Dear @rcsampang which user id used for authentication ? you should have PARTNER_ADMIN role to perform this operation
Hello @thamarai_kannan
Yes the user id used for authentication has the role PARTNER_ADMIN but the error persists.
So I used a user with GLOBAL_ADMIN and the error was gone. (I know it is overkill but I did not know what specific roles the user should have)
But there are still 15 errors and the following is the first at UPLOADING SIGNED PARTNER CERT
POST https://api-internal.mymosip.edu.ph/v1/partnermanager/partners/certificate/upload: {
“Network”: {
“addresses”: {
“local”: {
“address”: “10.207.102.5”,
“family”: “IPv4”,
“port”: 61752
},
“remote”: {
“address”: “10.206.100.170”,
“family”: “IPv4”,
“port”: 443
}
},
“tls”: {
“reused”: false,
“authorized”: true,
“authorizationError”: null,
“cipher”: {
“name”: “ECDHE-RSA-AES128-GCM-SHA256”,
“standardName”: “TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256”,
“version”: “TLSv1/SSLv3”
},
“protocol”: “TLSv1.2”,
“ephemeralKeyInfo”: {},
“peerCertificate”: {
“subject”: {
“commonName”: “mymosip.edu.ph”,
“alternativeNames”: “DNS:.mymosip.edu.ph, DNS:mymosip.edu.ph"
},
“issuer”: {
“country”: “US”,
“organization”: “Let’s Encrypt”,
“commonName”: “R3”
},
“validFrom”: “Oct 26 06:25:29 2023 GMT”,
“validTo”: “Jan 24 06:25:28 2024 GMT”,
“fingerprint”: “3F:8E:A3:53:CA:90:27:9A:42:1D:7E:03:EA:5C:A2:2C:3B:6C:59:F0”,
“serialNumber”: “0439a0e83b7be954a2f67f81b35bdd246ec1”
}
}
},
“Request Headers”: {
“content-type”: “application/json”,
“user-agent”: “PostmanRuntime/7.34.0”,
“accept”: "/*”,
“cache-control”: “no-cache”,
“postman-token”: “ca2d229d-b7dd-47a9-8186-162632367d86”,
“host”: “api-internal.mymosip.edu.ph”,
“accept-encoding”: “gzip, deflate, br”,
“connection”: “keep-alive”,
“content-length”: “1537”,
“cookie”: “Authorization=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqc05CR01jeUh2cWJEeExnMjluRV9pMWZRc2plUlFlalpaYlJKd3FfdHE4In0.eyJleHAiOjE2OTk0NDA0ODQsImlhdCI6MTY5OTQwNDQ4NCwianRpIjoiMjVhNmViOTQtZjcxZC00OTMyLTk1MjItOTc2NmY0OGM2Y2Q4IiwiaXNzIjoiaHR0cHM6Ly9pYW0uZGNzbW9zaXAuc2NpZW5jZS51cGQuZWR1LnBoL2F1dGgvcmVhbG1zL21vc2lwIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjM2YWQyMzEwLTA5NjUtNDNlYi05NzE0LTkxOTRmNzMxZDk2NCIsInR5cCI6IkJlYXJlciIsImF6cCI6Im1vc2lwLWFkbWluLWNsaWVudCIsInNlc3Npb25fc3RhdGUiOiJiYmQ3YjRjOS05ODUwLTQ4YmItYTU2NC05YTliODEyODFhYzUiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIlJFR0lTVFJBVElPTl9BRE1JTiIsIlpPTkFMX0FETUlOIiwiUE1TX0FETUlOIiwib2ZmbGluZV9hY2Nlc3MiLCJQQVJUTkVSX0FETUlOIiwiUE9MSUNZTUFOQUdFUiIsInVtYV9hdXRob3JpemF0aW9uIiwiZGVmYXVsdC1yb2xlcy1tb3NpcCIsIkdMT0JBTF9BRE1JTiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsInNpZCI6ImJiZDdiNGM5LTk4NTAtNDhiYi1hNTY0LTlhOWI4MTI4MWFjNSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwicHJlZmVycmVkX3VzZXJuYW1lIjoiZ2xvYmFsYWRtaW4ifQ.Ge1c0EVaHI8c3tihGwX-F_o8GtAJSCwIzaLVJVofKgx8tGJvV7P6WXpW7xkks6EesQHl8_Xc7RalNKc2sH0ZwXY6njwwf-t3lo3DdOJNx12Fct40nj01YKZWFp5219WeLpqyShrGG3EFeUlyd0OXGAysy9MBJ97T_knQwUh7ntR2I0i_bu6TM-AOZCiym0FhhgocPJUPLp-XSXm9c-53rkVGLH5dfLoHhGwS3P1baCY-vJiWXqDelPlI3uCoO2YEf4y-xCqnJ_TAdRsH_kIjfAXCmlJIxr8Lx7pHoW8S76B01kTxmGpfQXiCOMDu1zK8Vx3dSgviR677BI0WXZl7tg”
},
“Request Body”: “{\r\n "id": "string",\r\n "metadata": {},\r\n "request": {\r\n "certificateData":"-----BEGIN CERTIFICATE-----\r\nMIIDdDCCAlygAwIBAgIIMoGbJus8F6YwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UE\r\nBhMCSU4xCzAJBgNVBAgMAktBMQwwCgYDVQQKDAM1NzYxGjAYBgNVBAsMEUlEQS1U\r\nRVNULU9SRy1VTklUMREwDwYDVQQDDAhJTlRFUi1ycDAeFw0yMzExMDYwNDI1NDFa\r\nFw0yODExMDYwNDI1NDFaMFkxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJLQTEMMAoG\r\nA1UECgwDNTc2MRowGAYDVQQLDBFJREEtVEVTVC1PUkctVU5JVDETMBEGA1UEAwwK\r\nUEFSVE5FUi1ycDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALrRTqYA\r\nAEpmYws4AzaFUQaoivLPhwgqKosl3OX/1eHLfsMVQgdGPyQntnklN5bcCO2zvpm+\r\n3XkpWjOOlngdwdaJY2NXFUh2DEgWRRzCPyB1bTmaWe5IYWXjiTaoPkZozbI6HEqY\r\nNOyBjQ+8kvXtkMJ9bFYpryIozLOzHONmTW3IAwo8E8DuPSyoCAiNCbyuJlm8MmzZ\r\neT4cbODDS6rzcfyWFUE8cNn0Xe4GtwFlNSveJDX0ABRhhIJ51nYY90ydWu2ZtLKr\r\nzTwkxh0huNbxkXJq/fwJdgL5dxQ4AZ9sNluU2vnC8MTNU9ef/u+9EHDk+sL+B2Qv\r\ntG7s+N6SE78SSlUCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\r\nnvmqN9MydihAdfNO/8vyqM1dJiQwDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEB\r\nCwUAA4IBAQBAOYMVIm4SkWyoAku2LdZJ430irY4YE4Jsqjvn2R1a8C/VaVKIS8DS\r\nv2VWnx7aWbaAZ+vmAkw5XyM2vdSU3e27/2sb75y2nsn10x3qUjI2Leibtf+NN+le\r\nlzq/0bw1oRM/dbdLVcheYoXAZD91Pxg8YXeSHzbByEL1ViDVzzGRXtxwDWmXCqtR\r\nyzBihSCNWMxkYzy1oHklGAcqNUElV7hV7aDfOAmsLi7IaFKXqphagLw4WRQ61rHn\r\nOz/9wo3nozSGXTUQGdEQz5yGVPk2pOVebdopLEKIrDhqtaeogoxyS0SVCWlgxwo4\r\nXGV1tvlaozvvLC1CMIuZLjVGIBGIPS5y\r\n-----END CERTIFICATE-----\r\n",\r\n "partnerDomain": "AUTH",\r\n "partnerId": "458"\r\n \r\n },\r\n "requesttime": "2023-11-08T00:48:06.605Z",\r\n "version": "string"\r\n}”,
“Response Headers”: {
“server”: “nginx/1.18.0 (Ubuntu)”,
“date”: “Wed, 08 Nov 2023 00:48:06 GMT”,
“content-type”: “application/json;charset=UTF-8”,
“content-length”: “145”,
“connection”: “keep-alive”,
“x-content-type-options”: “nosniff”,
“x-xss-protection”: “1; mode=block”,
“cache-control”: “no-cache, no-store, max-age=0, must-revalidate”,
“pragma”: “no-cache”,
“expires”: “0”,
“x-frame-options”: “SAMEORIGIN”,
“x-envoy-upstream-service-time”: “110”
},
“Response Body”: “{"id":null,"version":null,"responsetime":"2023-11-08T00:48:06.901Z","metadata":null,"response":null,"errors":[{"errorCode":null,"message":null}]}”
}
TypeError: Cannot read properties of null (reading ‘signedCertificateData’)
I am also seeing these errors
POST https://api-internal.mymosip.edu.ph/v1/partnermanager/partners/458/policy/map
…
“Response Body”: “{"id":"mosip.partnermanagement","version":"1.0","responsetime":"2023-11-08T00:48:08.140Z","metadata":null,"response":null,"errors":[{"errorCode":"PMS_PMP_016","message":"Partner is not active."}]}”
}
POST https://api-internal.mymosip.upd.edu.ph/v1/partnermanager/partners/458/policy/map: {
…
“Request Body”: “{\r\n "id": "string",\r\n "metadata": {},\r\n "request": {\r\n "policyName": "policy 206",\r\n "useCaseDescription": "string"\r\n },\r\n "requesttime": "2023-11-08T00:48:08.085Z",\r\n "version": "string"\r\n}”,
“Response Headers”: {
“server”: “nginx/1.18.0 (Ubuntu)”,
“date”: “Wed, 08 Nov 2023 00:48:08 GMT”,
“content-type”: “application/json;charset=UTF-8”,
“content-length”: “196”,
“connection”: “keep-alive”,
“x-content-type-options”: “nosniff”,
“x-xss-protection”: “1; mode=block”,
“cache-control”: “no-cache, no-store, max-age=0, must-revalidate”,
“pragma”: “no-cache”,
“expires”: “0”,
“x-frame-options”: “SAMEORIGIN”,
“x-envoy-upstream-service-time”: “49”
},
“Response Body”: “{"id":"mosip.partnermanagement","version":"1.0","responsetime":"2023-11-08T00:48:08.140Z","metadata":null,"response":null,"errors":[{"errorCode":"PMS_PMP_016","message":"Partner is not active."}]}”
}
PUT https://api-internal.mymosip.edu.ph/v1/partnermanager/partners/policy/{{MappingKey}}: {
…
“Request Body”: “{\r\n "id": "string",\r\n "metadata": {},\r\n "request": {\r\n "status": "Approved"\r\n },\r\n "requesttime": "2023-11-08T00:48:08.207Z",\r\n "version": "string"\r\n}”,
“Response Headers”: {
“server”: “nginx/1.18.0 (Ubuntu)”,
“date”: “Wed, 08 Nov 2023 00:48:08 GMT”,
“content-type”: “application/json;charset=UTF-8”,
“content-length”: “204”,
“connection”: “keep-alive”,
“x-content-type-options”: “nosniff”,
“x-xss-protection”: “1; mode=block”,
“cache-control”: “no-cache, no-store, max-age=0, must-revalidate”,
“pragma”: “no-cache”,
“expires”: “0”,
“x-frame-options”: “SAMEORIGIN”,
“x-envoy-upstream-service-time”: “102”
},
“Response Body”: “{"id":"mosip.partnermanagement","version":"1.0","responsetime":"2023-11-08T00:48:08.325Z","metadata":null,"response":null,"errors":[{"errorCode":"PMS_PMP_007","message":"Partner api key does not exist"}]}”
}
POST https://api-internal.mymosip.edu.ph/v1/authmanager/authenticate/useridPwd: {
…
“Request Body”: “{\r\n "id": "string",\r\n "metadata": {},\r\n "request": {\r\n "appId": "partner",\r\n "password": "mosip123",\r\n "userName": 458\r\n },\r\n "requesttime": "2023-11-08T00:48:08.207Z",\r\n "version": "string"\r\n}”,
“Response Headers”: {
“server”: “nginx/1.18.0 (Ubuntu)”,
“date”: “Wed, 08 Nov 2023 00:48:08 GMT”,
“content-type”: “application/json;charset=UTF-8”,
“content-length”: “179”,
“connection”: “keep-alive”,
“access-control-allow-methods”: “POST, GET, OPTIONS, DELETE, PUT, PATCH”,
“access-control-allow-headers”: “Date, Content-Type, Accept, X-Requested-With, Authorization, From, X-Auth-Token, Request-Id”,
“access-control-expose-headers”: “Set-Cookie”,
“access-control-allow-credentials”: “true”,
“x-content-type-options”: “nosniff”,
“x-xss-protection”: “1; mode=block”,
“cache-control”: “no-cache, no-store, max-age=0, must-revalidate”,
“pragma”: “no-cache”,
“expires”: “0”,
“x-frame-options”: “SAMEORIGIN”,
“x-envoy-upstream-service-time”: “10”
},
“Response Body”: “{"id":"string","version":"string","responsetime":"2023-11-08T00:48:08.427Z","metadata":null,"response":null,"errors":[{"errorCode":"KER-ATH-023","message":"Invalid Credentials"}]}”
}
‘policy 206’
Dear @rcsampang As per the logs shred
Api 1 : POST https://api-internal.mymosip.edu.ph/v1/partnermanager/partners/certificate/upload
Api 2 : POST https://api-internal.mymosip.edu.ph/v1/partnermanager/partners/458/policy/map
Api 3 : PUT https://api-internal.mymosip.edu.ph/v1/partnermanager/partners/policy/{{MappingKey}}
Api 4 : POST https://api-internal.mymosip.edu.ph/v1/authmanager/authenticate/useridPwd
First API got Error due to that mosip-signed certificate not generated, because this api failure “API 2”, “API 3” got failed. Please check logs in partner-manager-service pod logs in PMS Namespace
For API 4 : The entered password may be wrong for the partner, request you to check the password in keycloak and change in the request and execute
@thamarai_kannan Hello.
No errors on pods in pms namespace
pms pmp-ui-69456b94d8-x792q 2/2 Running 0 27d
pms pms-partner-6f545968cb-b89bh 2/2 Running 1 (27d ago) 27d
pms pms-policy-56b686cb75-tjxj4 2/2 Running 4 (29d ago) 29d
For API4 - but wasn’t the partner created through postman, I assumed it provided the correct password when it was created?
Also the partners created in Postman does not reflect in Keycloak when viewing al users.
Dear @rcsampang , please check both pms-partner & keymanager log. System clearly saying while upload partner certificate, system facing issue.
Also postman collection will not create partner in keycloak automatically. you have to create manually after executing self partner creation api
@thamarai_kannan Thank you.
I have checked using kubectl describe and describe logs but there is no obvious error.
keymanager keymanager-5d897f8659-7kwxq 2/2 Running 2 (32d ago) 32d
pms pmp-ui-69456b94d8-x792q 2/2 Running 0 32d
pms pms-partner-6f545968cb-b89bh 2/2 Running 1 (32d ago) 32d
pms pms-policy-56b686cb75-tjxj4 2/2 Running 4 (34d ago) 34d
kubectl logs keymanager-5d897f8659-7kwxq -n keymanager
{“@timestamp”:“2023-11-15T05:54:14.236Z”,“level”:“ACCESS”,“level_value”:70000,“traceId”:“a02d457eba17dbb8609946e1169add7a”,“statusCode”:200,“req.requestURI”:“/v1/keymanager/actuator/prometheus”,“bytesSent”:17038,“timeTaken”:0.003,“appName”:“kernel-keymanager-service”,“req.userAgent”:“Prometheus/2.38.0”,“req.xForwardedFor”:“-”,“req.referer”:“-”,“req.method”:“GET”,“req.remoteHost”:“127.0.0.6”}
kubectl logs pmp-ui-69456b94d8-x792q -n pms
127.0.0.6 - - [15/Nov/2023:05:57:12 +0000] “GET / HTTP/1.1” 200 894 “-” “kube-probe/1.23” “-”
kubectl logs pms-partner-6f545968cb-b89bh -n pms
{“@timestamp”:“2023-11-15T06:00:21.565Z”,“level”:“ACCESS”,“level_value”:70000,“traceId”:“59020e515e623b13461df9a32bddbd71”,“statusCode”:200,“req.requestURI”:“/v1/partnermanager/actuator/prometheus”,“bytesSent”:34666,“timeTaken”:0.006,“appName”:“partner-management”,“req.userAgent”:“Prometheus/2.38.0”,“req.xForwardedFor”:“-”,“req.referer”:“-”,“req.method”:“GET”,“req.remoteHost”:“127.0.0.6”}
kubectl logs pms-policy-56b686cb75-tjxj4 -n pms
{“@timestamp”:“2023-11-15T06:07:00.416Z”,“@version”:“1”,“message”:“RequestBody: “,“logger_name”:“io.mosip.pms.policy.config.ReqResFilter”,“thread_name”:“http-nio-9107-exec-1”,“level”:“INFO”,“level_value”:20000,“appName”:“partner-management”,“traceId”:“3d020469fd4670fd238f741110c52f5b”,“spanId”:“238f741110c52f5b”,“spanExportable”:“false”,“X-Span-Export”:“false”,“X-B3-SpanId”:“238f741110c52f5b”,“X-B3-TraceId”:“3d020469fd4670fd238f741110c52f5b”}
{”@timestamp”:“2023-11-15T06:07:00.419Z”,“level”:“ACCESS”,“level_value”:70000,“traceId”:“3d020469fd4670fd238f741110c52f5b”,“statusCode”:200,“req.requestURI”:“/v1/policymanager/actuator/prometheus”,“bytesSent”:17482,“timeTaken”:0.003,“appName”:“partner-management”,“req.userAgent”:“Prometheus/2.38.0”,“req.xForwardedFor”:“-”,“req.referer”:“-”,“req.method”:“GET”,“req.remoteHost”:“127.0.0.6”}
Can you suggest other areas / means to check ?
This what it looks like in Rancher:
When I run Postman imported collection, I just let it run automatically. Can I run it one step at a time? Do I just follow the sequence based on how it was exported/imported?
If I run it again then it will create another randomly named partner, which I have to register to Keycloak. After doing this, do I run the whole collection again or just the part where it encountered errors?
Can you do a detailed explanation on how to run the imported collection (correct sequence of API queries) and what to do once errors are encountered particularly the ones I encountered?
We deeply appreciate all help and assistance provided.
1 Like
Dear @rcsampang
For the API, Error will be available in pms-Partner & keycloak logs only. As per the error throw in response there will be a error in this pod logs
Please run the postman collection manually as per the imported sequence. You can skip partner creation api after one time execution so no need reconfigure keycloak.
Please share us complete logs for further analysis
1 Like
Hello!
So I run the Postman import one step at a time. Step 1 to 2 run without an error.
Errrors started to apear in step 3.
Before I run it again I created the user in keycloak and assigned the role AUTH_PARTNER which was created by the partner creation API.
partnerID = 31
Then I run step 3 again skipping the partner creation
The same errors as before.
I also can’t find errors in pms, keycloak and keymanager pods.
Can you or anyone explain in details the steps needed to run Step 3 in the Postman imported collection? What values to put when editing the json file?
1 Like
Hi @rcsampang
As this is a long ongoing issue, we can connect online over Google Meet to sort this out for you. There has been a gap in terms of reverting from our end for which we apologize.
Let us know if we can connect online to sort this out.
Best Regards,
Team MOSIP
@sanchi-singh24 & MOSIP Team
Thanks. Unfortunately, I have no access to our MOSIP platform for the time being. I will get back to you when I can resume.
Best regards!
Thanks for the update from your end!
Best Regards,
Team MOSIP