What Postman collection to import to test MOSIP authentication ? Where to get the collection?

Dear @rcsampang which user id used for authentication ? you should have PARTNER_ADMIN role to perform this operation

Hello @thamarai_kannan

Yes the user id used for authentication has the role PARTNER_ADMIN but the error persists.

So I used a user with GLOBAL_ADMIN and the error was gone. (I know it is overkill but I did not know what specific roles the user should have)

But there are still 15 errors and the following is the first at UPLOADING SIGNED PARTNER CERT

POST https://api-internal.mymosip.edu.ph/v1/partnermanager/partners/certificate/upload: {
“Network”: {
“addresses”: {
“local”: {
“address”: “10.207.102.5”,
“family”: “IPv4”,
“port”: 61752
},
“remote”: {
“address”: “10.206.100.170”,
“family”: “IPv4”,
“port”: 443
}
},
“tls”: {
“reused”: false,
“authorized”: true,
“authorizationError”: null,
“cipher”: {
“name”: “ECDHE-RSA-AES128-GCM-SHA256”,
“standardName”: “TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256”,
“version”: “TLSv1/SSLv3”
},
“protocol”: “TLSv1.2”,
“ephemeralKeyInfo”: {},
“peerCertificate”: {
“subject”: {
“commonName”: “mymosip.edu.ph”,
“alternativeNames”: “DNS:.mymosip.edu.ph, DNS:mymosip.edu.ph"
},
“issuer”: {
“country”: “US”,
“organization”: “Let’s Encrypt”,
“commonName”: “R3”
},
“validFrom”: “Oct 26 06:25:29 2023 GMT”,
“validTo”: “Jan 24 06:25:28 2024 GMT”,
“fingerprint”: “3F:8E:A3:53:CA:90:27:9A:42:1D:7E:03:EA:5C:A2:2C:3B:6C:59:F0”,
“serialNumber”: “0439a0e83b7be954a2f67f81b35bdd246ec1”
}
}
},
“Request Headers”: {
“content-type”: “application/json”,
“user-agent”: “PostmanRuntime/7.34.0”,
“accept”: "
/*”,
“cache-control”: “no-cache”,
“postman-token”: “ca2d229d-b7dd-47a9-8186-162632367d86”,
“host”: “api-internal.mymosip.edu.ph”,
“accept-encoding”: “gzip, deflate, br”,
“connection”: “keep-alive”,
“content-length”: “1537”,
“cookie”: “Authorization=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqc05CR01jeUh2cWJEeExnMjluRV9pMWZRc2plUlFlalpaYlJKd3FfdHE4In0.eyJleHAiOjE2OTk0NDA0ODQsImlhdCI6MTY5OTQwNDQ4NCwianRpIjoiMjVhNmViOTQtZjcxZC00OTMyLTk1MjItOTc2NmY0OGM2Y2Q4IiwiaXNzIjoiaHR0cHM6Ly9pYW0uZGNzbW9zaXAuc2NpZW5jZS51cGQuZWR1LnBoL2F1dGgvcmVhbG1zL21vc2lwIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjM2YWQyMzEwLTA5NjUtNDNlYi05NzE0LTkxOTRmNzMxZDk2NCIsInR5cCI6IkJlYXJlciIsImF6cCI6Im1vc2lwLWFkbWluLWNsaWVudCIsInNlc3Npb25fc3RhdGUiOiJiYmQ3YjRjOS05ODUwLTQ4YmItYTU2NC05YTliODEyODFhYzUiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlJFR0lTVFJBVElPTl9BRE1JTiIsIlpPTkFMX0FETUlOIiwiUE1TX0FETUlOIiwib2ZmbGluZV9hY2Nlc3MiLCJQQVJUTkVSX0FETUlOIiwiUE9MSUNZTUFOQUdFUiIsInVtYV9hdXRob3JpemF0aW9uIiwiZGVmYXVsdC1yb2xlcy1tb3NpcCIsIkdMT0JBTF9BRE1JTiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsInNpZCI6ImJiZDdiNGM5LTk4NTAtNDhiYi1hNTY0LTlhOWI4MTI4MWFjNSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiZ2xvYmFsYWRtaW4ifQ.Ge1c0EVaHI8c3tihGwX-F_o8GtAJSCwIzaLVJVofKgx8tGJvV7P6WXpW7xkks6EesQHl8_Xc7RalNKc2sH0ZwXY6njwwf-t3lo3DdOJNx12Fct40nj01YKZWFp5219WeLpqyShrGG3EFeUlyd0OXGAysy9MBJ97T_knQwUh7ntR2I0i_bu6TM-AOZCiym0FhhgocPJUPLp-XSXm9c-53rkVGLH5dfLoHhGwS3P1baCY-vJiWXqDelPlI3uCoO2YEf4y-xCqnJ_TAdRsH_kIjfAXCmlJIxr8Lx7pHoW8S76B01kTxmGpfQXiCOMDu1zK8Vx3dSgviR677BI0WXZl7tg”
},
“Request Body”: “{\r\n "id": "string",\r\n "metadata": {},\r\n "request": {\r\n "certificateData":"-----BEGIN CERTIFICATE-----\r\nMIIDdDCCAlygAwIBAgIIMoGbJus8F6YwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE\r\nBhMCSU4xCzAJBgNVBAgMAktBMQwwCgYDVQQKDAM1NzYxGjAYBgNVBAsMEUlEQS1U\r\nRVNULU9SRy1VTklUMREwDwYDVQQDDAhJTlRFUi1ycDAeFw0yMzExMDYwNDI1NDFa\r\nFw0yODExMDYwNDI1NDFaMFkxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJLQTEMMAoG\r\nA1UECgwDNTc2MRowGAYDVQQLDBFJREEtVEVTVC1PUkctVU5JVDETMBEGA1UEAwwK\r\nUEFSVE5FUi1ycDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrRTqYA\r\nAEpmYws4AzaFUQaoivLPhwgqKosl3OX/1eHLfsMVQgdGPyQntnklN5bcCO2zvpm+\r\n3XkpWjOOlngdwdaJY2NXFUh2DEgWRRzCPyB1bTmaWe5IYWXjiTaoPkZozbI6HEqY\r\nNOyBjQ+8kvXtkMJ9bFYpryIozLOzHONmTW3IAwo8E8DuPSyoCAiNCbyuJlm8MmzZ\r\neT4cbODDS6rzcfyWFUE8cNn0Xe4GtwFlNSveJDX0ABRhhIJ51nYY90ydWu2ZtLKr\r\nzTwkxh0huNbxkXJq/fwJdgL5dxQ4AZ9sNluU2vnC8MTNU9ef/u+9EHDk+sL+B2Qv\r\ntG7s+N6SE78SSlUCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\r\nnvmqN9MydihAdfNO/8vyqM1dJiQwDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEB\r\nCwUAA4IBAQBAOYMVIm4SkWyoAku2LdZJ430irY4YE4Jsqjvn2R1a8C/VaVKIS8DS\r\nv2VWnx7aWbaAZ+vmAkw5XyM2vdSU3e27/2sb75y2nsn10x3qUjI2Leibtf+NN+le\r\nlzq/0bw1oRM/dbdLVcheYoXAZD91Pxg8YXeSHzbByEL1ViDVzzGRXtxwDWmXCqtR\r\nyzBihSCNWMxkYzy1oHklGAcqNUElV7hV7aDfOAmsLi7IaFKXqphagLw4WRQ61rHn\r\nOz/9wo3nozSGXTUQGdEQz5yGVPk2pOVebdopLEKIrDhqtaeogoxyS0SVCWlgxwo4\r\nXGV1tvlaozvvLC1CMIuZLjVGIBGIPS5y\r\n-----END CERTIFICATE-----\r\n",\r\n "partnerDomain": "AUTH",\r\n "partnerId": "458"\r\n \r\n },\r\n "requesttime": "2023-11-08T00:48:06.605Z",\r\n "version": "string"\r\n}”,
“Response Headers”: {
“server”: “nginx/1.18.0 (Ubuntu)”,
“date”: “Wed, 08 Nov 2023 00:48:06 GMT”,
“content-type”: “application/json;charset=UTF-8”,
“content-length”: “145”,
“connection”: “keep-alive”,
“x-content-type-options”: “nosniff”,
“x-xss-protection”: “1; mode=block”,
“cache-control”: “no-cache, no-store, max-age=0, must-revalidate”,
“pragma”: “no-cache”,
“expires”: “0”,
“x-frame-options”: “SAMEORIGIN”,
“x-envoy-upstream-service-time”: “110”
},
“Response Body”: “{"id":null,"version":null,"responsetime":"2023-11-08T00:48:06.901Z","metadata":null,"response":null,"errors":[{"errorCode":null,"message":null}]}”
}
TypeError: Cannot read properties of null (reading ‘signedCertificateData’)

I am also seeing these errors

POST https://api-internal.mymosip.edu.ph/v1/partnermanager/partners/458/policy/map

“Response Body”: “{"id":"mosip.partnermanagement","version":"1.0","responsetime":"2023-11-08T00:48:08.140Z","metadata":null,"response":null,"errors":[{"errorCode":"PMS_PMP_016","message":"Partner is not active."}]}”
}

POST https://api-internal.mymosip.upd.edu.ph/v1/partnermanager/partners/458/policy/map: {

“Request Body”: “{\r\n "id": "string",\r\n "metadata": {},\r\n "request": {\r\n "policyName": "policy 206",\r\n "useCaseDescription": "string"\r\n },\r\n "requesttime": "2023-11-08T00:48:08.085Z",\r\n "version": "string"\r\n}”,
“Response Headers”: {
“server”: “nginx/1.18.0 (Ubuntu)”,
“date”: “Wed, 08 Nov 2023 00:48:08 GMT”,
“content-type”: “application/json;charset=UTF-8”,
“content-length”: “196”,
“connection”: “keep-alive”,
“x-content-type-options”: “nosniff”,
“x-xss-protection”: “1; mode=block”,
“cache-control”: “no-cache, no-store, max-age=0, must-revalidate”,
“pragma”: “no-cache”,
“expires”: “0”,
“x-frame-options”: “SAMEORIGIN”,
“x-envoy-upstream-service-time”: “49”
},
“Response Body”: “{"id":"mosip.partnermanagement","version":"1.0","responsetime":"2023-11-08T00:48:08.140Z","metadata":null,"response":null,"errors":[{"errorCode":"PMS_PMP_016","message":"Partner is not active."}]}”
}

PUT https://api-internal.mymosip.edu.ph/v1/partnermanager/partners/policy/{{MappingKey}}: {

“Request Body”: “{\r\n "id": "string",\r\n "metadata": {},\r\n "request": {\r\n "status": "Approved"\r\n },\r\n "requesttime": "2023-11-08T00:48:08.207Z",\r\n "version": "string"\r\n}”,
“Response Headers”: {
“server”: “nginx/1.18.0 (Ubuntu)”,
“date”: “Wed, 08 Nov 2023 00:48:08 GMT”,
“content-type”: “application/json;charset=UTF-8”,
“content-length”: “204”,
“connection”: “keep-alive”,
“x-content-type-options”: “nosniff”,
“x-xss-protection”: “1; mode=block”,
“cache-control”: “no-cache, no-store, max-age=0, must-revalidate”,
“pragma”: “no-cache”,
“expires”: “0”,
“x-frame-options”: “SAMEORIGIN”,
“x-envoy-upstream-service-time”: “102”
},
“Response Body”: “{"id":"mosip.partnermanagement","version":"1.0","responsetime":"2023-11-08T00:48:08.325Z","metadata":null,"response":null,"errors":[{"errorCode":"PMS_PMP_007","message":"Partner api key does not exist"}]}”
}

POST https://api-internal.mymosip.edu.ph/v1/authmanager/authenticate/useridPwd: {

“Request Body”: “{\r\n "id": "string",\r\n "metadata": {},\r\n "request": {\r\n "appId": "partner",\r\n "password": "mosip123",\r\n "userName": 458\r\n },\r\n "requesttime": "2023-11-08T00:48:08.207Z",\r\n "version": "string"\r\n}”,
“Response Headers”: {
“server”: “nginx/1.18.0 (Ubuntu)”,
“date”: “Wed, 08 Nov 2023 00:48:08 GMT”,
“content-type”: “application/json;charset=UTF-8”,
“content-length”: “179”,
“connection”: “keep-alive”,
“access-control-allow-methods”: “POST, GET, OPTIONS, DELETE, PUT, PATCH”,
“access-control-allow-headers”: “Date, Content-Type, Accept, X-Requested-With, Authorization, From, X-Auth-Token, Request-Id”,
“access-control-expose-headers”: “Set-Cookie”,
“access-control-allow-credentials”: “true”,
“x-content-type-options”: “nosniff”,
“x-xss-protection”: “1; mode=block”,
“cache-control”: “no-cache, no-store, max-age=0, must-revalidate”,
“pragma”: “no-cache”,
“expires”: “0”,
“x-frame-options”: “SAMEORIGIN”,
“x-envoy-upstream-service-time”: “10”
},
“Response Body”: “{"id":"string","version":"string","responsetime":"2023-11-08T00:48:08.427Z","metadata":null,"response":null,"errors":[{"errorCode":"KER-ATH-023","message":"Invalid Credentials"}]}”
}
‘policy 206’

Dear @rcsampang As per the logs shred

Api 1 : POST https://api-internal.mymosip.edu.ph/v1/partnermanager/partners/certificate/upload

Api 2 : POST https://api-internal.mymosip.edu.ph/v1/partnermanager/partners/458/policy/map

Api 3 : PUT https://api-internal.mymosip.edu.ph/v1/partnermanager/partners/policy/{{MappingKey}}

Api 4 : POST https://api-internal.mymosip.edu.ph/v1/authmanager/authenticate/useridPwd

First API got Error due to that mosip-signed certificate not generated, because this api failure “API 2”, “API 3” got failed. Please check logs in partner-manager-service pod logs in PMS Namespace

For API 4 : The entered password may be wrong for the partner, request you to check the password in keycloak and change in the request and execute

@thamarai_kannan Hello.

No errors on pods in pms namespace

pms pmp-ui-69456b94d8-x792q 2/2 Running 0 27d
pms pms-partner-6f545968cb-b89bh 2/2 Running 1 (27d ago) 27d
pms pms-policy-56b686cb75-tjxj4 2/2 Running 4 (29d ago) 29d

For API4 - but wasn’t the partner created through postman, I assumed it provided the correct password when it was created?

Also the partners created in Postman does not reflect in Keycloak when viewing al users.

Dear @rcsampang , please check both pms-partner & keymanager log. System clearly saying while upload partner certificate, system facing issue.

Also postman collection will not create partner in keycloak automatically. you have to create manually after executing self partner creation api

@thamarai_kannan Thank you.

I have checked using kubectl describe and describe logs but there is no obvious error.

keymanager keymanager-5d897f8659-7kwxq 2/2 Running 2 (32d ago) 32d

pms pmp-ui-69456b94d8-x792q 2/2 Running 0 32d
pms pms-partner-6f545968cb-b89bh 2/2 Running 1 (32d ago) 32d
pms pms-policy-56b686cb75-tjxj4 2/2 Running 4 (34d ago) 34d

kubectl logs keymanager-5d897f8659-7kwxq -n keymanager

{“@timestamp”:“2023-11-15T05:54:14.236Z”,“level”:“ACCESS”,“level_value”:70000,“traceId”:“a02d457eba17dbb8609946e1169add7a”,“statusCode”:200,“req.requestURI”:“/v1/keymanager/actuator/prometheus”,“bytesSent”:17038,“timeTaken”:0.003,“appName”:“kernel-keymanager-service”,“req.userAgent”:“Prometheus/2.38.0”,“req.xForwardedFor”:“-”,“req.referer”:“-”,“req.method”:“GET”,“req.remoteHost”:“127.0.0.6”}

kubectl logs pmp-ui-69456b94d8-x792q -n pms
127.0.0.6 - - [15/Nov/2023:05:57:12 +0000] “GET / HTTP/1.1” 200 894 “-” “kube-probe/1.23” “-”

kubectl logs pms-partner-6f545968cb-b89bh -n pms
{“@timestamp”:“2023-11-15T06:00:21.565Z”,“level”:“ACCESS”,“level_value”:70000,“traceId”:“59020e515e623b13461df9a32bddbd71”,“statusCode”:200,“req.requestURI”:“/v1/partnermanager/actuator/prometheus”,“bytesSent”:34666,“timeTaken”:0.006,“appName”:“partner-management”,“req.userAgent”:“Prometheus/2.38.0”,“req.xForwardedFor”:“-”,“req.referer”:“-”,“req.method”:“GET”,“req.remoteHost”:“127.0.0.6”}

kubectl logs pms-policy-56b686cb75-tjxj4 -n pms

{“@timestamp”:“2023-11-15T06:07:00.416Z”,“@version”:“1”,“message”:“RequestBody: “,“logger_name”:“io.mosip.pms.policy.config.ReqResFilter”,“thread_name”:“http-nio-9107-exec-1”,“level”:“INFO”,“level_value”:20000,“appName”:“partner-management”,“traceId”:“3d020469fd4670fd238f741110c52f5b”,“spanId”:“238f741110c52f5b”,“spanExportable”:“false”,“X-Span-Export”:“false”,“X-B3-SpanId”:“238f741110c52f5b”,“X-B3-TraceId”:“3d020469fd4670fd238f741110c52f5b”}
{”@timestamp”:“2023-11-15T06:07:00.419Z”,“level”:“ACCESS”,“level_value”:70000,“traceId”:“3d020469fd4670fd238f741110c52f5b”,“statusCode”:200,“req.requestURI”:“/v1/policymanager/actuator/prometheus”,“bytesSent”:17482,“timeTaken”:0.003,“appName”:“partner-management”,“req.userAgent”:“Prometheus/2.38.0”,“req.xForwardedFor”:“-”,“req.referer”:“-”,“req.method”:“GET”,“req.remoteHost”:“127.0.0.6”}

Can you suggest other areas / means to check ?

This what it looks like in Rancher:

When I run Postman imported collection, I just let it run automatically. Can I run it one step at a time? Do I just follow the sequence based on how it was exported/imported?

If I run it again then it will create another randomly named partner, which I have to register to Keycloak. After doing this, do I run the whole collection again or just the part where it encountered errors?

Can you do a detailed explanation on how to run the imported collection (correct sequence of API queries) and what to do once errors are encountered particularly the ones I encountered?

We deeply appreciate all help and assistance provided.

1 Like

Dear @rcsampang
For the API, Error will be available in pms-Partner & keycloak logs only. As per the error throw in response there will be a error in this pod logs

Please run the postman collection manually as per the imported sequence. You can skip partner creation api after one time execution so no need reconfigure keycloak.

Please share us complete logs for further analysis

1 Like

Hello!

So I run the Postman import one step at a time. Step 1 to 2 run without an error.

Errrors started to apear in step 3.

Before I run it again I created the user in keycloak and assigned the role AUTH_PARTNER which was created by the partner creation API.

partnerID = 31

Then I run step 3 again skipping the partner creation

The same errors as before.

I also can’t find errors in pms, keycloak and keymanager pods.

Can you or anyone explain in details the steps needed to run Step 3 in the Postman imported collection? What values to put when editing the json file?

1 Like

Hi @rcsampang

As this is a long ongoing issue, we can connect online over Google Meet to sort this out for you. There has been a gap in terms of reverting from our end for which we apologize.

Let us know if we can connect online to sort this out.

Best Regards,
Team MOSIP

@sanchi-singh24 & MOSIP Team
Thanks. Unfortunately, I have no access to our MOSIP platform for the time being. I will get back to you when I can resume.

Best regards!

Thanks for the update from your end!

Best Regards,
Team MOSIP