5AA49A83E9714183F68E2A981E82D6137CE4BF, uniqueIdentifier=496081BFEFA29988A8EED23421EDFB312EBC6DF0)] - keyAlias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.894Z","@version":"1","message":"sessionId - currentKeyAlias - [KeyAlias(alias=fe4bfd6b-cf6e-4585-bfe0-983042897663, applicationId=IDA, referenceId=SIGN, keyGenerationTime=2025-07-07T08:32:53.470600, keyExpiryTime=2028-07-06T08:32:53.470600, status=null, certThumbprint=31FCA2152D6B717FD6270CAB0A5AA49A83E9714183F68E2A981E82D6137CE4BF, uniqueIdentifier=496081BFEFA29988A8EED23421EDFB312EBC6DF0)] - currentKeyAlias","logger_name":"io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.894Z","@version":"1","message":"sessionId - currentKeyAlias - fe4bfd6b-cf6e-4585-bfe0-983042897663 - CurrentKeyAlias size is one. Will fetch keypair using this alias","logger_name":"io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}
{"@timestamp":"2025-09-18T10:44:57.955Z","@version":"1","message":"sessionId - Event_filter - BaseIDAFilter - response at : 2025-09-18T10:44:57.910Z","logger_name":"io.mosip.authentication.common.service.filter.BaseIDAFilter","thread_name":"http-nio-8092-exec-9","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"875095be31b09114","spanId":"875095be31b09114","spanExportable":"false","X-Span-Export":"false","X-B3-SpanId":"875095be31b09114","X-B3-TraceId":"875095be31b09114"}

Although I have base64 encoded the auth partner certificate and then inserted into ida.partner_data, still I’m facing certificate not matching issue.

Please check and help me on this.

Can someone please help on this?

Hello @Durgesh

Apologies for the delayed response.

Regarding eSignet with MOSIPID plugin, eSignet invokes the IDA APIs for identity authentication. From the MOSIP IDA perspective, eSignet is considered an authentication partner. Therefore, you need to add the eSignet certificate to the ida.partner_data table, rather than the relying party partner certificate.

The certificate thumbprint used during signing is logged as follows: 56DB6953F3C7FBFD0A7052B17413D015935D16BAE17A30E82B0437F05E189AFB. You can compare this thumbprint with the manually added certificate thumbprint for verification.

Please add the eSignet certificate to the partner_data table and then retry.

Note: MOSIP does not recommends direct modifications to the database. Instead, follow the standard setup procedures to ensure data is populated automatically in the respective tables.

Thanks,

Mahammed Taheer

Hi @mahammedtaheer ,
Thanks for the response. Do you have any idea on why the data may not be syncing automatically?

Hello @Durgesh

If you have deployed all MOSIP platform components, including WebSub, DataShare, and PMS, the partner-related data should automatically populate in the IDA database.

Has the issue been resolved after updating the eSignet certificate?

Thanks,

Mahammed Taheer

Hi @mahammedtaheer ,

After updating the certificate_data with eSignet certificate for the Auth Partner, the issue is resolved, but now I’m getting UIN not available in database error.

{"@timestamp":"2025-09-23T11:45:48.197Z","@version":"1","message":"sessionId - class io.mosip.authentication.core.exception.IdAuthenticationBusinessException - IDA-MLC-018 - UIN not available in database","logger_name":"io.mosip.authentication.otp.service.controller.OTPController","thread_name":"http-nio-8092-exec-7","level":"ERROR","level_value":40000,"appName":"id-authentication,id-authentication-otp","traceId":"01205fede1a71467","spanExportable":"false","req.requestURI":"/idauthentication/v1/otp/7DZdwPjCutzNCb7J9AE6wG7AJeTG2kCjMxR4GmttfHQbtgZ0v0/authpartner-egt2/EXsoI-Jr33hB3Fr0Eocsov4Pcd34T5fOSX55uaNi6sM","X-Span-Export":"false","req.method":"POST","req.userAgent":"Apache-HttpClient/4.5.13 (Java/11.0.16)","spanId":"01205fede1a71467","X-B3-SpanId":"01205fede1a71467","X-B3-TraceId":"01205fede1a71467","req.remoteHost":"127.0.0.6","req.requestURL":"http://ida-otp.ida/idauthentication/v1/otp/7DZdwPjCutzNCb7J9AE6wG7AJeTG2kCjMxR4GmttfHQbtgZ0v0/authpartner-egt2/EXsoI-Jr33hB3Fr0Eocsov4Pcd34T5fOSX55uaNi6sM"}
{"@timestamp":"2025-09-23T11:45:48.197Z","@version":"1","message":"Inside sendEvents ondemand extraction","logger_name":"io.mosip.authentication.common.service.websub.impl.OndemandTemplateEventPublisher","thread_name":"http-nio-8092-exec-7","level":"INFO","level_value":20000,"appName":"id-authentication,id-authentication-otp","traceId":"01205fede1a71467","spanExportable":"false","req.requestURI":"/idauthentication/v1/otp/7DZdwPjCutzNCb7J9AE6wG7AJeTG2kCjMxR4GmttfHQbtgZ0v0/authpartner-egt2/EXsoI-Jr33hB3Fr0Eocsov4Pcd34T5fOSX55uaNi6sM","X-Span-Export":"false","req.method":"POST","req.userAgent":"Apache-HttpClient/4.5.13 (Java/11.0.16)","spanId":"01205fede1a71467","X-B3-SpanId":"01205fede1a71467","X-B3-TraceId":"01205fede1a71467","req.remoteHost":"127.0.0.6","req.requestURL":"http://ida-otp.ida/idauthentication/v1/otp/7DZdwPjCutzNCb7J9AE6wG7AJeTG2kCjMxR4GmttfHQbtgZ0v0/authpartner-egt2/EXsoI-Jr33hB3Fr0Eocsov4Pcd34T5fOSX55uaNi6sM"}

Again it seems to be sync issue as I’m using correct UIN. I have deployed all the components you mentioned.

Hello @Durgesh

Thank you for confirming that the certificate issue has been resolved.

Could you please verify if there are any records available in the identity_cache table regarding the UIN not available in database error?

Additionally, how are you populating the identity data in IDA DB?

Thanks,

Mahammed Taheer

Hi @mahammedtaheer ,

Thank you for the response.

No, there are no records in identity_cache table, it is completely empty.

The data did not sync so I manually copied data into different tables like partner_data, partner_mapping, oidc_client_data, uin_hash_salt, etc. I know this is not the ideal way but I wanted to test the otp functionality.

Could you please help on why this data may not be syncing although I have deployed all the components? Can’t see any errors in websub logs though.

Hello @Durgesh

Is the IDA internal service up and running? Kindly check the logs for any errors in IDA internal service.

Are there any records available in credential_event_store table?

Also, how did you received the UIN for authentication?

Thanks,

Mahammed Taheer

Hi @mahammedtaheer ,

Yes, IDA internal service is up and running. There are no errors in IDA internal service.

credential_event_store table is empty.

I received UIN from this endpoint :

GET /idrepository/v1/identity/idvid/<RID>?type=bio

Hello @Durgesh

credential_event_store table is empty means there is no identity is pushed to IDA.

Can you check any records in credential_transaction table which is available in mosip_credential DB.

Thanks,

Mahammed Taheer

Hi @mahammedtaheer ,

Thank you for the response.

These are the records from credential_transaction table with respect to the last packet I processed

image1816×164 22 KB

Hello @Durgesh

Since the records are present in the credential_transaction table, it appears that the data is not being pushed to IDA via WebSub. Please check for any issues with the WebSub data push to the IDA component in the IDA internal service.

Thanks,

Mahammed Taheer

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.