Hello Community,
what do i have to do to make my biometic devices detected in registration client?
Hey @mazboko
May I know which biometric device you are using and where you have deployed the registration client? If it’s in the testing environment are you facing issues with Mock MDS setup?
To know more about Biometric Devices click here.
Best Regards,
Team MOSIP
Hello @sanchi-singh24
I am using a logitech webcam and my reg client is running on a dell laptop.
I have a v3 deployment in my enviroment.
Hello @mazboko, Please let us know, which Vendor MDS using for biometric Devices ? Did you configured Logitech webcam with MDS ?
1 Like
Hello @thamarai_kannan
I added the device under admin portal. How do i configure the Logitech webcam with MDS?
Hello @thamarai_kannan
some help please
Dear @mazboko
Real Camera will support only from Vendor MDS. You can select vendor MDS From marketplace (https://marketplace.mosip.io/).
However By Using MOCK MDS, we can use mock biometrics for testing purpose.
To Configure MOCK MDS, please follow the below steps
https://mosip.atlassian.net/wiki/spaces/QT/pages/621215755/Device+Certificate+Upload+Steps
Hello @thamarai_kannan The link to the steps for configuring MOCK MDS is resgricted. Am unable to access it.
Hi @mazboko
Follow the below steps :
The attachment here for CA_CERT_UTILITY is a certificate creation utility that uses shell script commands being executed sequentially to generate valid certificates. For Linux machines running the script is easy but Windows machines will need the git installed or need the OpenSSL application installed in the machine.
Below are the steps for execution:
Note: Change the environment as per the server running in the mentioned swagger link where ever accessing the swagger is accessed.
1. Create a Device Partner using the Partner Management Swagger
Swagger Endpoint: https://{baseURL}/v1/partnermanager/swagger-ui.html#
Example :
2. Create Mock CA, Sub CA and Partner certificates using CA Cert Utility
- Run the
"create-certs.sh" - Sequentially create the certificates for CA, SUBCA and Partner(also known as client),
CA
SUB CA
Partner (Note: the name passed in the partner creation has to be used to create a client certificate)
After the completion of the above steps, the certificates are created in the same folder. The required certificate sheets are highlighted below.
Open the .crt files in “notepad++” to see the certificate file.
Note: Above flow is just a mimic of a real scenario, in our system we will use the existing MOSIP certificates as below.
3. Manual Insertion of the Root(CA cert) and SubRoot(PMS certificate) - Only for the 1.1.5 build
**
Please note Step 3 is not needed for 1.2.0 or above versions of MOSIP as here the ROOT and PMS certificates are added during startup. This steps is only needed for the 1.1.5.x versions of MOSIP.
**
Manual insertion is required as these certificates need to be present in the master.ca_cert_store table.
URL: https://{baseURL}/v1/keymanager/swagger-ui.html#/keymanager
Get the Root certificate by using the get certificate API and setting the application ID as “ROOT“
Insert the ROOT certificate from the response in the master.ca_cert_store table
INSERT INTO master.ca_cert_store (cert_id,cert_subject,cert_issuer,issuer_id,cert_not_before,cert_not_after,crl_uri,cert_data,cert_thumbprint,cert_serial_no,partner_domain,cr_by,cr_dtimes,upd_by,upd_dtimes,is_deleted,del_dtimes) VALUES
('3402d011-3755-4fe3-b389-d137d1071b79','CN=www.mosip.io,OU=MOSIP-TECH-CENTER,O=IITB,L=BANGALORE,ST=KA,C=IN','CN=www.mosip.io,OU=MOSIP-TECH-CENTER,O=IITB,L=BANGALORE,ST=KA,C=IN','d9d3622a-37b8-4442-aee4-0bb0bd2c4b74','2021-05-12 11:25:00.000','2024-05-06 11:25:00.000',NULL,'-----BEGIN CERTIFICATE-----
MIIDlDCCAnygAwIBAgIIRruz8cS+fb0wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE
BhMCSU4xCzAJBgNVBAgMAktBMRIwEAYDVQQHDAlCQU5HQUxPUkUxDTALBgNVBAoM
BElJVEIxGjAYBgNVBAsMEU1PU0lQLVRFQ0gtQ0VOVEVSMRUwEwYDVQQDDAx3d3cu
bW9zaXAuaW8wHhcNMjEwMzEwMTAzNjAwWhcNMjYwMzEwMTAzNjAwWjBwMQswCQYD
VQQGEwJJTjELMAkGA1UECAwCS0ExEjAQBgNVBAcMCUJBTkdBTE9SRTENMAsGA1UE
CgwESUlUQjEaMBgGA1UECwwRTU9TSVAtVEVDSC1DRU5URVIxFTATBgNVBAMMDHd3
dy5tb3NpcC5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALpZzgZy
LpNL4zvUEq3sO+ZRHthhIu3YedUP65aXPWToXgQGTW4xE4hxpShf/oYFlzK5DAkt
pSt3ESxa2VYbKULs70hzyD0dvGsvhF4j53UP9neRjvcbPke1Gi7IDM9bU9fHcLnW
AfGdr7AmuhksKiSva3QEviGHG1t92QnlBasyRuk96fRt5HcQe40swYcgd8ODqU37
LFLI1QGfbLYxDsnYQ1y/YLsrve70EF/HGoAjPrA1cYBsW/jGnmLZCU3BOV/4wSMO
dFJoHgdKnl96R187e8Yg19iZ4sDaWqoC91oLkTBtRqeTWI1gjiJAC0R5bcAl8RIU
xYwVhM/rLrO3nl0CAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
u5hT8wY+nVvfUe9t7LKHxGozqt4wDQYJKoZIhvcNAQELBQADggEBABrRVgNRybd9
S1YQbEGY8+xa58tldM08m1sorhFhtvv95pvMTEKgeoxAr0BFSewZCaVnqzSewmcA
yMRGeTACEeNJZSTKKTif2y6PsieXuJC6R0rSUI5/8qDBByrfxP2e1rMQh1olJtUW
Nk8oQOu82+k9vOZn3ZvqS0yPxgi5x3A23yBpgUX4OqK5j69h8AmIt3EtXGJK76ie
/bWfiqjdEdp2cJfnInHuZRvRY3DcajtJ3kCqfcX0OCmZMHvYqnaUOVy9PNfszQYh
XxBKKdg0wuDVSFe1k/lYQ+ScG9qKyk+61wDBC4P/R97+trN9b7+imsQImjkLxrOl
DvInt/Ne62s=-----END CERTIFICATE-----','3402d011-3755-4fe3-b389-d137d1071b79','5096865254269156797','DEVICE','SYSTEM',now(),NULL,NULL,false,NULL)
;
Get the PMS certificate by using the get certificate API and setting the application ID as “PMS“
Insert the PMS certificate from the response in the master.ca_cert_store table
INSERT INTO master.ca_cert_store (cert_id,cert_subject,cert_issuer,issuer_id,cert_not_before,cert_not_after,crl_uri,cert_data,cert_thumbprint,cert_serial_no,partner_domain,cr_by,cr_dtimes,upd_by,upd_dtimes,is_deleted,del_dtimes) VALUES
('c9dcbc9e-7577-4ae8-9f62-bc5e2c626cd5','CN=www.mosip.io,OU=MOSIP-TECH-CENTER (PMS),O=IITB,L=BANGALORE,ST=KA,C=IN','CN=www.mosip.io,OU=MOSIP-TECH-CENTER,O=IITB,L=BANGALORE,ST=KA,C=IN','3402d011-3755-4fe3-b389-d137d1071b79','2020-11-20 11:25:00.000','2023-11-20 11:25:00.000',NULL,'-----BEGIN CERTIFICATE-----
MIIDmjCCAoKgAwIBAgIIpScE1GBNZwUwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE
BhMCSU4xCzAJBgNVBAgMAktBMRIwEAYDVQQHDAlCQU5HQUxPUkUxDTALBgNVBAoM
BElJVEIxGjAYBgNVBAsMEU1PU0lQLVRFQ0gtQ0VOVEVSMRUwEwYDVQQDDAx3d3cu
bW9zaXAuaW8wHhcNMjEwNTA2MTQwOTQwWhcNMjQwNTA1MTQwOTQwWjB2MQswCQYD
VQQGEwJJTjELMAkGA1UECAwCS0ExEjAQBgNVBAcMCUJBTkdBTE9SRTENMAsGA1UE
CgwESUlUQjEgMB4GA1UECwwXTU9TSVAtVEVDSC1DRU5URVIgKFBNUykxFTATBgNV
BAMMDHd3dy5tb3NpcC5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AL5mAhnVD24iGShd5LtupPC/UdaUGygh34gT3cBVxTDMaw+2TmHZmkg6PfrSwR7R
2+CBhv6G3QrE3MxmG690SRSh21vtVW92P/ylvu0RQVpItoU85tIImu/QCq1WRrSJ
4MFXFGhqjSqKjStY/gC27whn6YJ1dOGnhC+hlFc4hJNTO9aGXJnzNRLe5ocK7ZzB
XDV/OI++fkKNY6XE4lfhKciRLAR2N5jb4iyj/+l8AgS2TkL9lEvHqXJF18ZjMv/V
02k5AWFktqOvPXZnezdx+7tw80LsAN3/VgprusZ9z7TRMyUjRNazpesd2z1cZfLX
wLFBrL909/XKvfSftsS5TIsCAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
HQ4EFgQUa60OEIGpS1WmzkSn5QQpf5F9U5gwDQYJKoZIhvcNAQELBQADggEBAEw3
7jGL15kp8JiLJ1bANyhUMCvU8vmvwPbrdFIbQHuJnD+h1OWKqunPPe4RFDHrO/5W
zMYeVIuo0Bc6ZOd3N3SQH8x8x6zzzYFCuwzref1y8esnF4o4t0/+R4IvNEROgMRs
13Ccc16h1DoAkdvqyeOv1Z2nlt7byAX2K0yohmN2ek3kFWAGHNWsammQbynkKsAS
qIjoIO/zKaugIrGR3IuhJ/bmxKAMuSHUIAio3+M1krnwae06chKHC2pI1+2ApjUA
c5VPY455NX06LN6u0uRuQ7HHCHCECJu931E0Z9wkIzq4zmARC6D7Gy0UjHYePgOx
W0XO7P9lROIGxbBVne4=
-----END CERTIFICATE-----',NULL,'-6546258223164463355','DEVICE','SYSTEM',now(),NULL,NULL,false,NULL)
;
4. Steps to upload certificates
Note: All the certificate has to be uploaded sequentially only, for below it will be,
RootCA → IntermediateCA → Client
a. Upload CA & Intermediate CA Certificates
URL: https://{baseURL}/v1/partnermanager/swagger-ui.html#/Partner%20Service%20Controller/uploadCACertificateUsingPOST
Request:
{
"id": "string",
"metadata": {},
"request": {
"certificateData": "<Ceritificate Data>",
"partnerDomain": "DEVICE"
},
"requesttime": "",
"version": "string"
}
b. Upload partner certificate
URL: https://qa2.mosip.net/v1/partnermanager/swagger-ui.html#/Partner%20Service%20Controller/uploadPartnerCertificateUsingPOST_1
Request: (Assuming partnerID was “DP2“)
{
"id": "string",
"metadata": {},
"request": {
"certificateData": "string",
"partnerDomain": "DEVICE",
"partnerId": "DP2"
},
"requesttime": "",
"version": "string"
}
Note:
The certificate is a signed response where the trust chain has been changed to the MOSIP.
This certificate is uploaded in the keymanager DB “Partner_cert_store“ table and then master.ca_cert_store table fetches the partner signed certificate using websub.
So, 3 certificates should be visible atleast (Mosip-root, PMS, signed partner certificate). The Partner certificate can increase depending on the numbers of certificates being uploaded.
Response of the above request is then saved with the name “mosip-signed.crt” in the same directory like
Run “create-device-keystore.sh” and enter values as below:
Note: The important point is highlighted { entered values name: FACE, password: mosipface } these are required fields and need to be passed in the mock MDS build.
Once all Certificates are created, you will find a list of files in the same directory below
Setting up the MOCK MDS
tO download the latest mock MDS .zip click here.
The device certificates created need to be placed in the certificate paths as highlighted below in the mock MDS:
The application.property file needs to be modified as below after placing the certificates in the below path.
Below is for reference what needs to be changed before building the Mock MDS.
Build the MDS in the command prompt in the same directory where the pom file exists (run “mvn clean install” )
I hope the above steps given in detail will help you with the setup and in case of any queries let us know
Best Regards,
Team MOSIP
Thank you @sanchi-singh24
Let me try it.
1 Like
Hello @sanchi-singh24
I get an Aunthentication Failed Error at the part of patner certicate upload
"errorCode": "KER-ATH-401",
"message": "Authentication Failed"
How do i go past this?
Hi @mazboko
can you authenticate with your partner ID and password?
when u upload the partner certificate?
use the authentication endpoint which has the option for password.
Thanks,
Rounak
Hello @nayakrounak
When creating device patner using Patner Management Swagger, no password is specified. How do i authenticate with the Patner ID and password?
Sorry @mazboko , I was not aware of your use case.
Can you please confirm the version of MOSIP that you are using - 1.1.5.5 & below or 1.2.0 and above?
With this, I can help you better.
Thanks,
Rounak
Hello @nayakrounak
I am using v1.2.0.1-B3
Thanks
1 Like
Hello @nayakrounak
Any ideas on how to go past my problem?
Hi @mazboko
Do you have access to Keycloak for your environment?
As per the 1.2.0.1-B3 configurations
For the Above API you need a authorization token with one of the below roles:
Hence, please go to keycloak first and create a user with the role PARTNER_ADMIN or add the role PARTNER_ADMIN to one of the existing users.
Now perform authentication using the authentication and authorization endpoints of MOSIP to get the auth token with the role PARTNER_ADMIN.
Swagger endpoint:
https://api-internal.collab.mosip.net/v1/authmanager/swagger-ui/index.html?configUrl=/v1/authmanager/v3/api-docs/swagger-config#
(please change the domain URL)
You can use /authenticate/clientidsecretkey endpoint for authentication if you have the credential for clientID and secret with the role PARTNER_ADMIN or you can go for authenticate/useridpwd endpoint if you have user credentials.
You can check out this post by me, where I have explained how to use MOSIP APIs, which need authentication (API Type 2).
Hello @nayakrounak
Many thanks. Suceeded with creation of mosip-signed.crt. However, creation of signed-Device.crt fails with Could not read CA certificate from mosip-signed.crt error. I do confirm certificate information as