IDA-MPA-001 Signature Verification Failure

Alexan_Hills · October 27, 2025, 12:40pm

ID-Authentication failure. The OTP request fails with IDA-MPA-001error (Digital signature verification failed) and IDA-MLC-007 errors. Using MOSIP Version 1.2.0.1.

OTP Request Body: {“id”:“mosip.identity.otp”,“version”:“1.0”,“transactionID”:“1234567890”,“requestTime”:“2025-10-24T13:49:06.822Z”,“individualId”:“6873974512”,“individualIdType”:“UIN”,“otpChannel”:[“email”]}
<200,{id=mosip.identity.otp, version=1.0, transactionID=1234567890, responseTime=2025-10-24T13:49:08.139Z, errors=[{errorCode=IDA-MLC-007, errorMessage=Request could not be processed. Please try again}, {errorCode=IDA-MPA-001, errorMessage=Digital signature verification failed for signature header}], response=null},{Server=[nginx/1.18.0 (Ubuntu)], Date=[Fri, 24 Oct 2025 13:49:08 GMT], Content-Type=[application/json;charset=ISO-8859-1], Content-Length=[339], Connection=[keep-alive],

Mahesh-Binayak · October 28, 2025, 6:53am

Hi @Alexan_Hills

Thank you for reaching out

Can u tell us a little bit more about
1.When did you create the set up?
2.Have you done the certificate exchanges successfully ?
3.Is this an one time error ? or did u face this issue before ?

This will help me guide you to resolution.
Thanks and Regards
Mahesh

Alexan_Hills · October 28, 2025, 7:29am

Hello @Mahesh-Binayak,

The setup was done last year around July, and we have been able to do the authentications successfully.
Recently, we got the error above; we checked and regenerated the auth and MISP partner certificates, which were also uploaded successfully. However, on trying again, we still got the error, which led us to troubleshoot more, and we found out that the certificate of the mpartner-default-auth partner (OVP) had expired.
It has happened before, but the issue was with our partner’s certificate, not the mpartner-default-auth partner. We are not certain on how the default partner certificates are handled.

Thank you

Mahesh-Binayak · October 28, 2025, 10:16am

Hi! @Alexan_Hills
I Understand the issue now.
Now that you know the OVP partner’s certificate has expired, We can renew it and proceed again.

Did u guys use mosip-onboarder previously ?
Its our default go to tool, which can onboard mpartner-default-auth .

If u want to proceed manually, thats doable too.
let me know how You want to proceed, and I will guide you .

Thanks and regards
Mahesh

Alexan_Hills · October 28, 2025, 11:39am

Hi,

Haven’t used the mosip-onboarder before. Kindly guide us on how to use the tool.

Thank you

Mahesh-Binayak · October 29, 2025, 5:11am

Hi @Alexan_Hills ,
the onboarder is a separate repository which is available in MOSIP.
Its a script that uses postman or newman tool to sequentially make API calls , which are basically for certificate exchanges.

I was thinking , in your case since its just one partner that has expired, we could probably renew it much faster, if we go manual.
So here is the list of APIs you need to hit to renew the cert.

Authenticate using your clinetID and secretKey
@ {{url}}/v1/authmanager/authenticate/clientidsecretkey
2.Download mpartner-default-auth’s original certificate from IDA using
{{url}}/idauthentication/v1/internal/getCertificate?applicationId=IDA&referenceId=mpartner-default-auth
Upload this downloaded cert from above step to PMS
{{url}}/v1/partnermanager/partners/certificate/upload
When PMS returns a signed certificate, upload that back to IDA again at
{{url}}/idauthentication/v1/internal/uploadCertificate

Pls follow above steps and ping here if u face difficulties.

Thanks and regards

Mahesh

Alexan_Hills · October 29, 2025, 12:14pm

Hello @Mahesh-Binayak,

Thank you for the guidance; however, I have only been able to do till step 2. I am unable to do step 3 due to the error below, even after authenticating successfully

Mahesh-Binayak · October 30, 2025, 6:28am

Hi @Alexan_Hills
so after step-2 that is dwonloading the mpartner-default-auth cert, you are getting this error while uploading the same cert to PMS.
am I getting that right ?
if so, kindly share some logs from the IDA which might tell us in details about the error.

Alexan_Hills · October 30, 2025, 6:46am

Hi @Mahesh-Binayak,

I was able to upload the certificate to PMS, and I got the MOSIP-signed certificate; however, I am unable to access that endpoint, {{url}}/idauthentication/v1/internal/uploadCertificate to upload the same back to IDA.

Mahesh-Binayak · October 30, 2025, 10:27am

Hi @Alexan_Hills

Here can u try this URL for reference

https://api-internal.dev.mosip.net/idauthentication/v1/internal/swagger-ui/index.html?configUrl=/idauthentication/v1/internal/v3/api-docs/swagger-config

The request body looks like

{

“id”: “string”,

“metadata”: {},

“request”: {

"applicationId": "IDA",

"certificateData": *{{Signedmpartnerdefaultauthcert}}*,

"referenceId": "mpartner-default-auth"

},

“requesttime”: “2018-12-10T06:12:52.994Z”,

“version”: “string”

}

URL : {{url}}/idauthentication/v1/internal/uploadCertificate

Alexan_Hills · October 30, 2025, 1:33pm

Hello @Mahesh-Binayak,

I have been able to access the Swagger UI with reference to this: https://api-internal.dev.mosip.net/idauthentication/v1/internal/swagger-ui/index.html?configUrl=/idauthentication/v1/internal/v3/api-docs/swagger-config#/keymanager/uploadCertificate as seen below.

I am still getting the IDA-MLC-007 error with authStatus as False; thus, the request could not be processed. I have attached a screenshot of the authentication UI too to see that the IDA client is validated successfully; hopefully that is the client that is required to perform the action.

{
"transactionID": null,
"version": null,
"id": null,
"errors": [
{
"errorCode": "IDA-MLC-007",
"errorMessage": "Request could not be processed. Please try again"
}
],
"responseTime": "2025-10-30T13:00:37.958Z",
"response": {
"authStatus": false,
"authToken": null
}
}

Summary

This text will be hidden

Mahesh-Binayak · October 31, 2025, 6:55am

OK @Alexan_Hills
There are no issues with your APi or Authentication it seems.
Only possibility is that the key may have expired.
so can u check in the IDA DB, in the key_alias table, how many mpartner-default-auth keys are present ?

also when you send the request can you check IDA_internal logs and tell me more details ?

Alexan_Hills · October 31, 2025, 2:27pm

Hello @Mahesh-Binayak,

The IDA-DB key_alias table has 2 entries as shown in the image attached.

Please find below a snippet of the logs from ida-internal.

2025-10-31 14:07:18.694 DEBUG [id-authentication,id-authentication-internal,d149b6f18c56970a,d149b6f18c56970a,false] 65 — [nio-8093-exec-2] i.m.a.c.s.e.IdAuthExceptionHandler : sessionId - Exception - Entered handleAllExceptions - Handling exception :class io.mosip.kernel.keymanagerservice.exception.NoUniqueAliasException
{“@timestamp”:“2025-10-31T14:07:18.695Z”,“@version”:“1”,“message”:“sessionId - Exception - io.mosip.kernel.keymanagerservice.exception.NoUniqueAliasException - io.mosip.kernel.keymanagerservice.exception.NoUniqueAliasException: KER-KMS-003 → No unique alias is found\n Request : ServletWebRequest: uri=/idauthentication/v1/internal/uploadCertificate;client=127.0.0.6;user=service-account-mosip-ida-client\n Status returned : 200\nio.mosip.kernel.keymanagerservice.exception.NoUniqueAliasException: KER-KMS-003 → No unique alias is found\n\tat io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl.getKeyAlias(KeymanagerServiceImpl.java:757)\n\tat io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl.uploadCertificate(KeymanagerServiceImpl.java:806)\n\tat io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl$$FastClassBySpringCGLIB$$37c188ac.invoke()\n\tat org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)\n\tat org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)\n\tat org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:294)\n\tat org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)\n\tat org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)\n\tat io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl$$EnhancerBySpringCGLIB$$9c031a8e.uploadCertificate()\n\tat io.mosip.kernel.keymanagerservice.controller.KeymanagerController.uploadCertificate(KeymanagerController.java:156)\n\tat io.mosip.kernel.keymanagerservice.controller.KeymanagerController$$FastClassBySpringCGLIB$$fa015a02.invoke()\n\tat org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)\n\tat org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:746)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)\n\tat org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:69)\n\tat org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:185)\n\tat org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)\n\tat io.mosip.kernel.keymanagerservice.controller.KeymanagerController$$EnhancerBySpringCGLIB$$9d0def1.uploadCertificate()\n\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)\n\tat java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)\n\tat java.base/java.lang.reflect.Method.invoke(Method.java:566)\n\tat org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:209)\n\tat org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:136)\n\tat org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)\n\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:877)\n\tat org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:783)\n\tat org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)\n\tat org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:991)\n\tat org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925)\n\tat org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974)\n\tat org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:877)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:660)\n\tat org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:851)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:741)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat ch.qos.logback.classic.helpers.MDCInsertingServletFilter.doFilter(MDCInsertingServletFilter.java:49)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:158)\n\tat org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.filterAndRecordMetrics(WebMvcMetricsFilter.java:126)\n\tat org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:111)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat io.mosip.kernel.websub.api.filter.IntentVerificationFilter.doFilterInternal(IntentVerificationFilter.java:89)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.boot.actuate.web.trace.servlet.HttpTraceFilter.doFilterInternal(HttpTraceFilter.java:84)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat io.mosip.kernel.websub.api.filter.MultipleReadRequestBodyFilter.doFilter(MultipleReadRequestBodyFilter.java:28)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)\n\tat org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)\n\tat org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat io.mosip.kernel.auth.defaultadapter.filter.AuthFilter.successfulAuthentication(AuthFilter.java:253)\n\tat org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:240)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)\n\tat org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)\n\tat org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)\n\tat org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)\n\tat org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.cloud.sleuth.instrument.web.ExceptionLoggingFilter.doFilter(ExceptionLoggingFilter.java:48)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat brave.servlet.TracingFilter.doFilter(TracingFilter.java:86)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)\n\tat org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)\n\tat io.mosip.kernel.core.logger.config.SleuthValve.invoke(SleuthValve.java:36)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)\n\tat org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:615)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1627)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.base/java.lang.Thread.run(Thread.java:829)\n”,“logger_name”:“io.mosip.authentication.common.service.exception.IdAuthExceptionHandler”,“thread_name”:“http-nio-8093-exec-2”,“level”:“ERROR”,“level_value”:40000,“appName”:“id-authentication,id-authentication-internal”,“traceId”:“d149b6f18c56970a”,“spanExportable”:“false”,“req.requestURI”:“/idauthentication/v1/internal/uploadCertificate”,“req.xForwardedFor”:“192.168.5.59,10.42.3.0”,“X-Span-Export”:“false”,“req.method”:“POST”,“req.userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36 Edg/141.0.0.0”,“spanId”:“d149b6f18c56970a”,“X-B3-SpanId”:“d149b6f18c56970a”,“X-B3-TraceId”:“d149b6f18c56970a”,“req.remoteHost”:“127.0.0.6”,“req.requestURL”:“
2025-10-31 14:07:18.695 ERROR [id-authentication,id-authentication-internal,d149b6f18c56970a,d149b6f18c56970a,false] 65 — [nio-8093-exec-2] i.m.a.c.s.e.IdAuthExceptionHandler : sessionId - Exception - io.mosip.kernel.keymanagerservice.exception.NoUniqueAliasException - io.mosip.kernel.keymanagerservice.exception.NoUniqueAliasException: KER-KMS-003 → No unique alias is found
Request : ServletWebRequest: uri=/idauthentication/v1/internal/uploadCertificate;client=127.0.0.6;user=service-account-mosip-ida-client
Status returned : 200
io.mosip.kernel.keymanagerservice.exception.NoUniqueAliasException: KER-KMS-003 → No unique alias is found
at io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl.getKeyAlias(KeymanagerServiceImpl.java:757)
at io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl.uploadCertificate(KeymanagerServiceImpl.java:806)

Mahesh-Binayak · November 3, 2025, 6:43am

Hi @Alexan_Hills
the second line in the DB screenshot seems to have a / added to it at the end.
if that is the case, it could be causing the error.
can u check if it is actually mpartner-default-auth or mpartner-default-auth/ ?

Alexan_Hills · November 3, 2025, 7:06am

Hello @Mahesh-Binayak,

The first one (mpartner-default-auth) is the one that was created on first deployment and expired; the second one (mpartner-default-auth/) is the one we created last week. That is exactly how they are in the DB.

Mahesh-Binayak · November 3, 2025, 7:55am

@Alexan_Hills , I think therein lies the problem.
lets remove the / and rerun the 4 apis, I shared above, That should clean up the issue altogether.

Alexan_Hills · November 3, 2025, 8:48am

@Mahesh-Binayak

I removed the / and reran the 4 APIs, but it still returns a record (mpartner-default-auth/) in the DB. Should I remove the earlier rows from the DB before rerunning the APIs so that it creates a unique alias or what?

Mahesh-Binayak · November 3, 2025, 10:27am

Exactly, lets remove the whole entry manually from DB and run the 4 APIS, this time, it would force generate a new one and that should be it.

@Alexan_Hills

Alexan_Hills · November 3, 2025, 12:36pm

I have successfully completed the process of generation and upload of certificates

@Mahesh-Binayak

Alexan_Hills · November 4, 2025, 11:28am

Hello @Mahesh-Binayak,

Restarted all the related services; however, I still get same error of Signature Verification Failure

Topic		Replies	Views
Credential event store & identity_cache empty enrolment	37	594	October 11, 2023
Authentication-demo-ui Digital signature verification failed for signature heade Developer security	1	659	February 21, 2023
Issue with IDA cert upload，version 1.2.0.1-B3 Developer	3	256	August 7, 2023
Auth Partner certificate not matching with signature header during esignet send otp Support esignet , partner_management	13	99	October 5, 2025
IDA-AUTHENTICATION authentication-demo-ui Developer keymanager , security , certification	1	517	January 27, 2023

IDA-MPA-001 Signature Verification Failure

Related topics