I am interested in your e-signet project. it has many cool features in this service. But I e-signet don’t have a clear document to follow to set up this service and try to integrate it with my service. Can you tell a basic requirement to set up it.
Thank you
1 Like
Hi @mengleang-ngoun,
Thank you for your interest in our e-signet project! We understand the importance of clear documentation for setting up and integrating the service. To support you with this, one of our team members will shortly share the basic requirements to set it up.
Is there anything specific you would like to know or any questions you have in the meantime? Feel free to reach out, and we’ll be more than happy to assist you.
Thank you again for your interest, and we look forward to helping you with the e-signet integration!
Best regards,
MOSIP Team
We have updated our readme file to guide local setup of esignet with mock plugins
You will also need mock-identity-system running parallel, please find the below link to setup mock-identity-system in your local:
Thank you
2 Likes
Hi, @sanchi-singh24 and @Anusha_sunkadh.
Thank you for supporting us, but I have one thing to ask you about mosip doesn’t it have another way to run it on a personal computer I saw a requirement of misip requirement big machine for deployment, but for me, as developer, I need to only in a run and for try feature that you’re providing to us
Best regards,
Mengleang Ngoun
yeah we have @mengleang-ngoun , we can run e-Signet with mock identity system.
Can you pls go through this Readme
this will guide you to start e-Signet on your local machine without much dependency.
The only dependency will be a database.
1 Like
Thank you for answer.
Recently, I was interested in esignet, so I tried to install it, but I couldn’t proceed because the following error occurred.
I hope your answer will help to solve this problem.
=> Error Messages
{“@timestamp”:“2023-07-26T14:11:39.380+09:00”,“@version”:“1”,“message”:“[Consumer clientId=consumer-link-status-consumer-2, groupId=link-status-consumer] Bootstrap broker localhost:9092 (id: -1 rack: null) disconnected”,“logger_name”:“org.apache.kafka.clients.NetworkClient”,“thread_name”:“link-status- consumer-0-C-1”,“level”:“WARN”,“level_value”:30000,“appName”:“esignet”}
{“@timestamp”:“2023-07-26T14:11:40.037+09:00”,“@version”:“1”,“message”:“[Consumer clientId=consumer-link-auth-code-status- consumer-1, groupId=link-auth-code-status-consumer] Connection to node -1 (localhost/127.0.0.1:9092) could not be established. Broker may not be available.”,“logger_name”:“org. apache.kafka.clients.NetworkClient”,“thread_name”:“link-auth-code-status-consumer-0-C-1”,“level”:“WARN”,“level_value”:30000,“appName”:" esignet"}
{“@timestamp”:“2023-07-26T14:11:40.037+09:00”,“@version”:“1”,“message”:“[Consumer clientId=consumer-link-auth-code-status- consumer-1, groupId=link-auth-code-status-consumer] Bootstrap broker localhost:9092 (id: -1 rack: null) disconnected”,“logger_name”:“org.apache.kafka.clients.NetworkClient”," thread_name":“link-auth-code-status-consumer-0-C-1”,“level”:“WARN”,“level_value”:30000,“appName”:“esignet”}
{“@timestamp”:“2023-07-26T14:11:40.302+09:00”,“@version”:“1”,“message”:“[Consumer clientId=consumer-link-status-consumer-2, groupId=link-status-consumer] Connection to node -1 (localhost/127.0.0.1:9092) could not be established. Broker may not be available.”,“logger_name”:“org.apache.kafka.clients.NetworkClient” ,“thread_name”:“link-status-consumer-0-C-1”,“level”:“WARN”,“level_value”:30000,“appName”:“esignet”}
Hi @montana.bae ,
Happy to know that 
Please check the kafka connection details in the application-local.properties.
if you are looking for OIDC flow, you could ignore kafka connection error.
Note: Kafka is required only for Wallet local authentication (WLA) which is possible only after wallet key binding with e-Signet.
1 Like
Hi @Anusha_sunkadh,
Thank you for your kind and detailed reply.
It was really informative for me.
If there are any issues during the installation process,
I will share them again.
Best regards,
Montana
2 Likes
Hi @Anusha_sunkadh,
Before telling my issues, let me tell you about the versions I have tested.
- esignet branch : master
- esignet-service : 1.0.0 (tried 1.1.0 but failed)
- mock_esignet_integratioon_api : 0.9.0
- mock_identity_system : 0.9.0
- postgresql : 15.0
Test results,
- mock_identity_system : build ok, run ok
- esignet-service : build ok, run ok, 8088 port LISTENING ok
But I tried to access http://localhost:8088/v1/esignet/swagger-ui.html then I got message below.
{“responseTime”:“2023-07-26T09:50:15.195Z”,“response”:null,“errors”:[{“errorCode”:“unknown_error”,“errorMessage”:“Full authentication is required to access this resource”}]}
What this mean? and what can I do?
Best regards,
Montana
@montana.bae Thanks for letting us know on error you are facing @Anusha_sunkadh will get back to you on this.
Ok,
can you check this set of configuration in esignet-service
For local development environment, We donot connect to keycloak so we disable authentication and authorization.
We use this configuration file for local setup: I would suggest you take this config file from the “develop” branch (it was recently updated).
2 Likes
@Anusha_sunkadh
Thank you again.
I tried develop branch with version 1.1.0 before but failed with this message.
Caused by: io.mosip.kernel.core.keymanager.exception.NoSuchSecurityProviderException: KER-KMA-004 → No such alias: 7fdaa090-7362-4c23-8734-c2ecaf31f711
I changed the property as you said but same error returns.
I tried develop branch with version 1.2.0 what you update yesterday,
and same error occured.
Thank you for your sinciery support.
Best regards,
Montana
Hi, @Anusha_sunkadh
I attached full error message, I guess it’s because of keymanager and hsm module of mosip.
Let me ask something.
- Do I need install keymanager and softhsm of mosip?
- If I install keycloak and connect esignet service to keycloak authentication, then it will help to solve the problem?
Best regards,
Montana
{
“@timestamp”: “2023-07-27T09:37:19.958+09:00”,
“@version”: “1”,
“message”: “Application run failed”,
“logger_name”: “org.springframework.boot.SpringApplication”,
“thread_name”: “main”,
“level”: “ERROR”,
“level_value”: 40000,
“stack_trace”: "java.lang.IllegalStateException: Failed to execute ApplicationRunner
org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:789)
org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:776)
org.springframework.boot.SpringApplication.run(SpringApplication.java:322)
org.springframework.boot.SpringApplication.run(SpringApplication.java:1237)
org.springframework.boot.SpringApplication.run(SpringApplication.java:1226)
io.mosip.esignet.EsignetServiceApplication.main(EsignetServiceApplication.java:32)
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.base/java.lang.reflect.Method.invoke(Method.java:566)
org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
org.springframework.boot.loader.Launcher.launch(Launcher.java:107)
org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:467)
Caused by: io.mosip.kernel.core.keymanager.exception.NoSuchSecurityProviderException: KER-KMA-004 → No such alias: 7fdaa090-7362-4c23-8734-c2ecaf31f711
io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS12KeyStoreImpl.getAsymmetricKey(PKCS12KeyStoreImpl.java:270)
io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS12KeyStoreImpl.getCertificate(PKCS12KeyStoreImpl.java:314)
io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS12KeyStoreImpl.getCertificate(PKCS12KeyStoreImpl.java:64)
io.mosip.kernel.keymanager.hsm.impl.KeyStoreImpl.getCertificate(KeyStoreImpl.java:253)
io.mosip.kernel.keymanager.hsm.impl.KeyStoreImpl.getCertificate(KeyStoreImpl.java:43)
io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl.buildResponseObject(KeymanagerServiceImpl.java:627)
io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl.generateKey(KeymanagerServiceImpl.java:555)
io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl.generateMasterKey(KeymanagerServiceImpl.java:518)
io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl$$FastClassBySpringCGLIB$$37c188ac.invoke()
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:771)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:367)
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:118)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:749)
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691)
io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl$$EnhancerBySpringCGLIB$$40219339.generateMasterKey()
io.mosip.esignet.config.AppConfig.run(AppConfig.java:75)
org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:786)
… 13 common frames omitted ",
“appName”: “esignet”
}
Hi,
We use embedded keymanager, and keymanager in local setup is configured to use PKCS12 keystore.
it will create local.p12 to store the required keys, and key aliases are stored in the DB key_alias table.
Seems like local.p12 is deleted and keymanager is failing to find keys with old aliases in the newly created local.p12.
Note: path to local.p12 configurable in the application-local.properties.
if you have started the application in the target folder, then the local.p12 will be created under target folder. every time you build the application target folder is deleted by mvn.
solution: Truncate records from key_alias table and change the local.p12 file location in the properties(so that you dont lose local.p12 file next time you build the application) and start the application.
2 Likes
Hi, @Anusha_sunkadh
Thank you very very much.
It works.
I can see the swagger page.
I can go foward to the next step.
Best regards,
Montana.
1 Like
Hi @montana.bae
Thanks for letting us know and in case of any other query on further steps you can surely reach out to our team.
Best Regards,
Team MOSIP
Hi @Anusha_sunkadh and @sanchi-singh24
Long time no see.
I’m testing mock-relying-party-service on localhost now.
I connected to http://localhost:5000 and clicked the ‘Sign in withe e-Signet’ button, but it is blocked due to CORS policy and the process is not progressing.
Please let me know if there is a way to solve it or if there is something to check.
The current testing environment is
branch: master
os:windows
The list of currently running services is as follows:
localhost:3000 - nginx
localhost:3001 - oidc-ui
localhost:8088 - esignet server
localhost:5000 - nginx
localhost:5001 - relying-party-ui
localhost:8082 - mock-identity-system
–error message
Access to XMLHttpRequest at ‘http://localhost:8088/v1/esignet/csrf/token’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
:8088/v1/esignet/csrf/token:1
Failed to load resource: net::ERR_FAILED
authorize:1 Access to XMLHttpRequest at ‘http://localhost:8088/v1/esignet/csrf/token’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: No ‘Access-Control-Allow- Origin’ header is present on the requested resource.
:8088/v1/esignet/csrf/token:1
localhost:8888 - health-service also alive
when i clicked ‘http://localhost:8088/v1/esignet/csrf/token’ then it replys
{“token”:“1c2a4eb1-884c-4f40-b044-4059e7972214”,“parameterName”:“_csrf”,“headerName”:“X-XSRF-TOKEN”}
Hi, @Anusha_sunkadh
I resolve the CORS issue,
And now, I’m fighting with 403 forbidden issue.
POST http://localhost:8088/v1/esignet/authorization/oauth-details 403
– my request body
-
{requestTime: “2023-08-11T08:25:12.896Z”,…}
-
request: {nonce: “ere973eieljznge2311”, state: “eree2311”, clientId: “healthservices”,…}
1. acrValues: "mosip:idp:acr:generated-code mosip:idp:acr:biometrics mosip:idp:acr:static-code"
2. claims: {,…}
1. id_token: {}
2. userinfo: {given_name: {essential: true}, phone_number: {essential: false}, email: {essential: true},…}
1. address: {essential: false}
1. essential: false
2. birthdate: {essential: false}
1. essential: false
3. email: {essential: true}
1. essential: true
4. gender: {essential: false}
1. essential: false
5. given_name: {essential: true}
1. essential: true
6. phone_number: {essential: false}
1. essential: false
7. picture: {essential: false}
1. essential: false
3. claimsLocales: "en"
4. clientId: "healthservices"
5. display: "page"
6. maxAge: "21"
7. nonce: "ere973eieljznge2311"
8. prompt: "consent"
9. redirectUri: "http://localhost:5000/userprofile"
10. responseType: "code"
11. scope: "openid profile resident-service"
12. state: "eree2311"
13. uiLocales: "ko"
- requestTime: “2023-08-11T08:25:12.896Z”
— and response
{
“timestamp”: 1691742312905,
“status”: 403,
“error”: “Forbidden”,
“message”: “”,
“path”: “/v1/esignet/authorization/oauth-details”
}
Please let me know any hints,
Best regards,
Montana.
Hello @montana.bae
Hope you are doing well.
pls share the request headers
you could also cross check with our postman collections
1 Like