ID Authentication Deployment Problem (MOSIP v1.2.0.1-B1)

slimab · April 6, 2023, 2:54pm

Hello,
We are facing an error in the deploy of ID Authentication, in kubernetes.

Could not resolve placeholder ‘softhsm.ida.pin’ in value "${softhsm.ida.pin}"\n\tat org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:379)\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1348)\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:578)\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:501)\n\tat org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317)\n\tat org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228)\n\tat org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315)\n\tat org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)\n\tat org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:251)\n\tat org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1138)\n\tat org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1065)\n\tat org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.

Thank you,

syed.salman · April 10, 2023, 6:00am

@slimab please check whether softhsm-ida is installed or not and make sure to pass the same secrets to config-server.

github.com

mosip/mosip-infra/blob/v1.2.0.1-B1/deployment/v3/external/hsm/softhsm/install.sh#L25


      
          
          
echo Istio label
          kubectl label ns $NS istio-injection=enabled --overwrite
          helm repo update
          
          
echo Installing Softhsm for Kernel
          helm -n $NS install softhsm-kernel mosip/softhsm -f values.yaml --version $CHART_VERSION --wait
          echo Installed Softhsm for Kernel
          
          
echo Installing Softhsm for IDA
          helm -n $NS install softhsm-ida mosip/softhsm -f values.yaml --version $CHART_VERSION --wait
          echo Installed Softhsm for IDA

slimab · April 10, 2023, 2:29pm

Hello,
the softhsm-ida was installed before the deployment ID authentification and the softhsm kernel services is correctly used by the keymanager

syed.salman · April 17, 2023, 5:44am

With reference to the latest inputs provided, in order to further investigate the issue, kindly verify the operational status of the config-server. Additionally, please ensure the existence of the environmental variable SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_IDA_PIN within the deployment of the config-server in the namespace of the config-server.

Thanks

slimab · April 19, 2023, 12:24pm

Hello,
Now we are facing anthore error, in two pods (auth and otp) of deploy of ID Authentication.

Logs:

IDR-IDC-004 → Unknown error occurred; \nnested exception is io.mosip.kernel.auth.defaultadapter.exception.AuthAdapterException: Self cached auth token is null\n\t… 61 common frames omitted\nCaused by: io.mosip.kernel.auth.defaultadapter.exception.AuthAdapterException: Self cached auth token is null\n\tat io.mosip.kernel.auth.defaultadapter.config.SelfTokenExchangeFilterFunction.filter(SelfTokenExchangeFilterFunction.java:71)\n\tat org.springframework.web.reactive.function.client.ExchangeFilterFunction.lambda$andThen$1(ExchangeFilterFunction.java:56)\n\tat org.springframework.web.reactive.function.client.ExchangeFilterFunction.lambda$apply$2(ExchangeFilterFunction.java:67)\n\tat org.springframework.web.reactive.function.client.DefaultWebClient$DefaultRequestBodyUriSpec.exchange(DefaultWebClient.java:317)\n\tat org.springframework.web.reactive.function.client.DefaultWebClient$DefaultRequestBodyUriSpec.retrieve(DefaultWebClient.java:364)\n\tat io.mosip.idrepository.core.helper.RestHelper.request(RestHelper.java:211)\n\tat io.mosip.idrepository.core.helper.RestHelper.requestSync(RestHelper.java:119)\n\t… 60 common frames omitted\n",“appName”:“id-authentication,id-authentication-external”}

{“@timestamp”:“2023-04-19T12:08:57.045Z”,“@version”:“1”,“message”:“Error connecting to OIDC service (WebClient) Problem in connecting to auth service or UNKNOWN Error.”,“logger_name”:“io.mosip.kernel.auth.defaultadapter.helper.TokenHelper”,“thread_name”:“main”,“level”:“ERROR”,“level_value”:40000,“appName”:“id-authentication,id-authentication-external”}
{“@timestamp”:“2023-04-19T12:08:57.045Z”,“@version”:“1”,“message”:“there is some issue with getting token with clienid and secret”,“logger_name”:“io.mosip.kernel.auth.defaultadapter.config.SelfTokenExchangeFilterFunction”,“thread_name”:“main”,“level”:“ERROR”,“level_value”:40000,“appName”:“id-authentication,id-authentication-external”}

syed.salman · April 21, 2023, 9:46am

Hello @slimab ,

To obtain the complete logs of the IDA authentication and IDA OTP service, you can use the following command:

kubectl -n <namespace> logs <pod-name> --previous

Please replace <namespace> and <pod-name> with the appropriate values for your setup.

Based on the exception you provided, it seems that there is an issue with connecting to the OIDC authentication service. To investigate this further, I will need the configuration properties files for the OIDC, kernel, and IDA modules. Additionally, please provide information on which version of OIDC you have deployed.

Please provide the requested information so that I can assist you further.

Thanks

slimab · April 24, 2023, 8:05am

Hello @syed.salman,
What do you mean exactly by the configuration properties files for the OIDC, kernel, and IDA modules?
If you need configmaps and secret, from which namespace do you need them?
if you need files properties from config-server module, what files do you need them?

Thanks

ckm007 · April 24, 2023, 2:52pm

@slimab we face OIDC related issues as mentioned in IDA logs

due to connection issue to keycloak
due to wrong client ID / secret for the mpartner-default-auth in IDA config. Due to above reasons IDA might be not be able to create token and validate the same.

Resolution:

check the keycloak connectivity issue and fix.
In case keycloak init was done after config server deployment due to any reason, redeploy config server after deleting so that it gets correct secret and passes the same to IDA. Please do restart the IDA failing services once config server is redeployed.

slimab · April 24, 2023, 3:47pm

Hello @ckm007,
replaying on your answer:
1- curling the link of keycloak: curl http://x.x.x.x:8080/auth/realms/mosip, from the istio of IDA AUTH, it provides the result:
{“realm”:“mosip”,“public_key”:“AAAZZZZFVGHHHHBVTYJJHVDCF…”,“token-service”:“https://iam.example.local/auth/realms/mosip/protocol/openid-connect",“account-service”:“https://iam.example.local/auth/realms/mosip/account”,"tokens-not-before”:0}

The IDA AUTH pod is still down.

Topic		Replies	Views
Id-authentication error HSM	1	234	August 30, 2023
Authentication demo service error	1	206	October 27, 2023
ID Authentiocation ERROR	3	228	October 23, 2023
Auth validate token not working Developer	3	26	October 17, 2024
Building ID-Authentication Repo	2	228	November 16, 2023

ID Authentication Deployment Problem (MOSIP v1.2.0.1-B1)

Related topics