Merge pull request #4798 from mosip/ase-101-patch-6

ES-4

esignet-default.properties

@@ -34,8 +34,8 @@ mosip.esignet.supported-id-regex=\\S*
 # Generated ID and access tokens 'exp' depends on the below properties, default value is 1-hour
 mosip.esignet.id-token-expire-seconds=3600
 mosip.esignet.access-token-expire-seconds=3600
-# By default, only 2 link codes can be active, and the time period it can be active is defined here, default value is 5 minutes
-mosip.esignet.link-code-expire-in-secs=300
+# By default, only 2 link codes can be active, and the time period it can be active is defined here, default value is 1 minute
+mosip.esignet.link-code-expire-in-secs=60
 # Number of link code allowed to be generated in a transaction, the default value is 10
 mosip.esignet.generate-link-code.limit-per-transaction=10
 # Time to complete consent after successful authentication, the default value is 120
@@ -199,24 +199,54 @@ mosip.esignet.cache.names=clientdetails,preauth,authenticated,authcodegenerated,
 #spring.redis.port=6379
 management.health.redis.enabled=false
 
+# 'simple' cache type is only applicable only for Non-Production setup
 spring.cache.type=simple
 mosip.esignet.cache.key.hash.algorithm=SHA3-256
-mosip.esignet.cache.size={'clientdetails' : 200, 'preauth': 200, 'authenticated': 200, 'authcodegenerated': 200, 'userinfo': 200, \
-   'linkcodegenerated' : 500, 'linked': 200 , 'linkedcode': 200, 'linkedauth' : 200 , 'consented' :200, 'authtokens': 2, 'bindingtransaction': 200, 'vcissuance' : 200 }
-mosip.esignet.cache.expire-in-seconds={'clientdetails' : 86400, 'preauth': 300,'authenticated': ${mosip.esignet.authentication-expire-in-secs}, 'authcodegenerated': 300, \
-  'userinfo': ${mosip.esignet.access-token-expire-seconds}, 'linkcodegenerated' : ${mosip.esignet.link-code-expire-in-secs}, \
-  'linked': 600, 'linkedcode': ${mosip.esignet.link-code-expire-in-secs}, 'linkedauth' : ${mosip.esignet.authentication-expire-in-secs}, 'consented': 300, \
-  'authtokens': 86400, 'bindingtransaction': 600, 'vcissuance': ${mosip.esignet.access-token-expire-seconds}  }
+
+# Cache size setup is applicable only for 'simple' cache type. 
+# Cache size configuration will not be considered with 'Redis' cache type
+mosip.esignet.cache.size={'clientdetails' : 200, \
+'preauth': 200, \
+'authenticated': 200, \
+'authcodegenerated': 200, \
+'userinfo': 200, \
+'linkcodegenerated' : 500, \
+'linked': 200 , \
+'linkedcode': 200, \
+'linkedauth' : 200 , \
+'consented' :200, \
+'authtokens': 2, \
+'bindingtransaction': 200, \
+'vcissuance' : 200 }
+
+# Cache expire in seconds is applicable for both 'simple' and 'Redis' cache type
+mosip.esignet.cache.expire-in-seconds={'clientdetails' : 86400, \
+'preauth': 300,\
+'authenticated': ${mosip.esignet.authentication-expire-in-secs}, \
+'authcodegenerated': 60, \
+'userinfo': ${mosip.esignet.access-token-expire-seconds}, \
+'linkcodegenerated' : ${mosip.esignet.link-code-expire-in-secs}, \
+'linked': 120, \
+'linkedcode': ${mosip.esignet.link-code-expire-in-secs}, \
+'linkedauth' : ${mosip.esignet.authentication-expire-in-secs}, \
+'consented': 60, \
+'authtokens': 86400, \
+'bindingtransaction': 600, \
+'vcissuance': ${mosip.esignet.access-token-expire-seconds}  }
 
 ## ------------------------------------------ Discovery openid-configuration -------------------------------------------
 
 mosip.esignet.domain.url=https://${mosip.esignet.host}
 mosip.esignet.discovery.issuer-id=${mosip.esignet.domain.url}${server.servlet.path}
 
+# This property holds ./wellknown/jwks.json URL, 
+# for local deployments without esignet-ui nginx change the value to ${mosip.esignet.domain.url}${server.servlet.path}/oauth/.well-known/jwks.json
+mosip.esignet.jwks-uri=${mosip.esignet.domain.url}/.well-known/jwks.json
+
 mosip.esignet.oauth.key-values={'issuer': '${mosip.esignet.domain.url}' ,\
   \ 'authorization_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/authorize' , \
   \ 'token_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/oauth/token' , \
-  \ 'jwks_uri' : '${mosip.esignet.domain.url}${server.servlet.path}/oauth/jwks.json' , \
+  \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \
   \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \
   \ 'token_endpoint_auth_signing_alg_values_supported' : {'RS256'},\
   \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \
@@ -228,6 +258,7 @@ mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\
   \ 'authorization_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/authorize' , \
   \ 'token_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/oauth/token' ,\
   \ 'userinfo_endpoint' : '${mosip.esignet.domain.url}${server.servlet.path}/oidc/userinfo' ,\
+  \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \
   \ 'scopes_supported' : ${mosip.esignet.supported.openid.scopes}, \
   \ 'response_types_supported' : ${mosip.esignet.supported.response.types}, \
   \ 'response_modes_supported' : { 'query' }, \
@@ -243,7 +274,9 @@ mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\
   \ 'subject_types_supported' : { 'pairwise' }, \
   \ 'claims_supported' : {'name','address','gender','birthdate','picture','email','phone_number','individual_id'}, \
   \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics'},\
-  \ 'request_parameter_supported' : false }
+  \ 'request_parameter_supported' : false, \
+  \ 'claims_locales_supported' : {'en'}, \
+  \ 'ui_locales_supported' : {'en'} }
 
 ##----------------------------------------- Database properties --------------------------------------------------------
 
@@ -329,8 +362,9 @@ mosip.kernel.keymgr.hsm.health.check.encrypt=true
 
 ## -------------------------------------------- IDP-UI config ----------------------------------------------------------
 # NOTE:
-# 1. linked-transaction-expire-in-secs value should be a sum of mosip.esignet.authentication-expire-in-secs and linked cache expire in seconds under mosip.esignet.cache.expire-in-seconds property
+# 1. linked-transaction-expire-in-secs value should be a sum of 'mosip.esignet.authentication-expire-in-secs' and 'linked' cache expire in seconds under mosip.esignet.cache.expire-in-seconds property
 # 2. A new Qrcode will be autogenerated before the expiry of current qr-code, and the time difference in seconds for the same is defined in wallet.qr-code-buffer-in-secs property
+# 3. If esignet is deployed with MOSIP IDA, then 'resend.otp.delay.secs' must be the same as 'mosip.kernel.otp.expiry-time'
 
 mosip.esignet.ui.wallet.config={{'wallet.name': 'Inji Mobile App', 'wallet.logo-url': 'inji_logo.png', 'wallet.download-uri': '#', \
  'wallet.deep-link-uri': 'inji://landing-page-name?linkCode=LINK_CODE&linkExpireDateTime=LINK_EXPIRE_DT' },{'wallet.name': 'Inji Mobile App1', 'wallet.logo-url': 'inji_logo.png', 'wallet.download-uri': '#', \
@@ -339,18 +373,21 @@ mosip.esignet.ui.wallet.config={{'wallet.name': 'Inji Mobile App', 'wallet.logo-
 mosip.esignet.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 30, \
   'sbi.timeout.DINFO': 30, 'sbi.timeout.CAPTURE': 30, 'sbi.capture.count.face': 1, 'sbi.capture.count.finger': 1, \
   'sbi.capture.count.iris': 1, 'sbi.capture.score.face': 70, 'sbi.capture.score.finger':70, 'sbi.capture.score.iris':70, \
-  'resend.otp.delay.secs': ${mosip.kernel.otp.expiry-time}, 'send.otp.channels' : '${mosip.esignet.authenticator.ida.otp-channels}', \
+  'resend.otp.delay.secs': 180, 'send.otp.channels' : '${mosip.esignet.authenticator.ida.otp-channels}', \
   'captcha.sitekey' : '${mosip.esignet.captcha-validator.site-key}', 'captcha.enable' : '', \
   'auth.txnid.length' : '${mosip.esignet.auth-txn-id-length}', 'consent.screen.timeout-in-secs':${mosip.esignet.authentication-expire-in-secs}, \
-  'consent.screen.timeout-buffer-in-secs': 5, 'linked-transaction-expire-in-secs': 420, 'sbi.port.range': 4501-4600, \
+  'consent.screen.timeout-buffer-in-secs': 5, 'linked-transaction-expire-in-secs': 240, 'sbi.port.range': 4501-4600, \
   'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': 6, \
   'password.regex': '\\S*', 'wallet.config': ${mosip.esignet.ui.wallet.config} }
 
 ##  ---------------------------------------------- VCI ------------------------------------------------------------------
+# Used to verify audience in the PoP JWT
 mosip.esignet.vci.identifier=${mosip.esignet.domain.url}${server.servlet.path}
 mosip.esignet.vci.authn.filter-urls={ '${server.servlet.path}/vci/credential' }
-mosip.esignet.vci.authn.issuer-uri=${mosip.esignet.domain.url}${server.servlet.path}
-mosip.esignet.vci.authn.jwk-set-uri=${mosip.esignet.domain.url}${server.servlet.path}/oauth/.well-known/jwks.json
+# Change this if the VCI is used with different OAUTH2.0 server
+mosip.esignet.vci.authn.issuer-uri=${mosip.esignet.discovery.issuer-id}
+mosip.esignet.vci.authn.jwk-set-uri=${mosip.esignet.jwks-uri}
+
 mosip.esignet.vci.authn.allowed-audiences={ '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential' }
 
 mosip.esignet.cnonce-expire-seconds=40

id-authentication-default.properties

@@ -632,7 +632,7 @@ mosip.kernel.keymgr.hsm.health.key.app-id=IDA
 mosip.ida.config.server.file.storage.uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/
 mosip.ida.vercred.context.url.map={"https://www.w3.org/ns/odrl.jsonld" : "odrl.jsonld", "https://www.w3.org/2018/credentials/v1" : "cred-v1.jsonld", "https://${mosip.api.public.host}/.well-known/mosip-ida-context.json" : "mosip-ida-context.json"}
 mosip.ida.vercred.context.uri=vccontext-ida.jsonld
-mosip.ida.vercred.id.url=https://ida.mosip.net/credentials/
+mosip.ida.vercred.id.url=https://${mosip.api.public.host}/credentials/
 mosip.ida.vercred.issuer.url=https://${mosip.api.public.host}/.well-known/ida-controller.json
 mosip.ida.vercred.proof.purpose=assertionMethod
 mosip.ida.vercred.proof.type=RsaSignature2018

ida-controller.json

@@ -0,0 +1,7 @@
+{
+  "@context": "https://w3id.org/security/v2",
+  "id": "https://${mosip.api.public.host}/.well-known/ida-controller.json",
+  "assertionMethod": [
+    "https://${mosip.api.public.host}/.well-known/ida-public-key.json"
+  ]
+}

mosip-ida-context.json

@@ -0,0 +1,54 @@
+{
+  "@context": [{
+    "@version": 1.1
+  },"https://www.w3.org/ns/odrl.jsonld", {
+    "mosip": "https://${mosip.api.public.host}/mosip#",
+    "schema": "http://schema.org/",
+    "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
+    "vcVer": "mosip:vcVer",
+    "UIN": "mosip:UIN",
+    "VID": "mosip:VID",
+    "addressLine1": {
+      "@id": "https://${mosip.api.public.host}/mosip#addressLine1",
+      "@context": {"value": "rdf:value", "lang": "@language"}
+    },
+    "addressLine2": {
+      "@id": "https://${mosip.api.public.host}/mosip#addressLine2",
+      "@context": {"value": "rdf:value", "lang": "@language"}
+    },
+    "addressLine3": {
+      "@id": "https://${mosip.api.public.host}/mosip#addressLine3",
+      "@context": {"value": "rdf:value", "lang": "@language"}
+    },
+    "city": {
+      "@id": "https://${mosip.api.public.host}/mosip#city",
+      "@context": {"value": "rdf:value", "lang": "@language"}
+    },
+    "gender": {
+      "@id": "https://${mosip.api.public.host}/mosip#gender",
+      "@context": {"value": "rdf:value", "lang": "@language"}
+    },
+    "residenceStatus": {
+      "@id": "https://${mosip.api.public.host}/mosip#residenceStatus",
+      "@context": {"value": "rdf:value", "lang": "@language"}
+    },
+
+    "dateOfBirth": "mosip:dateOfBirth",
+    "email": "mosip:email",
+    "fullName": {
+      "@id": "https://${mosip.api.public.host}/mosip#fullName",
+      "@context": {"value": "rdf:value", "lang": "@language"}
+    },
+    "phone": "mosip:phone",
+    "postalCode": "mosip:postalCode",
+    "province": {
+      "@id": "https://${mosip.api.public.host}/mosip#province",
+      "@context": {"value": "rdf:value", "lang": "@language"}
+    },
+    "region": {
+      "@id": "https://${mosip.api.public.host}/mosip#region",
+      "@context": {"value": "rdf:value", "lang": "@language"}
+    },
+    "face": "mosip:face"
+  }]
+}

vccontext-ida.jsonld

@@ -0,0 +1,9 @@
+{
+   "context" : [
+    "https://www.w3.org/2018/credentials/v1",
+    "https://${mosip.api.public.host}/.well-known/mosip-ida-context.json",
+    {
+       "sec": "https://w3id.org/security#"
+    }
+]
+}