ID Authentication Deployment Problem (MOSIP v1.2.0.1-B1)

Hello,
We are facing an error in the deploy of ID Authentication, in kubernetes.

Could not resolve placeholder ‘softhsm.ida.pin’ in value "${softhsm.ida.pin}"\n\tat org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:379)\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1348)\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:578)\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:501)\n\tat org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317)\n\tat org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228)\n\tat org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315)\n\tat org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)\n\tat org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:251)\n\tat org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1138)\n\tat org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1065)\n\tat org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.

Thank you,

@slimab please check whether softhsm-ida is installed or not and make sure to pass the same secrets to config-server.

Hello,
the softhsm-ida was installed before the deployment ID authentification and the softhsm kernel services is correctly used by the keymanager

With reference to the latest inputs provided, in order to further investigate the issue, kindly verify the operational status of the config-server. Additionally, please ensure the existence of the environmental variable SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_IDA_PIN within the deployment of the config-server in the namespace of the config-server.

Thanks

Hello,
Now we are facing anthore error, in two pods (auth and otp) of deploy of ID Authentication.

Logs:

IDR-IDC-004 → Unknown error occurred; \nnested exception is io.mosip.kernel.auth.defaultadapter.exception.AuthAdapterException: Self cached auth token is null\n\t… 61 common frames omitted\nCaused by: io.mosip.kernel.auth.defaultadapter.exception.AuthAdapterException: Self cached auth token is null\n\tat io.mosip.kernel.auth.defaultadapter.config.SelfTokenExchangeFilterFunction.filter(SelfTokenExchangeFilterFunction.java:71)\n\tat org.springframework.web.reactive.function.client.ExchangeFilterFunction.lambda$andThen$1(ExchangeFilterFunction.java:56)\n\tat org.springframework.web.reactive.function.client.ExchangeFilterFunction.lambda$apply$2(ExchangeFilterFunction.java:67)\n\tat org.springframework.web.reactive.function.client.DefaultWebClient$DefaultRequestBodyUriSpec.exchange(DefaultWebClient.java:317)\n\tat org.springframework.web.reactive.function.client.DefaultWebClient$DefaultRequestBodyUriSpec.retrieve(DefaultWebClient.java:364)\n\tat io.mosip.idrepository.core.helper.RestHelper.request(RestHelper.java:211)\n\tat io.mosip.idrepository.core.helper.RestHelper.requestSync(RestHelper.java:119)\n\t… 60 common frames omitted\n",“appName”:“id-authentication,id-authentication-external”}

{“@timestamp”:“2023-04-19T12:08:57.045Z”,“@version”:“1”,“message”:“Error connecting to OIDC service (WebClient) Problem in connecting to auth service or UNKNOWN Error.”,“logger_name”:“io.mosip.kernel.auth.defaultadapter.helper.TokenHelper”,“thread_name”:“main”,“level”:“ERROR”,“level_value”:40000,“appName”:“id-authentication,id-authentication-external”}
{“@timestamp”:“2023-04-19T12:08:57.045Z”,“@version”:“1”,“message”:“there is some issue with getting token with clienid and secret”,“logger_name”:“io.mosip.kernel.auth.defaultadapter.config.SelfTokenExchangeFilterFunction”,“thread_name”:“main”,“level”:“ERROR”,“level_value”:40000,“appName”:“id-authentication,id-authentication-external”}

Hello @slimab ,

To obtain the complete logs of the IDA authentication and IDA OTP service, you can use the following command:

kubectl -n <namespace> logs <pod-name> --previous

Please replace <namespace> and <pod-name> with the appropriate values for your setup.

Based on the exception you provided, it seems that there is an issue with connecting to the OIDC authentication service. To investigate this further, I will need the configuration properties files for the OIDC, kernel, and IDA modules. Additionally, please provide information on which version of OIDC you have deployed.

Please provide the requested information so that I can assist you further.

Thanks

Hello @syed.salman,
What do you mean exactly by the configuration properties files for the OIDC, kernel, and IDA modules?
If you need configmaps and secret, from which namespace do you need them?
if you need files properties from config-server module, what files do you need them?

Thanks

@slimab we face OIDC related issues as mentioned in IDA logs

  1. due to connection issue to keycloak
  2. due to wrong client ID / secret for the mpartner-default-auth in IDA config. Due to above reasons IDA might be not be able to create token and validate the same.

Resolution:

  1. check the keycloak connectivity issue and fix.
  2. In case keycloak init was done after config server deployment due to any reason, redeploy config server after deleting so that it gets correct secret and passes the same to IDA. Please do restart the IDA failing services once config server is redeployed.

Hello @ckm007,
replaying on your answer:
1- curling the link of keycloak: curl http://x.x.x.x:8080/auth/realms/mosip, from the istio of IDA AUTH, it provides the result:
{“realm”:“mosip”,“public_key”:“AAAZZZZFVGHHHHBVTYJJHVDCF…”,“token-service”:“https://iam.example.local/auth/realms/mosip/protocol/openid-connect",“account-service”:“https://iam.example.local/auth/realms/mosip/account”,"tokens-not-before”:0}

The IDA AUTH pod is still down.