eSignet Get OTP Error

Dear MOSIP Team,

I have followed all the necessary steps based on the documentation and readme file, and I have successfully started the Signet service and mock identity service. However, when I reach the login with OTP page and enter my individual ID 8267411571, I receive an “Invalid VID” error.

Could you please provide guidance on how I can obtain a valid VID?

Best regards,
[Michael]

Dear @Michael ,

Thank you for reaching out, We are looking into your query and one of our expert colleague will respond here with solution input.

Best Regards
Team MOSIP

@swahsek , …Any Update please?

Hello @Melkamu_Atalel and @Michael
please share with us the version of the esignet that you are trying to run and the logs and application.properties file too. This information will be helpful for us to address your issue to the point.

Thanks & Regards,
Team MOSIP.

Thank you for your response. I am currently using Esignet version 1.4.1 and Esignet Mock Services version 0.9.3.

and this is my application.properties file

This Source Code Form is subject to the terms of the Mozilla Public

License, v. 2.0. If a copy of the MPL was not distributed with this

file, You can obtain one at Mozilla Public License, version 2.0.

------------------------------------------------- e-Signet ----------------------------------------------------------

mosip.esignet.misp.license.key=idp-dev-misp-lic-key
mosip.esignet.amr-acr-mapping-file-url=https://raw.githubusercontent.com/mosip/mosip-config/collab1/amr-acr-mapping.json

mosip.esignet.supported-id-regex=\S*
mosip.esignet.id-token-expire-seconds=3600
mosip.esignet.access-token-expire-seconds=3600
mosip.esignet.link-code-expire-in-secs=60
mosip.esignet.authentication-expire-in-secs=60
mosip.esignet.cnonce-expire-seconds=20

Auth challenge type & format mapping. Auth challenge length validations for each auth factor type.

mosip.esignet.auth-challenge.OTP.format=alpha-numeric
mosip.esignet.auth-challenge.OTP.min-length=6
mosip.esignet.auth-challenge.OTP.max-length=6

mosip.esignet.auth-challenge.PWD.format=alpha-numeric
mosip.esignet.auth-challenge.PWD.min-length=8
mosip.esignet.auth-challenge.PWD.max-length=30

mosip.esignet.auth-challenge.BIO.format=encoded-json
mosip.esignet.auth-challenge.BIO.min-length=500
mosip.esignet.auth-challenge.BIO.max-length=4000

mosip.esignet.auth-challenge.WLA.format=jwt
mosip.esignet.auth-challenge.WLA.min-length=500
mosip.esignet.auth-challenge.WLA.max-length=500

mosip.esignet.auth-challenge.KBA.format=base64url-encoded-json
mosip.esignet.auth-challenge.KBA.min-length=50
mosip.esignet.auth-challenge.KBA.max-length=100

mosip.esignet.auth-challenge.PIN.format=number
mosip.esignet.auth-challenge.PIN.min-length=4
mosip.esignet.auth-challenge.PIN.max-length=4

Endpoints required to have oauth-details-hash and oauth-details-key HTTP header

mosip.esignet.header-filter.paths-to-validate={‘${server.servlet.path}/authorization/send-otp’,
‘${server.servlet.path}/authorization/authenticate’,
‘${server.servlet.path}/authorization/v2/authenticate’,
‘${server.servlet.path}/authorization/v3/authenticate’,
‘${server.servlet.path}/authorization/auth-code’}

#This property is used for captcha validation and allowed values are send-otp and pwd.
#captcha validation is enabled for send-otp and pwd. Default value= send-otp,pwd
mosip.esignet.captcha.required=false

------------------------------------------ e-Signet binding ---------------------------------------------------------

mosip.esignet.binding.salt-length=16
mosip.esignet.binding.audience-id=esignet-binding
mosip.esignet.binding.key-expire-days=10

-------------------------------------- Authentication & Authorization -----------------------------------------------

mosip.esignet.security.auth.post-urls={}
mosip.esignet.security.auth.put-urls={}
mosip.esignet.security.auth.get-urls={}

mosip.esignet.security.ignore-csrf-urls=${server.servlet.path}/oidc/,${server.servlet.path}/oauth/,
${server.servlet.path}/actuator/,/favicon.ico,${server.servlet.path}/error,
${server.servlet.path}/swagger-ui/
,${server.servlet.path}/v3/api-docs/,
${server.servlet.path}/vci/

mosip.esignet.security.ignore-auth-urls=${server.servlet.path}/csrf/,${server.servlet.path}/authorization/,
${server.servlet.path}/linked-authorization/,${server.servlet.path}/oidc/,${server.servlet.path}/oauth/,
${server.servlet.path}/actuator/
,/favicon.ico,${server.servlet.path}/error,${server.servlet.path}/swagger-ui/,
${server.servlet.path}/v3/api-docs/
,${server.servlet.path}/client-mgmt/,${server.servlet.path}/vci/

##------------------------------------------ Kafka configurations ------------------------------------------------------
spring.kafka.bootstrap-servers=localhost:9092
spring.kafka.consumer.group-id=runtime-kafka-registry
spring.kafka.consumer.enable-auto-commit=true
spring.kafka.listener.concurrency=1

mosip.esignet.kafka.linked-session.topic=esignet-linked
mosip.esignet.kafka.linked-auth-code.topic=esignet-consented

------------------------------------------- Integrations ------------------------------------------------------------

#Comma separated list of third party packages to scan
mosip.esignet.integration.scan-base-package=io.mosip.esignet.mock.integration

mosip.esignet.integration.binding-validator=BindingValidatorServiceImpl
mosip.esignet.integration.authenticator=MockAuthenticationService
mosip.esignet.integration.key-binder=MockKeyBindingWrapperService
mosip.esignet.integration.audit-plugin=LoggerAuditService
mosip.esignet.integration.vci-plugin=MockVCIssuancePlugin

#Mock IDA integration props
mosip.esignet.mock.authenticator.get-identity-url=http://localhost:8082/v1/mock-identity-system/identity
mosip.esignet.mock.authenticator.kyc-auth-url=http://localhost:8082/v1/mock-identity-system/kyc-auth
mosip.esignet.mock.authenticator.kyc-exchange-url=http://localhost:8082/v1/mock-identity-system/kyc-exchange
mosip.esignet.mock.authenticator.send-otp=http://localhost:8082/v1/mock-identity-system/send-otp
mosip.esignet.mock.authenticator.ida.otp-channels=email,phone

#Mock Key binding props
mosip.esignet.mock.supported.bind-auth-factor-types={‘WLA’}

#Mock VCI plugin
mosip.esignet.mock.vciplugin.verification-method=${mosip.esignet.vci.authn.jwk-set-uri}

------------------------------------------ oauth & openid supported values ------------------------------------------

supported scopes

mosip.esignet.supported.credential.scopes={‘sample_vc_ldp’}
mosip.esignet.supported.authorize.scopes={‘resident-service’}
mosip.esignet.supported.openid.scopes={‘profile’,‘email’,‘phone’}
mosip.esignet.openid.scope.claims={‘profile’ : {‘name’,‘given_name’,‘middle_name’,‘preferred_username’,‘picture’,‘gender’,‘birthdate’,‘locale’,‘nickname’, ‘family_name’,‘zoneinfo’, ‘updated_at’,‘address’},‘email’ : {‘email’,‘email_verified’}, ‘phone’ : {‘phone_number’,‘phone_number_verified’}}
mosip.esignet.credential.scope-resource-mapping={‘sample_vc_ldp’ : ‘${mosipbox.public.url}${server.servlet.path}/vci/credential’ }

supported authorization processing flow to be used, Currently only supports Authorization Code Flow.

mosip.esignet.supported.response.types={‘code’}

Form of Authorization Grant presented to token endpoint

mosip.esignet.supported.grant.types={‘authorization_code’}

specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User

page-The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode.

popup-The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over.

touch-The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface.

wap-The Authorization Server SHOULD display the authentication and consent UI consistent with a “feature phone” type display.

mosip.esignet.supported.ui.displays={‘page’,‘popup’,‘touch’,‘wap’}

specifies whether the Authorization Server prompts the End-User for reauthentication and consent

none-The Authorization Server MUST NOT display any authentication or consent user interface pages.

An error is returned if an End-User is not already authenticated or the Client does not have pre-configured consent

for the requested Claims or does not fulfill other conditions for processing the request.

The error code will typically be login_required, interaction_required, or another code defined in Section 3.1.2.6.

This can be used as a method to check for existing authentication and/or consent.

login-The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, \

it MUST return an error, typically login_required.

consent-The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client.

If it cannot obtain consent, it MUST return an error, typically consent_required.

select_account-The Authorization Server SHOULD prompt the End-User to select a user account. This enables an End-User

who has multiple accounts at the Authorization Server to select amongst the multiple accounts that they might have current

sessions for. If it cannot obtain an account selection choice made by the End-User, it MUST return an error,

typically account_selection_required.

mosip.esignet.supported.ui.prompts={‘none’,‘login’,‘consent’,‘select_account’}

Type of the client assertion

mosip.esignet.supported.client.assertion.types={‘urn:ietf:params:oauth:client-assertion-type:jwt-bearer’}

Type of the client authentication methods for token endpoint

mosip.esignet.supported.client.auth.methods={‘private_key_jwt’}

JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported

mosip.esignet.supported-pkce-methods={‘S256’}

---------------------------------------- Cache configuration --------------------------------------------------------

mosip.esignet.cache.secure.individual-id=true
mosip.esignet.cache.store.individual-id=true
mosip.esignet.cache.security.secretkey.reference-id=TRANSACTION_CACHE
mosip.esignet.cache.security.algorithm-name=AES/ECB/PKCS5Padding

mosip.esignet.cache.names=bindingtransaction,clientdetails,preauth,authenticated,authcodegenerated,userinfo,linkcodegenerated,linked,linkedcode,
linkedauth,consented,vcissuance,apiRateLimit,blocked

#spring.cache.type=redis
#spring.cache.cache-names=${mosip.esignet.cache.names}
#spring.redis.host=localhost
#spring.redis.port=6379

spring.cache.type=simple
mosip.esignet.cache.key.hash.algorithm=SHA3-256
mosip.esignet.cache.size={‘clientdetails’ : 200, ‘preauth’: 200, ‘authenticated’: 200, ‘authcodegenerated’: 200, ‘userinfo’: 200,
‘linkcodegenerated’ : 500, ‘linked’: 200 , ‘linkedcode’: 200, ‘linkedauth’ : 200 , ‘consented’ :200, ‘vcissuance’:100,
‘apiRateLimit’ : 500, ‘blocked’: 500 }
mosip.esignet.cache.expire-in-seconds={‘clientdetails’ : 86400, ‘preauth’: 180, ‘authenticated’: ${mosip.esignet.authentication-expire-in-secs},
‘authcodegenerated’: 60, ‘userinfo’: ${mosip.esignet.access-token-expire-seconds}, ‘linkcodegenerated’ : ${mosip.esignet.link-code-expire-in-secs},
‘linked’: 60 , ‘linkedcode’: ${mosip.esignet.link-code-expire-in-secs}, ‘linkedauth’ : ${mosip.esignet.authentication-expire-in-secs},
‘consented’: 120, ‘vcissuance’: ${mosip.esignet.access-token-expire-seconds}, ‘apiRateLimit’ : 180, ‘blocked’: 300 }

------------------------------------------ Discovery openid-configuration -------------------------------------------

mosipbox.public.url=http://localhost:8088
mosip.esignet.discovery.issuer-id=${mosipbox.public.url}${server.servlet.path}

mosip.esignet.oauth.key-values={‘issuer’: ‘${mosipbox.public.url}’ ,
\ ‘authorization_endpoint’: ‘${mosipbox.public.url}${server.servlet.path}/authorize’ ,
\ ‘token_endpoint’: ‘${mosipbox.public.url}${server.servlet.path}/oauth/token’ ,
\ ‘jwks_uri’ : ‘${mosipbox.public.url}${server.servlet.path}/oauth/jwks.json’ ,
\ ‘token_endpoint_auth_methods_supported’ : ${mosip.esignet.supported.client.auth.methods},
\ ‘token_endpoint_auth_signing_alg_values_supported’ : {‘RS256’},
\ ‘scopes_supported’ : ${mosip.esignet.supported.openid.scopes},
\ ‘response_modes_supported’ : { ‘query’ },
\ ‘grant_types_supported’ : ${mosip.esignet.supported.grant.types},
\ ‘response_types_supported’ : ${mosip.esignet.supported.response.types}}

mosip.esignet.discovery.key-values={‘issuer’: ‘${mosipbox.public.url}’ ,
\ ‘authorization_endpoint’: ‘${mosipbox.public.url}${server.servlet.path}/authorize’ ,
\ ‘token_endpoint’: ‘${mosipbox.public.url}${server.servlet.path}/oauth/token’ ,
\ ‘userinfo_endpoint’ : ‘${mosipbox.public.url}${server.servlet.path}/oidc/userinfo’ ,
\ ‘scopes_supported’ : ${mosip.esignet.supported.openid.scopes},
\ ‘response_types_supported’ : ${mosip.esignet.supported.response.types},
\ ‘response_modes_supported’ : { ‘query’ },
\ ‘token_endpoint_auth_methods_supported’ : ${mosip.esignet.supported.client.auth.methods},
\ ‘token_endpoint_auth_signing_alg_values_supported’ : {‘RS256’},
\ ‘userinfo_signing_alg_values_supported’ : {‘RS256’},
\ ‘userinfo_encryption_alg_values_supported’ : {‘RSAXXXXX’},
\ ‘userinfo_encryption_enc_values_supported’ : {‘A128GCM’},
\ ‘id_token_signing_alg_values_supported’ : {‘RS256’},
\ ‘claim_types_supported’: {‘normal’},
\ ‘claims_parameter_supported’ : true,
\ ‘display_values_supported’ : ${mosip.esignet.supported.ui.displays},
\ ‘subject_types_supported’ : { ‘pairwise’ },
\ ‘claims_supported’ : {‘iss’,‘sub’,‘acr’,‘name’,‘given_name’,‘middle_name’,‘preferred_username’,‘picture’,‘gender’,‘birthdate’,‘locale’,‘nickname’, ‘family_name’,‘zoneinfo’, ‘updated_at’,‘address’, ‘email’,‘email_verified’, ‘phone_number’,‘phone_number_verified’},
\ ‘acr_values_supported’ : {},
\ ‘request_parameter_supported’ : false }

##----------------------------------------- Database properties --------------------------------------------------------

spring.datasource.url=jdbc:postgresql://localhost:5432/mosip_esignet?currentSchema=esignet
spring.datasource.username=postgres
spring.datasource.password=mickey123

spring.jpa.database-platform=org.hibernate.dialect.PostgreSQL95Dialect
spring.jpa.show-sql=false
spring.jpa.hibernate.ddl-auto=none
spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true

#------------------------------------ Key-manager specific properties --------------------------------------------------
#Crypto asymmetric algorithm name
mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING
#Crypto symmetric algorithm name
mosip.kernel.crypto.symmetric-algorithm-name=AES/GCM/PKCS5Padding
#Keygenerator asymmetric algorithm name
mosip.kernel.keygenerator.asymmetric-algorithm-name=RSA
#Keygenerator symmetric algorithm name
mosip.kernel.keygenerator.symmetric-algorithm-name=AES
#Asymmetric algorithm key length
mosip.kernel.keygenerator.asymmetric-key-length=2048
#Symmetric algorithm key length
mosip.kernel.keygenerator.symmetric-key-length=256
#Encrypted data and encrypted symmetric key separator
mosip.kernel.data-key-splitter=#KEY_SPLITTER#
#GCM tag length
mosip.kernel.crypto.gcm-tag-length=128
#Hash algo name
mosip.kernel.crypto.hash-algorithm-name=PBKDF2WithHmacSHA512
#Symmtric key length used in hash
mosip.kernel.crypto.hash-symmetric-key-length=256
#No of iterations in hash
mosip.kernel.crypto.hash-iteration=100000
#Sign algo name
mosip.kernel.crypto.sign-algorithm-name=RS256
#Certificate Sign algo name
mosip.kernel.certificate.sign.algorithm=SHA256withRSA

mosip.kernel.keymanager.hsm.config-path=local.p12
mosip.kernel.keymanager.hsm.keystore-type=PKCS12
mosip.kernel.keymanager.hsm.keystore-pass=local

mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io
mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER
mosip.kernel.keymanager.certificate.default.organization=IITB
mosip.kernel.keymanager.certificate.default.location=BANGALORE
mosip.kernel.keymanager.certificate.default.state=KA
mosip.kernel.keymanager.certificate.default.country=IN

mosip.kernel.keymanager.softhsm.certificate.common-name=www.mosip.io
mosip.kernel.keymanager.softhsm.certificate.organizational-unit=MOSIP
mosip.kernel.keymanager.softhsm.certificate.organization=IITB
mosip.kernel.keymanager.softhsm.certificate.country=IN

ApplicationId for PMS master key.

mosip.kernel.partner.sign.masterkey.application.id=PMS
mosip.kernel.partner.allowed.domains=DEVICE

mosip.kernel.keymanager-service-validate-url=https://${mosip.hostname}/keymanager/validate
mosip.kernel.keymanager.jwtsign.validate.json=false
mosip.keymanager.dao.enabled=false
crypto.PrependThumbprint.enable=true

-------------------------------------------- IDP-UI config ----------------------------------------------------------

NOTE:

1. linked-transaction-expire-in-secs value should be a sum of mosip.esignet.authentication-expire-in-secs and linked cache expire in seconds under mosip.esignet.cache.expire-in-seconds property

2. A new Qrcode will be autogenerated before the expiry of current qr-code, and the time difference in seconds for the same is defined in wallet.qr-code-buffer-in-secs property

mosip.esignet.ui.wallet.config={{‘wallet.name’: ‘walletName’, ‘wallet.logo-url’: ‘/images/qr_code.png’, ‘wallet.download-uri’: ‘#’,
‘wallet.deep-link-uri’: ‘inji://landing-page-name?linkCode=LINK_CODE&linkExpireDateTime=LINK_EXPIRE_DT’ }}

mosip.esignet.ui.signup.config={‘signup.banner’: true, ‘signup.url’: ‘http://localhost:3000/signup’}

mosip.esignet.ui.forgot-password.config={‘forgot-password’: true, ‘forgot-password.url’: ‘http://localhost:3000/forgot-password’}

mosip.esignet.authenticator.default.auth-factor.kba.field-details={}
mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field=

Configuration Map input to UI at the start of every transaction.

mosip.esignet.ui.config.key-values={‘sbi.env’: ‘Developer’, ‘sbi.timeout.DISC’: 30,
‘sbi.timeout.DINFO’: 30, ‘sbi.timeout.CAPTURE’: 30, ‘sbi.capture.count.face’: 1, ‘sbi.capture.count.finger’: 1,
‘sbi.capture.count.iris’: 1, ‘sbi.capture.score.face’: 70, ‘sbi.capture.score.finger’:70, ‘sbi.capture.score.iris’:70,
‘resend.otp.delay.secs’: 10, ‘send.otp.channels’ : ‘mmm’,
‘captcha.sitekey’ : ‘mmm’, ‘captcha.enable’ : ‘${mosip.esignet.captcha.required}’,
‘auth.txnid.length’ : 9, ‘consent.screen.timeout-in-secs’:${mosip.esignet.authentication-expire-in-secs},
‘consent.screen.timeout-buffer-in-secs’: 5, ‘linked-transaction-expire-in-secs’: 240, ‘sbi.port.range’: ‘4501-4600’,
‘sbi.bio.subtypes.iris’: ‘UNKNOWN’, ‘sbi.bio.subtypes.finger’: ‘UNKNOWN’, ‘wallet.qr-code-buffer-in-secs’: 10, ‘otp.length’: 6, 'password.regex’: ‘^.{8,20}$’,
‘password.max-length’: 20,
‘username.regex’: ‘[1][0-9]{7,8}$’,
‘username.prefix’: ‘+855’,
‘username.postfix’: ‘@phone’,
‘username.max-length’: 9,
‘username.input-type’: ‘number’, ‘wallet.config’: ${mosip.esignet.ui.wallet.config}, 'signup.config’: ${mosip.esignet.ui.signup.config},
‘forgot-password.config’: ${mosip.esignet.ui.forgot-password.config},
‘error.banner.close-timer’: 10,
‘auth.factor.kba.individual-id-field’ : ‘${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}’,
‘auth.factor.kba.field-details’: ${mosip.esignet.authenticator.default.auth-factor.kba.field-details} }

---------------------------------------------- VCI ------------------------------------------------------------------

mosip.esignet.vci.identifier=${mosipbox.public.url}${server.servlet.path}
mosip.esignet.vci.authn.filter-urls={ ‘${server.servlet.path}/vci/credential’ }
mosip.esignet.vci.authn.issuer-uri=${mosipbox.public.url}${server.servlet.path}
mosip.esignet.vci.authn.jwk-set-uri=${mosipbox.public.url}${server.servlet.path}/oauth/.well-known/jwks.json
mosip.esignet.vci.authn.allowed-audiences={ ‘${mosipbox.public.url}${server.servlet.path}/vci/credential’ }

mosip.esignet.vci.supported.jwt-proof-alg={‘RS256’}

mosip.esignet.vci.key-values={
“latest” : {
‘credential_issuer’: ‘${mosip.esignet.vci.identifier}’,
‘credential_endpoint’: ‘${mosipbox.public.url}${server.servlet.path}/vci/credential’,
‘display’: {{‘name’: ‘e-Signet’, ‘locale’: ‘en’}},
‘credentials_supported’ : {
“SampleVerifiableCredential_ldp” : {
‘format’: ‘ldp_vc’,
‘scope’ : ‘sample_vc_ldp’,
‘cryptographic_binding_methods_supported’: {‘did:jwk’},
‘cryptographic_suites_supported’: {‘RsaSignature2018’},
‘proof_types_supported’: {‘jwt’},
‘credential_definition’: {
‘type’: {‘VerifiableCredential’,‘SampleVerifiableCredential’},
‘credentialSubject’: {
‘name’: { ‘display’: {{‘name’: ‘Given Name’, ‘locale’: ‘en’ }}},
‘age’: { ‘display’: {{ ‘name’: ‘Age’, ‘locale’: ‘en’}}}
}},
‘display’: {{‘name’: ‘Sample Verifiable Credential by e-Signet’,
‘locale’: ‘en’,
‘logo’: {‘url’: ‘${mosipbox.public.url}/logo.png’,
‘alt_text’: ‘a square logo of a MOSIP’},
‘background_color’: ‘#12107c’,
‘text_color’: ‘#FFFFFF’}}
}
}
}
}

with pleasure


  1. 1-9 ↩︎

Hello @Michael
Please change this field username.max-length value from 9 to 10. I hope this’ll resolve your issue. Please let us know if you face any other issues.

Thanks and Regards
Team MOSIP

Dear @balaji-alluru





I have resolved the previous error, but I am encountering some issues with this part, sir.
With pleasure

Hi @Michael

Kindly share esignet logs to fast-track the issue identification and resolution.

regards

Dear @Anusha_sunkadh



with regards

Hi @Michael ,

Sorry to say this, but the above screenshots do not help us find the issue. What you should do is:

  1. clear esignet service logs
  2. open web-browser and run the flow, until you face the issue reported above.
  3. Now copy the complete esignet service logs to a file and share the file.
  4. if possible share the mock-relying-party-service logs as well.

thanks & regards
MOSIP team

Hi @Michael ,

Were you able to resolve the issue? Let us know if you need further assistance.

Best Regards,
Team MOSIP