Tutorial on how to setup the environment for configuring mock-MDS?

is there any step by step tutorial on on how to setup the environment for configuring mock-MDS ?

I have been reading the MOSIP 1.2 docs but I am getting confused on the necessary steps needed to run Mock MDS.

First of all, what modules are needed to run / configured on the MOSIP cluster?
Partner onboarding, what else? how to configure it specially using Mock-MDS?

What modules or apps are needed to run in the machine used as regclient?
Regclient (of course) with enough documentation on how to setup but not on how to integrate with Mock-MDS
Mock-MDS - in one topic a link is provided to a zip file, is this the correct file to use since it was mentioned an error was found in it, is this already corrected?

and a mention of docs shared "@syed.salman has shared the docs and informed the necessary steps to setup the environment "
@syed.salman can you also shared this doc to us? thank you.
I also want to know how the master and keymanager DB should be initialized in order for the registration client to work with mock-MDS, so that it can scan biometric devices that can be used during registration.
Thank you, I hope someone could provide much needed assistance.

Mosip Mock-mds service is for the regclient. you should be able to unzip and run this using run.bat in the machine where regclient is installed.

@gsasikumar Thanks. But I already tried that and it did not work.

In my understanding I may have been missing doing some necessary steps like partner onboarding, master and keymanager DB initialization on the MOSIP cluster. But I don’t know how to do this, and I find the 1.2 docs lacking the specific steps in order for it to work.

I was hoping someone could teach me all the necessary steps in configuring the needed modules / services in the MOSIP cluster so that I could make Mock-MDS work with the regclient in registering biometric data of sample users without actually using biometric scanning devices.

This is in preparation for testing ID authentication, and then eventually developing applications leveraging the use of the platform.

Hello rcsampang,
To configure MDS Please follow the steps from below link.
https://mosip.atlassian.net/wiki/external/621215755/Y2ZiMGQ0YjZmOWIzNGRjNjlhMzU5MWE1YjY3YTgyYTE

Hello rcsampang,

Please follow the below steps to configure and run reg-client:

1. Login into Admin portal and add your machine > map your machine to a particular center.
2. Create a user with default role and map it to the same center as your machine.
3. Launch mock-mds with the run.bat file → this will launch mock-mds (which is configured).
4. Download the reg-client zip file and extract.
5. Launch run.bat file in the reg-client > and try to login into reg-client with your user credentials.

You should be able to login successfully with out any problem.

@chandra_sekhar @ckesiraju Thank you so much. I will try this and would write back the result.

All the best!

Hello @chandra_sekhar I tried following the instructions in the link that you shared. Unfortunately I can’t do the first step -

1. Create a Device Partner using the Partner Management Swagger
   Swagger Endpoint: https://{baseURL}/v1/partnermanager/swagger-ui.html#

I tried all possible URL of our domain to put in place of the baseURL but I am getting a 404 error.

I am running MOSIP v3 1.2.0.1 on a Kubernetes cluster. Do I need to install an independent module ?

Also anybody who knows how to do this in MOSIP 1.2.0.1 ?

I tried creating a partner using partner management portal. But I am not getting the self registration landing page for partners. The page is redirected to the login page. If I login as Partner Admin, there is no option to add a partner.

@ckesiraju I did all of these, and I am not having a problem logging in to regclient. The issue I am facing is that I can’t continue/finish the registration because no biometric devices are being detected.

Which mock-mds should I run? How/where do I download it? Are you referring to Mock-MDS in the mock-services repository?

Hello @rcsampang
We can self-register by selecting the ‘Register’ option from the Partner Management Portal login page.
If you do not get the ‘Register’ option, then please enable ‘User registration’ in keycloak. To reference please find enclosed screenshot.

image1893×890 70.6 KB

@chandra_sekhar Thank you. I was able to register (partially) after doing this.

But after registering as Device partner, I tried uploading Certificate. The certificate is the same certificate created from Let’s Certify. It is not accepted.

image1447×612 28.8 KB

Earlier I tried this with a self-signed certificate. I t wasn’t accepted. The error is
Failure !
KER-PCM-015 → Self Signed Certificate not allowed as partner.

Before that, I also used the CA_Cert_Utility. It did not work. The error says: only files with extensions as .cer or .pem

Once again, I am stuck and badly needs assistance.

Deeply appreciates understanding and support from the community.

hi @rcsampang

Please follow below steps from PMP UI
1.Register device partner ,
2. upload CA,SubCA.Partner certificate with .cer or .pem format only
3. CA ,SUB ca and Partner cert can be upload with partner admin login.
4.Create device under device details. please approve the same with partner admin login
5.Create SBI under device details. please approve the same with partner admin login
6.Map device and SBI, one to many and vice versa.

@Madhu_Gn Thank you for the step by step instructions.
I am done with step1, registered a device partner using PMP UI.
In step 2, I created the certificates using the CA_CERT_UTILITY. I converted the files RootCA, IntermediateCA, and Client from crt to cer. I followed these instructions I found - Converting CRT to PEM Format – TheITBros and How to Convert CRT to PEM Easily | AlfinTech Computer

But when I uploaded RootCA.cer I got this error
Failure !
KER-PCM-015 → Self Signed Certificate not allowed as partner.

image1256×430 25.2 KB

How do I fix this?

hi @rcsampang ,

1.RootCA, Intermediate CA cert can be upload when the user having partner_admin role, so please login with user credentials having partner admin role and click on upload CA certificate link as displayed in screenshot
you can upload RootCA, IntermediateCA cert with that.

image1898×728 40.9 KB

2.with the device partner login we can upload respective partner certificate.

Thank you @Madhu_Gn . I was able to upload RootCA, IntermediateCA cert while logged in as partner admin. I was able to upload Client cert as well but not straight away. I had to upload it first as partner admin and then upload it again as partner, before I can view the certificate without any error.

I was also able to create device and approved it with partner admin login. Same with creating SBI and then mapping the device to it.

What do you mean with - Map device and SBI, one to many and vice versa.
I think I mapped the device to SBI one to one, how do I do the “one to many and vice versa”? Map devices to all SBI and map SBI to all the devices?

Thank you for helping me out.

hi @rcsampang ,

Map device and SBI one to many means
create n number of device and approved it with partner admin login and create SBI and then map the device with the SBI.

In the same way
you can create many SBI device and map to device partner.
Regards,
Madhu

@anyone

After mapping the device and SBI, I tried doing the next step as stated here Confluence
which is to run the create-device-keystore.sh

I have tried but I couldn’t produce the expected files Device.p12 and signed-Device.crt

So I viewed the create-device-keystore.sh in a text editor
In the third line, it is referring to a file - mosip-signed-client.crt
echo “Note: mosip-signed-client.crt is the certificate issued by mosip after successful onboard of device provider”
I figured this must be the Certificate created for the client, so I viewed it using PMS portal, and then save it to a file named mosip-signed-client.crt and placed it to the CA_CERT_UTILITY folder.
I ran the script but as I said none of the expected files that are needed to be placed in mock MDS.zip are created.

So I ran the commands in the create-device-keystore-sh one at a time to see what is happening.

Here is the error produced:
C:\CA_CERT_UTILITY\CA_CERT_UTILITY>openssl x509 -req -extensions usr_cert -extfile ./openssl.cnf -days 30 -in Device.csr -CA mosip-signed.crt -CAkey Client.key -set_serial 05 -out signed-Device.crt
Certificate request self-signature ok
subject=C = PH, ST = Metro Manila, L = QC, O = FACE, OU = FACE, CN = FACE
Could not open file or uri for loading CA certificate from mosip-signed.crt
50450000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:crypto\store\store_register.c:237:scheme=file
50450000:error:80000002:system library:file_open:No such file or directory:providers\implementations\storemgmt\file_store.c:267:calling stat(mosip-signed.crt)
Unable to load CA certificate

Now, I realize that it is inevitable that I will encounter an error, since I wasn’t exactly doing it as it was describe in Confluence

I used the PMS portal instead of Swagger, in uploading the certificates created using CA_CERT_UTILITY. In doing so, with help and instructions provided, I managed to upload the certificate and map the device and SBI.

But, now I do not know how to run create-device-keystore.sh to produce the files needed. Can this be done through a web UI? How do I fix the error when running it using the CA_CERT_UTILITY? Where would I find the missing files stated in the error message? Is there another way of creating the needed files without running create-device-keystore.sh script in the the CA_CERT_UTILITY folder?

Hello ! After spending time fumbling about, I was able to access the Web API (Swagger) for Partner Management.

So I followed the instructions sent to me which was the same as stated here Confluence

Unfortunately, I have met errors right at the first step:

image1151×500 9.84 KB

After clicking Execute, here is the response:

image1131×446 9.42 KB

I would be very grateful for assistance in helping me get through this hurdle.

Thank you so much in advance.

@rcsampang

First step -
Authentication you should do with clientId and secretKey from authmanager swagger

client id for authentication is - “mosip-pms-client”

refer as below

image1445×682 19.3 KB

Next go for partner self-registration-it will work

Regards,
Madhu

@rcsampang

Request you to verify the steps given in the document(mockmds.pdf) attached in Confluence page to overcome the exception and steps to create device.p12 certificate file for mockmds.

Thank you @Nambi.

Is there a way for you to send the PDF, or copy paste the content here, access to it is restricted. I have created an account with Atlassian but I can’t access it.

image1920×1080 160 KB