MOSIP v3 (Docker) – CTK Quality Test fails with Mock SDK “Unable to connect”

Hi community,
I’m running MOSIP v3 using Docker and executing CTK tests.

Context

• Setup: MOSIP v3 deployed via Docker
• Test: CTK Quality test (Biometrics Quality Check / rCapture-related)
• Issue: CTK shows BiometricsQualityCheckValidator failed and reports:

image988×539 46.3 KB

Mock SDK <api-internal.sandbox.test.mosip.net> Env: Unable to connect

• Note: When I open the same URL in a browser, it loads successfully and shows “Service is running…”.

image722×241 8.74 KB

(The browser may show a TLS warning / “Not secure”.)

Questions

1. For CTK Quality tests calling the Mock SDK, is there any additional configuration required (endpoint config, network/proxy, Java truststore/CA certificates, etc.)?
2. If the URL works in a browser but CTK reports “Unable to connect”, what are the most common root causes to check first (TLS trust chain/CA, missing intermediate cert, container DNS/egress, proxy/firewall)?
3. In MOSIP v3 Docker setup, where is the exact configuration point for the Quality/Mock SDK endpoint (env vars/config files/helm values), and is there an official guide for this?

Any guidance or references would be appreciated. Thanks!

rancher의 로그도 같이 첨부드립니다

{“@timestamp”:“2026-02-02T02:12:34.691Z”,“level”:“ACCESS”,“level_value”:70000,“traceId”:“-”,“statusCode”:200,“req.requestURI”:“/v1/toolkit/actuator/health”,“bytesSent”:487,“timeTaken”:0.025,“appName”:“compliance-toolkit-service”,“req.userAgent”:“kube-probe/1.22”,“req.xForwardedFor”:“-”,“req.referer”:“-”,“req.method”:“GET”,“req.remoteHost”:“10.0.2.13”}
{“@timestamp”:“2026-02-02T02:12:34.692Z”,“level”:“ACCESS”,“level_value”:70000,“traceId”:“-”,“statusCode”:200,“req.requestURI”:“/v1/toolkit/actuator/health”,“bytesSent”:487,“timeTaken”:0.026,“appName”:“compliance-toolkit-service”,“req.userAgent”:“kube-probe/1.22”,“req.xForwardedFor”:“-”,“req.referer”:“-”,“req.method”:“GET”,“req.remoteHost”:“10.0.2.13”}
2026-02-02 02:12:35,283 [http-nio-8099-exec-2] INFO [i.m.k.a.d.h.ValidateTokenHelper].getPublicKey.222 : offline verification for environment profile. UserName: megatech
2026-02-02 02:12:35,286 [http-nio-8099-exec-2] INFO [i.m.k.a.d.h.ValidateTokenHelper].buildMosipUser.299 : user (offline verification done): megatech
2026-02-02 02:12:35,414 [http-nio-8099-exec-2] WARN [c.n.s.JsonMetaSchema].newValidator.338 : Unknown keyword string - you should define your own Meta Schema. If the keyword is irrelevant for validation, just use a NonValidationKeyword
2026-02-02 02:12:35,418 [http-nio-8099-exec-2] INFO [i.m.k.l.l.i.Slf4jLoggerImpl].info.32 : sessionId - idType - id - JSON is as expected. All mandatory values are available and they all have valid expected values.
2026-02-02 02:12:35,802 [http-nio-8099-exec-2] INFO [i.m.k.l.l.i.Slf4jLoggerImpl].info.32 : sessionId - idType - id - Fetching and returning orgname from PartnerManagerHelper.
2026-02-02 02:12:35,924 [http-nio-8099-exec-2] INFO [i.m.k.l.l.i.Slf4jLoggerImpl].info.32 : sessionId - idType - id - Fetching and returning orgname from PartnerManagerHelper.
{“@timestamp”:“2026-02-02T02:12:36.145Z”,“level”:“ACCESS”,“level_value”:70000,“traceId”:“2446ef419bfe3566cf7984d86f50ad8e”,“statusCode”:200,“req.requestURI”:“/v1/toolkit/validateResponse”,“bytesSent”:1657,“timeTaken”:0.866,“appName”:“compliance-toolkit-service”,“req.userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36”,“req.xForwardedFor”:“172.17.0.2,10.0.2.14”,“req.referer”:“https://compliance.sandbox.test.mosip.net/",“req.method”:“POST”,“req.remoteHost”:"10.42.1.174”}
2026-02-02 02:12:36,195 [http-nio-8099-exec-3] INFO [i.m.k.a.d.h.ValidateTokenHelper].getPublicKey.222 : offline verification for environment profile. UserName: megatech
2026-02-02 02:12:36,197 [http-nio-8099-exec-3] INFO [i.m.k.a.d.h.ValidateTokenHelper].buildMosipUser.299 : user (offline verification done): megatech
2026-02-02 02:12:36,257 [http-nio-8099-exec-3] INFO [i.m.k.l.l.i.Slf4jLoggerImpl].info.32 : sessionId - idType - id - Fetching and returning orgname from PartnerManagerHelper.
2026-02-02 02:12:36,475 [http-nio-8099-exec-3] ERROR [i.m.k.l.l.i.Slf4jLoggerImpl].error.27 : sessionId - idType - id - In encryptRcaptureData method of TestRunService - 403 Forbidden
2026-02-02 02:12:36,479 [http-nio-8099-exec-3] ERROR [i.m.k.l.l.i.Slf4jLoggerImpl].error.27 : sessionId - idType - id - In performRcaptureEncryption method of TestRunService - Encryption of rcapture data failed403 Forbidden
{“@timestamp”:“2026-02-02T02:12:36.657Z”,“level”:“ACCESS”,“level_value”:70000,“traceId”:“23fd6793654743b06faa12dc2d363e3b”,“statusCode”:200,“req.requestURI”:“/v1/toolkit/addTestRunDetails”,“bytesSent”:1267465,“timeTaken”:0.467,“appName”:“compliance-toolkit-service”,“req.userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36”,“req.xForwardedFor”:“172.17.0.2,10.0.2.14”,“req.referer”:“https://compliance.sandbox.test.mosip.net/",“req.method”:“POST”,“req.remoteHost”:"10.42.1.174”}
2026-02-02 02:12:36,686 [http-nio-8099-exec-8] INFO [i.m.k.a.d.h.ValidateTokenHelper].getPublicKey.222 : offline verification for environment profile. UserName: megatech
2026-02-02 02:12:36,688 [http-nio-8099-exec-8] INFO [i.m.k.a.d.h.ValidateTokenHelper].buildMosipUser.299 : user (offline verification done): megatech
{“@timestamp”:“2026-02-02T02:12:36.712Z”,“level”:“ACCESS”,“level_value”:70000,“traceId”:“40b8cd8a92002d22e76a099181dc2717”,“statusCode”:200,“req.requestURI”:“/v1/toolkit/updateTestRun”,“bytesSent”:406,“timeTaken”:0.031,“appName”:“compliance-toolkit-service”,“req.userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36”,“req.xForwardedFor”:“172.17.0.2,10.0.2.14”,“req.referer”:“https://compliance.sandbox.test.mosip.net/",“req.method”:“PUT”,“req.remoteHost”:"10.42.1.174”}
2026-02-02 02:12:38,664 [http-nio-8099-exec-9] INFO [i.m.k.a.d.f.CorsFilter].doFilterInternal.44 : origin null
2026-02-02 02:12:38,664 [http-nio-8099-exec-9] INFO [i.m.k.a.d.f.CorsFilter].doFilterInternal.45 : requesturl http://10.42.0.8:8099/v1/toolkit/actuator/prometheus
{“@timestamp”:“2026-02-02T02:12:38.679Z”,“level”:“ACCESS”,“level_value”:70000,“traceId”:“-”,“statusCode”:200,“req.requestURI”:“/v1/toolkit/actuator/prometheus”,“bytesSent”:20565,“timeTaken”:0.016,“appName”:“compliance-toolkit-service”,“req.userAgent”:“Prometheus/2.38.0”,“req.xForwardedFor”:“-”,“req.referer”:“-”,“req.method”:“GET”,“req.remoteHost”:“10.42.1.204”}

Hi @taeseok ,

Thank you for reaching out to us.

Our team is reviewing your query, and one of our team members will get back to you shortly.

Regards,
Varaniya S
On behalf of Team MOSIP

@Varaniya1
Could you please let me know if anything has been confirmed?

Hi @taeseok

You cannot use Mock SDK to do Biometric Quality Check.

Mock SDK is to be used only to demo the CTK features.

To perform Biometric Quality Check in Synergy Env where CTK is hosted, we use BQAT service.

Are you hosting CTK on your own?

If yes, you will have to host a separate SDK for performing Quality Test.

Refer to below sample configurations to setup

#SBI BiometricsQualityCheckValidator

mosip.toolkit.sbi.qualitycheck.finger.sdk.urls=[{“name”: “BQAT SDK”,“url”: “https://{base_url}/bqatsdk-service","healthUrl”: “https://{base_url}/bqatsdk-service/actuator/health”, “includeInResults”:false}]
mosip.toolkit.sbi.qualitycheck.face.sdk.urls=[{“name”: “BQAT SDK”,“url”: “https://{base_url}/bqatsdk-service","healthUrl”: “https://{base_url}/bqatsdk-service/actuator/health”, “includeInResults”:false}]
mosip.toolkit.sbi.qualitycheck.iris.sdk.urls=[{“name”: “BQAT SDK”,“url”: “https://{base_url}/bqatsdk-service","healthUrl”: “https://{base_url}/bqatsdk-service/actuator/health”, “includeInResults”:false}]