From 5df53a575e2986b4178b4fa5c5c8969ec01cde08 Mon Sep 17 00:00:00 2001 From: Zeeshan Mehboob Date: Wed, 24 Jul 2024 14:29:49 +0530 Subject: [PATCH] [ADDED] release 1.4.1 properties to qa-inji default, mock & insurance Signed-off-by: Zeeshan Mehboob --- esignet-default.properties | 40 +++++++++++-------- esignet-insurance.properties | 57 +++++++++++++++++---------- esignet-mock.properties | 76 ++++++++++++++++++++++-------------- 3 files changed, 107 insertions(+), 66 deletions(-) diff --git a/esignet-default.properties b/esignet-default.properties index 89a51969097..dda3211693f 100644 --- a/esignet-default.properties +++ b/esignet-default.properties @@ -67,19 +67,21 @@ mosip.esignet.auth-challenge.PIN.min-length=4 mosip.esignet.auth-challenge.PIN.max-length=4 +# Endpoints required to have oauth-details-hash and oauth-details-key HTTP header mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authorization/send-otp', \ '${server.servlet.path}/authorization/authenticate', \ '${server.servlet.path}/authorization/v2/authenticate', \ - '${server.servlet.path}/authorization/v3/authenticate', \ + '${server.servlet.path}/authorization/v3/authenticate', \ '${server.servlet.path}/authorization/auth-code'} -mosip.esignet.captcha.required.auth-factors={'PWD'} -mosip.esignet.captcha.required= +#This property is used for captcha validation and allowed values are send-otp, pwd and kba. +#captcha validation is enabled for send-otp, pwd and kba. +mosip.esignet.captcha.required=send-otp,pwd +#Properties used to ratelimit the incoming requests mosip.esignet.send-otp.attempts=3 mosip.esignet.authenticate.attempts=3 -mosip.esignet.send-otp.invocation-gap-secs=10 -mosip.esignet.authenticate.invocation-gap-secs=5 + ## ------------------------------------------ e-Signet binding --------------------------------------------------------- mosip.esignet.binding.salt-length=16 @@ -132,7 +134,6 @@ mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService mosip.esignet.integration.vci-plugin=IdaVCIssuancePluginImpl # captcha validator -mosip.esignet.send-otp.captcha-required=false mosip.esignet.captcha-validator.url=https://www.google.com/recaptcha/api/siteverify mosip.esignet.captcha-validator.secret=${esignet.captcha.secret.key} mosip.esignet.captcha-validator.site-key=${esignet.captcha.site.key} @@ -220,7 +221,7 @@ mosip.esignet.supported-pkce-methods={'S256'} ## ---------------------------------------- Cache configuration -------------------------------------------------------- -mosip.esignet.cache.secure.individual-id=false +mosip.esignet.cache.secure.individual-id=true mosip.esignet.cache.store.individual-id=true mosip.esignet.cache.security.secretkey.reference-id=TRANSACTION_CACHE mosip.esignet.cache.security.algorithm-name=AES/ECB/PKCS5Padding @@ -277,7 +278,6 @@ mosip.esignet.cache.expire-in-seconds={'clientdetails' : 86400, \ mosip.esignet.domain.url=https://${mosip.esignet.host} mosip.esignet.discovery.issuer-id=${mosip.esignet.domain.url}${server.servlet.path} -mosip.esignet.api.url=https://${mosip.api.public.host} # This property holds ./wellknown/jwks.json URL, # for local deployments without esignet-ui nginx change the value to ${mosip.esignet.domain.url}${server.servlet.path}/oauth/.well-known/jwks.json @@ -286,7 +286,7 @@ mosip.esignet.jwks-uri=${mosip.esignet.domain.url}/.well-known/jwks.json mosip.esignet.token.endpoint=${mosip.esignet.domain.url}${server.servlet.path}/oauth/v2/token mosip.esignet.oauth.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ - \ 'authorization_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/authorize' , \ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}/authorize' , \ \ 'token_endpoint': '${mosip.esignet.token.endpoint}' , \ \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ @@ -297,7 +297,7 @@ mosip.esignet.oauth.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ \ 'response_types_supported' : ${mosip.esignet.supported.response.types}} mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ - \ 'authorization_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/authorize' , \ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}/authorize' , \ \ 'token_endpoint': '${mosip.esignet.token.endpoint}' ,\ \ 'userinfo_endpoint' : '${mosip.esignet.domain.url}${server.servlet.path}/oidc/userinfo' ,\ \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ @@ -315,7 +315,7 @@ mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ \ 'display_values_supported' : ${mosip.esignet.supported.ui.displays}, \ \ 'subject_types_supported' : { 'pairwise' }, \ \ 'claims_supported' : {'name','address','gender','birthdate','picture','email','phone_number','individual_id','residenceStatus'}, \ - \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics'},\ + \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics', 'mosip:idp:acr:knowledge'},\ \ 'request_parameter_supported' : false, \ \ 'claims_locales_supported' : {'en'}, \ \ 'ui_locales_supported' : {'en'} } @@ -415,6 +415,15 @@ mosip.esignet.ui.signup.config={'signup.banner': true, 'signup.url': 'https://${ mosip.esignet.ui.forgot-password.config={'forgot-password': true, 'forgot-password.url': 'https://${mosip.signup.host}/reset-password'} +## Configuration required to display KBI form. +# individual-id-field is set with field id which should be considered as an individual ID in the authenticate request. +# form-details holds the list of field details like below: +# id -> unique field Id, type -> holds datatype, format -> only supported for date fields, regex -> pattern to validate the input value, maxLength -> number of allowed characters +# Example: mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id': '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^[A-Za-z\\s]{1,}[\\.]{0,1}[A-Za-z\\s]{0,}$'},{'id':'dob', 'type':'date', 'format':'dd/mm/yyyy'}} +mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field=policyNumber +mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id':'policyNumber', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '\\S*'},{"id":"dob", "type":"date", "format":"dd/mm/yyyy"}} + +## Configuration Map input to UI at the start of every transaction. mosip.esignet.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 30, \ 'sbi.timeout.DINFO': 30, 'sbi.timeout.CAPTURE': 30, 'sbi.capture.count.face': 1, 'sbi.capture.count.finger': 1, \ 'sbi.capture.count.iris': 1, 'sbi.capture.score.face': 70, 'sbi.capture.score.finger':70, 'sbi.capture.score.iris':70, \ @@ -422,9 +431,10 @@ mosip.esignet.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 'captcha.sitekey' : '${mosip.esignet.captcha-validator.site-key}', 'captcha.enable' : '${mosip.esignet.captcha.required}', \ 'auth.txnid.length' : '${mosip.esignet.auth-txn-id-length}', 'consent.screen.timeout-in-secs':${mosip.esignet.authentication-expire-in-secs}, \ 'consent.screen.timeout-buffer-in-secs': 5, 'linked-transaction-expire-in-secs': 240, 'sbi.port.range': '4501-4600', \ - 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': 6, \'password.regex': '^.{8,20}$', \ - 'password.max-length': 20, \ - 'username.regex': '^[0-9]{10,30}$', \ + 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': ${mosip.esignet.auth-challenge.OTP.max-length}, \ + 'password.regex': '^.{8,20}$', \ + 'password.max-length': ${mosip.esignet.auth-challenge.PWD.max-length}, \ + 'username.regex': '^[0-9]{10,30}$',\ 'username.prefix': '', \ 'username.postfix': '', \ 'username.max-length': 30, \ @@ -434,8 +444,6 @@ mosip.esignet.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 'auth.factor.kba.individual-id-field' : '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}',\ 'auth.factor.kba.field-details': ${mosip.esignet.authenticator.default.auth-factor.kba.field-details} } -mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id':'policyNumber', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '\\S*'},{"id":"dob", "type":"date", "format":"dd/mm/yyyy"}} -mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field=policyNumber ## ---------------------------------------------- VCI ------------------------------------------------------------------ # Used to verify audience in the PoP JWT mosip.esignet.vci.identifier=${mosip.esignet.domain.url} diff --git a/esignet-insurance.properties b/esignet-insurance.properties index 21afe15b1e6..e59b7ef5f50 100644 --- a/esignet-insurance.properties +++ b/esignet-insurance.properties @@ -67,20 +67,21 @@ mosip.esignet.auth-challenge.PIN.format=number mosip.esignet.auth-challenge.PIN.min-length=4 mosip.esignet.auth-challenge.PIN.max-length=4 + +# Endpoints required to have oauth-details-hash and oauth-details-key HTTP header mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authorization/send-otp', \ '${server.servlet.path}/authorization/authenticate', \ '${server.servlet.path}/authorization/v2/authenticate', \ '${server.servlet.path}/authorization/v3/authenticate', \ '${server.servlet.path}/authorization/auth-code'} -mosip.esignet.captcha.required= +#This property is used for captcha validation and allowed values are send-otp, pwd and kba. +#captcha validation is enabled for send-otp, pwd and kba. +mosip.esignet.captcha.required=send-otp,pwd +#Properties used to ratelimit the incoming requests mosip.esignet.send-otp.attempts=3 mosip.esignet.authenticate.attempts=3 -mosip.esignet.send-otp.invocation-gap-secs=10 -mosip.esignet.authenticate.invocation-gap-secs=5 - -mosip.esignet.captcha.required.auth-factors={'PWD'} ## ------------------------------------------ e-Signet binding --------------------------------------------------------- @@ -134,7 +135,6 @@ mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService mosip.esignet.integration.vci-plugin=SunbirdRCVCIssuancePlugin # captcha validator -mosip.esignet.send-otp.captcha-required=true mosip.esignet.captcha-validator.url=https://www.google.com/recaptcha/api/siteverify mosip.esignet.captcha-validator.secret=${esignet.captcha.insurance.secret.key} mosip.esignet.captcha-validator.site-key=${esignet.captcha.insurance.site.key} @@ -286,7 +286,7 @@ mosip.esignet.jwks-uri=${mosip.esignet.domain.url}/.well-known/jwks.json mosip.esignet.token.endpoint=${mosip.esignet.domain.url}${server.servlet.path}/oauth/v2/token mosip.esignet.oauth.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ - \ 'authorization_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/authorize' , \ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}/authorize' , \ \ 'token_endpoint': '${mosip.esignet.token.endpoint}' , \ \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ @@ -297,7 +297,7 @@ mosip.esignet.oauth.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ \ 'response_types_supported' : ${mosip.esignet.supported.response.types}} mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ - \ 'authorization_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/authorize' , \ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}/authorize' , \ \ 'token_endpoint': '${mosip.esignet.token.endpoint}' ,\ \ 'userinfo_endpoint' : '${mosip.esignet.domain.url}${server.servlet.path}/oidc/userinfo' ,\ \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ @@ -315,7 +315,7 @@ mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ \ 'display_values_supported' : ${mosip.esignet.supported.ui.displays}, \ \ 'subject_types_supported' : { 'pairwise' }, \ \ 'claims_supported' : {'name','address','gender','birthdate','picture','email','phone_number','individual_id'}, \ - \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics'},\ + \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics', 'mosip:idp:acr:knowledge'},\ \ 'request_parameter_supported' : false, \ \ 'claims_locales_supported' : {'en'}, \ \ 'ui_locales_supported' : {'en'} } @@ -411,22 +411,38 @@ mosip.kernel.keymgr.hsm.health.check.encrypt=true mosip.esignet.ui.wallet.config={{'wallet.name': 'Inji Mobile App', 'wallet.logo-url': 'inji_logo.png', 'wallet.download-uri': '#', \ 'wallet.deep-link-uri': 'inji://landing-page-name?linkCode=LINK_CODE&linkExpireDateTime=LINK_EXPIRE_DT' }} -mosip.esignet.authenticator.default.auth-factor.kba.field-details=${mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.field-details} -mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field=${mosip.esignet.authenticator.sunbird-rc.auth-factor.kba.individual-id-field} +mosip.esignet.ui.signup.config={'signup.banner': true, 'signup.url': 'https://${mosip.signup.host}/signup'} + +mosip.esignet.ui.forgot-password.config={'forgot-password': true, 'forgot-password.url': 'https://${mosip.signup.host}/reset-password'} + +## Configuration required to display KBI form. +# individual-id-field is set with field id which should be considered as an individual ID in the authenticate request. +# form-details holds the list of field details like below: +# id -> unique field Id, type -> holds datatype, format -> only supported for date fields, regex -> pattern to validate the input value, maxLength -> number of allowed characters +# Example: mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id': '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^[A-Za-z\\s]{1,}[\\.]{0,1}[A-Za-z\\s]{0,}$'},{'id':'dob', 'type':'date', 'format':'dd/mm/yyyy'}} +mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field=policyNumber +mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id':'policyNumber', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '\\S*'},{"id":"dob", "type":"date", "format":"dd/mm/yyyy"}} +## Configuration Map input to UI at the start of every transaction. mosip.esignet.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 30, \ 'sbi.timeout.DINFO': 30, 'sbi.timeout.CAPTURE': 30, 'sbi.capture.count.face': 1, 'sbi.capture.count.finger': 1, \ 'sbi.capture.count.iris': 1, 'sbi.capture.score.face': 70, 'sbi.capture.score.finger':70, 'sbi.capture.score.iris':70, \ 'resend.otp.delay.secs': 180, 'send.otp.channels' : '${mosip.esignet.authenticator.ida.otp-channels}', \ 'captcha.sitekey' : '${mosip.esignet.captcha-validator.site-key}', 'captcha.enable' : '${mosip.esignet.captcha.required}', \ 'auth.txnid.length' : '${mosip.esignet.auth-txn-id-length}', 'consent.screen.timeout-in-secs':${mosip.esignet.authentication-expire-in-secs}, \ - 'consent.screen.timeout-buffer-in-secs': 5, 'linked-transaction-expire-in-secs': 240, 'sbi.port.range': 4501-4600, \ - 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': 6, \ - 'password.regex': '\\S*', 'wallet.config': ${mosip.esignet.ui.wallet.config},'auth.factor.kba.individual-id-field' : '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}',\ - 'auth.factor.kba.field-details':${mosip.esignet.authenticator.default.auth-factor.kba.field-details} } - -mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id':'policyNumber', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '\\S*'},{"id":"dob", "type":"date", "format":"dd/mm/yyyy"}} -mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field=policyNumber + 'consent.screen.timeout-buffer-in-secs': 5, 'linked-transaction-expire-in-secs': 240, 'sbi.port.range': '4501-4600', \ + 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': ${mosip.esignet.auth-challenge.OTP.max-length}, \ + 'password.regex': '\\S*', \ + 'password.max-length': ${mosip.esignet.auth-challenge.PWD.max-length}, \ + 'username.regex': '^[0-9]{10,30}$',\ + 'username.prefix': '', \ + 'username.postfix': '', \ + 'username.max-length': 16, \ + 'username.input-type': 'number', 'wallet.config': ${mosip.esignet.ui.wallet.config}, \'signup.config': ${mosip.esignet.ui.signup.config}, \ + 'forgot-password.config': ${mosip.esignet.ui.forgot-password.config}, \ + 'error.banner.close-timer': 10,\ + 'auth.factor.kba.individual-id-field' : '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}',\ + 'auth.factor.kba.field-details': ${mosip.esignet.authenticator.default.auth-factor.kba.field-details} } ## ---------------------------------------------- VCI ------------------------------------------------------------------ # Used to verify audience in the PoP JWT @@ -434,9 +450,9 @@ mosip.esignet.vci.identifier=${mosip.esignet.domain.url} mosip.esignet.vci.authn.filter-urls={ '${server.servlet.path}/vci/credential' } # Change this if the VCI is used with different OAUTH2.0 server mosip.esignet.vci.authn.issuer-uri=${mosip.esignet.discovery.issuer-id} -mosip.esignet.vci.authn.jwk-set-uri=${mosip.esignet.domain.url}/v1/esignet/oauth/.well-known/jwks.json +mosip.esignet.vci.authn.jwk-set-uri=${mosip.esignet.jwks-uri} -mosip.esignet.vci.authn.allowed-audiences={ '${mosip.esignet.domain.url}/v1/esignet/vci/credential' } +mosip.esignet.vci.authn.allowed-audiences={ '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential' } mosip.esignet.cnonce-expire-seconds=40 mosip.esignet.vci.supported.jwt-proof-alg={'RS256','PS256'} @@ -444,7 +460,6 @@ mosip.esignet.vci.key-values={\ 'v11' : {\ 'credential_issuer': '${mosip.esignet.vci.identifier}', \ 'credential_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential', \ - 'display': {{'name': 'Insurance', 'locale': 'en'}},\ 'credentials_supported': {{\ 'format': 'ldp_vc',\ 'id': 'InsuranceCredential', \ diff --git a/esignet-mock.properties b/esignet-mock.properties index 3e8a0c6c03e..e6e34bf46f6 100644 --- a/esignet-mock.properties +++ b/esignet-mock.properties @@ -42,20 +42,6 @@ mosip.esignet.generate-link-code.limit-per-transaction=10 # Time to complete consent after successful authentication, the default value is 120 mosip.esignet.authentication-expire-in-secs=120 -mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authorization/send-otp', \ - '${server.servlet.path}/authorization/authenticate', \ - '${server.servlet.path}/authorization/v2/authenticate', \ - '${server.servlet.path}/authorization/v3/authenticate', \ - '${server.servlet.path}/authorization/auth-code'} - -mosip.esignet.captcha.required.auth-factors={'PWD'} -mosip.esignet.captcha.required= - -mosip.esignet.send-otp.attempts=30 -mosip.esignet.authenticate.attempts=30 -mosip.esignet.send-otp.invocation-gap-secs=10 -mosip.esignet.authenticate.invocation-gap-secs=50 - # Auth challenge type & format mapping. Auth challenge length validations for each auth factor type. mosip.esignet.auth-challenge.OTP.format=alpha-numeric mosip.esignet.auth-challenge.OTP.min-length=6 @@ -80,6 +66,23 @@ mosip.esignet.auth-challenge.KBA.max-length=500 mosip.esignet.auth-challenge.PIN.format=number mosip.esignet.auth-challenge.PIN.min-length=4 mosip.esignet.auth-challenge.PIN.max-length=4 + + +# Endpoints required to have oauth-details-hash and oauth-details-key HTTP header +mosip.esignet.header-filter.paths-to-validate={'${server.servlet.path}/authorization/send-otp', \ + '${server.servlet.path}/authorization/authenticate', \ + '${server.servlet.path}/authorization/v2/authenticate', \ + '${server.servlet.path}/authorization/v3/authenticate', \ + '${server.servlet.path}/authorization/auth-code'} + +#This property is used for captcha validation and allowed values are send-otp, pwd and kba. +#captcha validation is enabled for send-otp, pwd and kba. +mosip.esignet.captcha.required=send-otp,pwd + +#Properties used to ratelimit the incoming requests +mosip.esignet.send-otp.attempts=30 +mosip.esignet.authenticate.attempts=30 + ## ------------------------------------------ e-Signet binding --------------------------------------------------------- mosip.esignet.binding.salt-length=16 @@ -132,7 +135,6 @@ mosip.esignet.integration.captcha-validator=GoogleRecaptchaValidatorService mosip.esignet.integration.vci-plugin=IdaVCIssuancePluginImpl # captcha validator -mosip.esignet.send-otp.captcha-required=false mosip.esignet.captcha-validator.url=https://www.google.com/recaptcha/api/siteverify mosip.esignet.captcha-validator.secret=${esignet.captcha.mock.secret.key} mosip.esignet.captcha-validator.site-key=${esignet.captcha.mock.site.key} @@ -220,7 +222,7 @@ mosip.esignet.supported-pkce-methods={'S256'} ## ---------------------------------------- Cache configuration -------------------------------------------------------- -mosip.esignet.cache.secure.individual-id=false +mosip.esignet.cache.secure.individual-id=true mosip.esignet.cache.store.individual-id=true mosip.esignet.cache.security.secretkey.reference-id=TRANSACTION_CACHE mosip.esignet.cache.security.algorithm-name=AES/ECB/PKCS5Padding @@ -285,7 +287,7 @@ mosip.esignet.jwks-uri=${mosip.esignet.domain.url}/.well-known/jwks.json mosip.esignet.token.endpoint=${mosip.esignet.domain.url}${server.servlet.path}/oauth/v2/token mosip.esignet.oauth.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ - \ 'authorization_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/authorize' , \ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}/authorize' , \ \ 'token_endpoint': '${mosip.esignet.token.endpoint}' , \ \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ \ 'token_endpoint_auth_methods_supported' : ${mosip.esignet.supported.client.auth.methods}, \ @@ -296,7 +298,7 @@ mosip.esignet.oauth.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ \ 'response_types_supported' : ${mosip.esignet.supported.response.types}} mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ - \ 'authorization_endpoint': '${mosip.esignet.domain.url}${server.servlet.path}/authorize' , \ + \ 'authorization_endpoint': '${mosip.esignet.domain.url}/authorize' , \ \ 'token_endpoint': '${mosip.esignet.token.endpoint}' ,\ \ 'userinfo_endpoint' : '${mosip.esignet.domain.url}${server.servlet.path}/oidc/userinfo' ,\ \ 'jwks_uri' : '${mosip.esignet.jwks-uri}' , \ @@ -314,7 +316,7 @@ mosip.esignet.discovery.key-values={'issuer': '${mosip.esignet.domain.url}' ,\ \ 'display_values_supported' : ${mosip.esignet.supported.ui.displays}, \ \ 'subject_types_supported' : { 'pairwise' }, \ \ 'claims_supported' : {'name','address','gender','birthdate','picture','email','phone_number','individual_id'}, \ - \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics'},\ + \ 'acr_values_supported' : {'mosip:idp:acr:static-code', 'mosip:idp:acr:generated-code', 'mosip:idp:acr:linked-wallet', 'mosip:idp:acr:biometrics', 'mosip:idp:acr:knowledge'},\ \ 'request_parameter_supported' : false, \ \ 'claims_locales_supported' : {'en'}, \ \ 'ui_locales_supported' : {'en'} } @@ -411,22 +413,38 @@ mosip.esignet.ui.wallet.config={{'wallet.name': 'Inji Mobile App', 'wallet.logo- 'wallet.deep-link-uri': 'inji://landing-page-name?linkCode=LINK_CODE&linkExpireDateTime=LINK_EXPIRE_DT' },{'wallet.name': 'Inji Mobile App1', 'wallet.logo-url': 'inji_logo.png', 'wallet.download-uri': '#', \ 'wallet.deep-link-uri': 'inji://landing-page-name?linkCode=LINK_CODE&linkExpireDateTime=LINK_EXPIRE_DT' }} -#mosip.esignet.authenticator.default.auth-factor.kbi.field-details=${mosip.esignet.authenticator.sunbird-rc.auth-factor.kbi.field-details} -#mosip.esignet.authenticator.default.auth-factor.kbi.individual-id-field=${mosip.esignet.authenticator.sunbird-rc.auth-factor.kbi.individual-id-field} +mosip.esignet.ui.signup.config={'signup.banner': true, 'signup.url': 'https://${mosip.signup.host}/signup'} -mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id':'policyNumber', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '\\S*'},{"id":"dob", "type":"date", "format":"dd/mm/yyyy"}} +mosip.esignet.ui.forgot-password.config={'forgot-password': true, 'forgot-password.url': 'https://${mosip.signup.host}/reset-password'} + +## Configuration required to display KBI form. +# individual-id-field is set with field id which should be considered as an individual ID in the authenticate request. +# form-details holds the list of field details like below: +# id -> unique field Id, type -> holds datatype, format -> only supported for date fields, regex -> pattern to validate the input value, maxLength -> number of allowed characters +# Example: mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id': '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^[A-Za-z\\s]{1,}[\\.]{0,1}[A-Za-z\\s]{0,}$'},{'id':'dob', 'type':'date', 'format':'dd/mm/yyyy'}} mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field=policyNumber +mosip.esignet.authenticator.default.auth-factor.kba.field-details={{'id':'policyNumber', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '^\\s*[+-]?(\\d+|\\d*\\.\\d+|\\d+\\.\\d*)([Ee][+-]?\\d*)?\\s*$'},{'id':'fullName', 'type':'text', 'format':'', 'maxLength': 50, 'regex': '\\S*'},{"id":"dob", "type":"date", "format":"dd/mm/yyyy"}} +## Configuration Map input to UI at the start of every transaction. mosip.esignet.ui.config.key-values={'sbi.env': 'Developer', 'sbi.timeout.DISC': 30, \ 'sbi.timeout.DINFO': 30, 'sbi.timeout.CAPTURE': 30, 'sbi.capture.count.face': 1, 'sbi.capture.count.finger': 1, \ 'sbi.capture.count.iris': 1, 'sbi.capture.score.face': 70, 'sbi.capture.score.finger':70, 'sbi.capture.score.iris':70, \ 'resend.otp.delay.secs': 180, 'send.otp.channels' : '${mosip.esignet.authenticator.ida.otp-channels}', \ - 'captcha.sitekey' : '${mosip.esignet.captcha-validator.site-key}', 'captcha.enable' : '', \ + 'captcha.sitekey' : '${mosip.esignet.captcha-validator.site-key}', 'captcha.enable' : '${mosip.esignet.captcha.required}', \ 'auth.txnid.length' : '${mosip.esignet.auth-txn-id-length}', 'consent.screen.timeout-in-secs':${mosip.esignet.authentication-expire-in-secs}, \ - 'consent.screen.timeout-buffer-in-secs': 5, 'linked-transaction-expire-in-secs': 240, 'sbi.port.range': 4501-4600, \ - 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': 6, \ - 'password.regex': '\\S*', 'wallet.config': ${mosip.esignet.ui.wallet.config},'auth.factor.kba.individual-id-field' : '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}',\ - 'auth.factor.kba.field-details':${mosip.esignet.authenticator.default.auth-factor.kba.field-details} } + 'consent.screen.timeout-buffer-in-secs': 5, 'linked-transaction-expire-in-secs': 240, 'sbi.port.range': '4501-4600', \ + 'sbi.bio.subtypes.iris': 'UNKNOWN', 'sbi.bio.subtypes.finger': 'UNKNOWN', 'wallet.qr-code-buffer-in-secs': 10, 'otp.length': ${mosip.esignet.auth-challenge.OTP.max-length}, \ + 'password.regex': '\\S*', \ + 'password.max-length': ${mosip.esignet.auth-challenge.PWD.max-length}, \ + 'username.regex': '^[0-9]{10,30}$',\ + 'username.prefix': '', \ + 'username.postfix': '', \ + 'username.max-length': 16, \ + 'username.input-type': 'number', 'wallet.config': ${mosip.esignet.ui.wallet.config}, \'signup.config': ${mosip.esignet.ui.signup.config}, \ + 'forgot-password.config': ${mosip.esignet.ui.forgot-password.config}, \ + 'error.banner.close-timer': 10,\ + 'auth.factor.kba.individual-id-field' : '${mosip.esignet.authenticator.default.auth-factor.kba.individual-id-field}',\ + 'auth.factor.kba.field-details': ${mosip.esignet.authenticator.default.auth-factor.kba.field-details} } ## ---------------------------------------------- VCI ------------------------------------------------------------------ # Used to verify audience in the PoP JWT @@ -434,9 +452,9 @@ mosip.esignet.vci.identifier=${mosip.esignet.domain.url} mosip.esignet.vci.authn.filter-urls={ '${server.servlet.path}/vci/credential' } # Change this if the VCI is used with different OAUTH2.0 server mosip.esignet.vci.authn.issuer-uri=${mosip.esignet.discovery.issuer-id} -mosip.esignet.vci.authn.jwk-set-uri=${mosip.esignet.domain.url}/v1/esignet/oauth/.well-known/jwks.json +mosip.esignet.vci.authn.jwk-set-uri=${mosip.esignet.jwks-uri} -mosip.esignet.vci.authn.allowed-audiences={ '${mosip.esignet.domain.url}/v1/esignet/vci/credential' } +mosip.esignet.vci.authn.allowed-audiences={ '${mosip.esignet.domain.url}${server.servlet.path}/vci/credential' } mosip.esignet.cnonce-expire-seconds=40 mosip.esignet.vci.supported.jwt-proof-alg={'RS256','PS256'}