After self-registering device partner and logging in, clicking Home doesn’t show the dashboard, thus unable to upload certificate
Also, can not create device nor SBI since the Partner Name doesn’t show when clicking the drop down menu. The rest of the form works except for Partner Name
The same issue in Creating SBI
Any ideas on how this can be fixed?
Can u share the version of the partner management portal being used?
Without uploading the certificate creation of SBI will not work.
I am suspecting the partner is not created properly,
Thanks,
Rounak
Hello @nayakrounak
Here is the screenshot of the PMP pods in Rancher
I created a new device partner NewDP by clicking on Register at the login page of the PMP and filled up the form with required information. The roles of the partner in keycloak are:
default-roles-mosip
DEVICE_PROVIDER
The issues remain, logging in with the new device partner and clicking Home doesn’t show the dashboard where you can upload the certificate.
Any steps I am missing?
When I login to the partner management portal with a user having the role PARTNER_ADMIN, the newly created device partner NewDP is not in the list of Partners.
In my previous install 1.2.0.1, I did not have any problems creating a partner, device and SBI.
The device partner is still not added/reflected in the PMP-UI even though I can self-register, login the newly self-registered partner, and upload the certificates created using CA_CERT_UTILITY in the PMP UI using the Partner_admin user.
I believe this is connected to my previous post Issue in Partner Management Portal v1.2.0.1-B2 - FIXED - #4 by rcsampang
I edited my install.sh and made sure it is exactly the same as the one in github v1.2.0.1-B2 https://raw.githubusercontent.com/mosip/mosip-infra/v1.2.0.1-B2/deployment/v3/mosip/pms/install.sh
I encountered the same errors I explained in my previous post.
What is causing the error? Is it because of my Helm version v3.11.2?
I think in this case the --set flag did not override the supplied value, thus when I used values.yaml instead, it was able to provide the correct pmp host and api-internal host for my domain.
Is there an update to the install.sh script? or to the Helm Chart?
Anyone who have encountered this? Have any idea how to fix this
In my latest attempt, I edited the installation script and added https:// to line 29 and line 32 of mosip-infra/install.sh at master · mosip/mosip-infra · GitHub
helm -n $NS install pms-partner mosip/pms-partner --set istio.corsPolicy.allowOrigins[0].prefix=https://$PMP_HOST --version $CHART_VERSION
helm -n $NS install pms-policy mosip/pms-policy --set istio.corsPolicy.allowOrigins[0].prefix=https://$PMP_HOST --version $CHART_VERSION
In doing so, partner management portal works and I did not encounter the errors in my earlier post.
However, the issue of the device partner still not added/reflected in the PMP-UI even though I can self-register, login the newly self-registered partner, and upload the certificates created using CA_CERT_UTILITY in the PMP UI using the Partner_admin user.
What else do I have to do to make this work? This is issue is stopping me from running regclient with Mock-MDS because I could not finish creating the device partner.
Also, the pms module install.sh needs to be reviewed/edited - the last line (41) echo “Admin portal URL: https://$PMP_HOST/pmp-ui/”
I think Admin should be changed to PMP and the URL: https://$PMP_HOST/pmp-ui/" leads to 404, /pmp-ui/ should be edited out.
Here are excerpts of the log files with errors in the line:
pms-policy
…
10:35:46,747 |-ERROR in ch.qos.logback.core.joran.spi.Interpreter@2:86 - no applicable action for [springProperty], current ElementPath is [[configuration][springProperty]]
…
{“@timestamp”:“2023-04-13T10:36:45.647Z”,“@version”:“1”,“message”:“Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest)”,“logger_name”:“org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“partner-management”}
{“@timestamp”:“2023-04-13T10:36:45.647Z”,“@version”:“1”,“message”:“Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)”,“logger_name”:“org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“partner-management”}
…
pms-partner
…
10:35:43,212 |-ERROR in ch.qos.logback.core.joran.spi.Interpreter@2:86 - no applicable action for [springProperty], current ElementPath is [[configuration][springProperty]]
…
{“@timestamp”:“2023-04-13T10:36:29.695Z”,“@version”:“1”,“message”:“Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.error(javax.servlet.http.HttpServletRequest)”,“logger_name”:“org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“partner-management”}
{“@timestamp”:“2023-04-13T10:36:29.695Z”,“@version”:“1”,“message”:“Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)”,“logger_name”:“org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“partner-management”}
…
pmp-ui doesn’t show any error in the log file
I saw that this is a reported issue in MOSIP JIRA.
And it says there is a workaround. Can someone teach me the steps to implement the workaround?
Hi @rcsampang,
For the same partner can you please do partner self registering from swagger. Then reverify by login into PMP UI.
https://api-internal.<your_env>.mosip.net/v1/partnermanager/swagger-ui/index.html?configUrl=/v1/partnermanager/v3/api-docs/swagger-config#/partner-service-controller/partnerSelfRegistration
Thanks
Hello @chandra_sekhar !
I tried it but encountered 401 error. Unauthorized
{
“id”: “string”,
“version”: “string”,
“requesttime”: “2023-04-18T03:19:23.785Z”,
“metadata”: {},
“request”: {
“partnerId”: “newDP”,
“policyGroup”: “”,
“organizationName”: “newDP”,
“address”: “AECH building”,
“contactNumber”: “999999999”,
“emailId”: “newdp@devpartner.com”,
“partnerType”: “DEVICE_PROVIDER”,
“langCode”: “eng”
}
}
clicked Execute. Here is the response,
What should be the entry value for the policyGroup ? Is it the lack of entry for it causing the error?
Thanks!
Hi @rcsampang,
Before hitting partner manager swagger, please perform authenticate using clientId and SecretKey with below swagger link.
https://api-internal.<your_env>mosip.net/v1/authmanager/swagger-ui/index.html?configUrl=/v1/authmanager/v3/api-docs/swagger-config#/authmanager/clientIdSecretKey
Request body
{
“id”: “string”,
“version”: “string”,
“requesttime”: “2023-04-10T11:03:02.161Z”,
“metadata”: {},
“request”: {
“clientId”: “mosip-pms-client”,
“secretKey”: “xxxxxxxxxx”,
“appId”: “partner”
}
}
Note: Please replace the secretKey from your environment.
@chandra_sekhar Thank you for this.
Please pardon my ignorance, how do I get / where do I find the mosip-pms-client secretKey?
Dear @rcsampang,
We kindly request that you retrieve the secret key for Mosip-pms-client from the ‘keycloak-client-secrets’ stored in the Keycloak namespace. Please ensure that the key is decoded using the base64 algorithm.
@syed.salman Thank you.
But can you tell me the right command, I couldn’t figure it out. I tried several combinations but nothing worked.
This is what I thought it should be, but I did not get the desired result
$ echo Password: $(kubectl get secret --namespace keycloak keycloak-client-secrets -o jsonpath=“{.data.mosip-pms-client}” | base64 --decode)
Can anyone tell me the right / exact command to get the mosip-pms-client secretKey ?
Hi @rcsampang, The PMS client secret key is ‘mosip_pms_client_secret’. To retrieve it, please run the following command:
echo "PMS Client Password : $( kubectl -n keycloak get secrets keycloak-client-secrets -o jsonpath={.data.mosip_pms_client_secret} | base64 -d )"
@syed.salman @chandra_sekhar Thank you very much.
I was able to authenticate using clientId and SecretKey and partner self-registering using Swagger.
I also was able to upload certificate through the PMP portal. I was automatically logged in with the user service-account-mosip-pms-client
Now I have another problem, I can’t logged out. I can click the logout button but I am returned to the same page shown below. I tried it several times and even closed the window, refreshed the browser, but still can’t log out.
I also closed the Swagger windows but I still can’t log out, therefore can’t log in with the newly created user (device partner)
What do I do now?
@rcsampang I think some role is missing for the actual partner account and that’s resulting in this problem. @syed.salman suggested trying swagger to check if the application is configured correctly.
Looks like some role is missing for the actual user. You should clear your cookies and try with the actual user like before. Also, provide the Keycloak user account and roles that are mapped.
@gsasikumar Hello!
Clearing the browser cache logged me out. I can now login and logout with the user credential of the newly created device partner - newdp and also log in and logout using the user credential with a Partner_Admin role.
Note that the user service-account-mosip-pms-client is not in keycloak, I can’t find it in the list of users. But I have previously created a user with Partner_Admin role.
So I was able to upload and view client certificate, also create device and SBI. The device_partner is now showing in the drop down menu when creating device.
But clicking Home still doesn’t show dashboard where I can upload and view certificate when logged in as the newly created device partner - newdp.
I set this issue aside for now, since I already have uploaded the certificate and was able to view and save it as mosip-signed.crt for Mock-MDS, I proceeded with testing the regclient while running Mock-MDS.
I was successful in launching regclient and Mock-MDS with 3 devices discovered at port 4501 - 4600.
So I continued with updating the operator biometrics. No issue until the last step.
I can’t save the biometrics of the operator. A notification window pops up.
Clicking ok returns to previous window, biometrics still not saved.
@rcsampang Thanks for the long and clear post.
The service-account-mosip-pms-client is a virtual user account on demand created when you use a client id and secret to login. This is how Keycloak lets the client id and secret be used as a user.
On the dashboard we will come back to you. I will ask one of our team to validate the role and get back.
@rcsampang this is a known issue with 1201-b3, it was occuring because of docker image from mosipqa dockerhub repository was not proper. Anyhow, the released image i.e. mosipid/mosip-keycloak:16.1.1-debian-10-r85 was proper and there were no issues with this. we have updated mosipqa/mosip-keycloak:16.1.1-debian-10-r85 with proper image.
quick resolution: Restart keycloak statefullset pod and try again.
Thank you.
@rcsampang this is a known issue with 1201-b3, it was occuring because of docker image from mosipqa dockerhub repository was not proper. Anyhow, the released image i.e. mosipid/mosip-keycloak:16.1.1-debian-10-r85 was proper and there were no issues with this. we have updated mosipqa/mosip-keycloak:16.1.1-debian-10-r85 with proper image.
quick resolution : Restart keycloak statefullset pod and try again.
Thank you
Damodar
