Hi MOSIP Community,
I am testing the ID Authentication Demo UI (v1.2.0) with demographic and OTP authentication on a sandbox environment and consistently getting the following errors:
Error 1 – Demographic Auth (IDA-MLC-018):
json"errorCode": “IDA-MLC-018”
“errorMessage”: “Salt for the given ID not available in database”
“authStatus”: false
Error 2 – OTP Request (IDA-MLC-007 + IDA-MPA-005):
json"errorCode": “IDA-MLC-007”
“errorMessage”: “Request could not be processed. Please try again”
“errorCode”: “IDA-MPA-005”
“errorMessage”: “OTP Request Usage not allowed as per policy”
Error 3 – JSON Parse Exception (when entering Identity Data manually):
com.fasterxml.jackson.core.JsonParseException: Unexpected character (‘{’ (code 123)):
was expecting double-quote to start field name
at IdaController.onSendAuthRequest(IdaController.java:753)
Setup Details:
MOSIP version: 1.2.0.2
Auth types tested: Demographic, OTP
Individual ID Type: UIN
UIN status: ACTIVATED (verified via ID Repository API)
Environment: Sandbox
Thank you.
Best regards,
Gaprin
Hi Gaprin
Thank you for sharing the details. We will look into the issue and get back to you shortly.
Regards
Mrudula
on behalf of Team MOSIP
Hello @Gaprin_Rooth_J
Below are the reasons for the errors you are encountering:
Error 1:
The UIN/VID you are using is not available in the IDA database. IDA derives an index from the provided UIN/VID to retrieve the salt used for generating the ID hash. If the corresponding salt index is not present in the IDA database, IDA throws the “IDA-MLC-018” error. The salts are stored in the uin_hash_salt table. Please verify the UIN/VID being used.
Error 2:
The policy mapped to the authentication partner onboarded in IDA does not permit OTP authentication. Please review the policy configuration to confirm the allowed authentication factors for the partner.
Error 3:
The authentication request JSON is not being constructed correctly before encryption. You mentioned that you are entering Identity Data Manually, Are you inserting identity data directly into the IDA database? If so, this should be avoided. The Identity Data table stores information encrypted using ZK encryption techniques.
Please share the JSON used in the authentication request in plain (unencrypted) text for further review.
I hope this helps clarify the issues.
Thanks,
Mahammed Taheer
Hi Mahammed Taheer,
Thank you for the detailed response. Here are my updates:
Error 3 — Clarification:
This was my mistake. I was not inserting data directly into the IDA database. The double {{ was caused by the Demo UI’s Identity Data text box. Please ignore Error 3.
Error 1 — uin_hash_salt table is empty:
I checked the IDA database and the uin_hash_salt table is completely empty.
I have successfully registered residents using Registration Client and UINs have been generated and activated.
My questions:
- After a UIN is generated in Registration Client, what is the exact pipeline that populates the
uin_hash_salt table in IDA?
- How can I verify if this pipeline is working correctly on my sandbox?
Error 2 — OTP not allowed as per policy:
My policy mpolicy-auth-identy has status Active in PMS and includes OTP in the policy document:
json
{“authType”: “otp”, “mandatory”: false}
The partner mapping is Approved in PMS.
However, OTP requests are still returning IDA-MPA-005.
Thank you!
Best regards,
Gaprin
Hello @Gaprin_Rooth_J
Error 1:
After a UIN is successfully generated in the MOSIP platform, the data is pushed to the ID Repository (ID Repo). The ID Repo then shares the data with IDA based on the configured data-sharing policy.
Please verify the Credential Service database for any transaction failures.
Process flow:
-
ID Repo sends data to the Credential Service.
-
Credential Service fetches the IDA data-sharing policy from PMS (Policy Management Service).
-
Based on the approved policy, the data is encrypted using ZK encryption.
-
The ZK encrypted data is sent to the DataShare service.
-
DataShare returns a URL to the Credential Service.
-
Credential Service builds an event object and publishes it to WebSub.
-
WebSub forwards the message to IDA.
-
IDA internal service retrieves the data from DataShare using the URL provided in the event.
This is the complete flow of how data is delivered to the IDA service.
Error 2:
Once the authentication policy is approved in PMS, it is pushed to IDA through WebSub.
Please verify which policy has been got added to the IDA database.
Thanks,
Mahammed Taheer