forked from tf-govstack/mosip-config
-
Notifications
You must be signed in to change notification settings - Fork 1
/
id-authentication-default.properties
629 lines (544 loc) · 37.8 KB
/
id-authentication-default.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
# Follow properites have their values assigned via 'overrides' environment variables of config server docker.
# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server
# helm chart:
# db.dbuser.password
# ida.websub.authtype.callback.secret
# ida.websub.credential.issue.callback.secret
# ida.websub.partner.service.callback.secret
# ida.websub.ca.certificate.callback.secret
# ida.websub.hotlist.callback.secret
# mosip.kernel.tokenid.uin.salt
# mpartner.default.auth.secret
# mosip.kernel.tokenid.partnercode.salt
# softhsm.ida.security.pin
# ida.websub.masterdata.templates.callback.secret
# ida.websub.masterdata.titles.callback.secret
## Client
# The Online Verification partner ID associated to the IDA instance.
# This is used to subscribe to the credential issuance event notification sent by credential service.
# for the particular Online Verification partner.
# This credential issueance notification is handled inside Internal Authentication module.
# The credentials issued to the partner will be as per the data-share policy associated to the partner.
# TO DO: Change the property key to online-verification-partner-id
ida-auth-partner-id=mpartner-default-auth
# Kernel auth client ID for IDA
#Note: since the Online verification Partner ID is used as client ID, for a different IDA instance, this needs to be changed accordingly
#and also to be added to the 'auth.server.admin.allowed.audience' property of all dependency modules.
mosip.ida.auth.clientId=${ida-auth-partner-id}
mosip.ida.auth.secretKey=${mpartner.default.auth.secret}
mosip.ida.auth.appId=ida
## Database
# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace
# If database is external to production, provide the DNS or ip of the host and port
mosip.ida.database.hostname=postgres-postgresql.postgres
mosip.ida.database.port=5432
mosip.ida.database.user=idauser
mosip.ida.database.password=${db.dbuser.password}
javax.persistence.jdbc.driverClassName=org.postgresql.Driver
javax.persistence.jdbc.driver=org.postgresql.Driver
javax.persistence.jdbc.url=jdbc:postgresql://${mosip.ida.database.hostname}:${mosip.ida.database.port}/mosip_ida
javax.persistence.jdbc.user=${mosip.ida.database.user}
javax.persistence.jdbc.username=${mosip.ida.database.user}
javax.persistence.jdbc.password=${mosip.ida.database.password}
javax.persistence.jdbc.schema=ida
javax.persistence.jdbc.uinHashTable=uin_hash_salt
javax.persistence.jdbc.uinEncryptTable=uin_encrypt_salt
## Hibernate
hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect
hibernate.jdbc.lob.non_contextual_creation=true
hibernate.hbm2ddl.auto=none
hibernate.format_sql=true
hibernate.connection.charSet=utf8
hibernate.cache.use_second_level_cache=false
hibernate.cache.use_query_cache=false
hibernate.cache.use_structured_entries=false
hibernate.generate_statistics=false
spring.datasource.initialization-mode=never
hibernate.temp.use_jdbc_metadata_defaults=false
spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true
log4j.logger.org.hibernate=warn
hibernate.show_sql=false
application.id=IDA
application.name=ID-Authentication
## Reference ID used for crypto manager in authentication (for request body)
partner.reference.id=PARTNER
## Reference ID used for crypto manager in internal authentication (for request body)
internal.reference.id=INTERNAL
## Reference ID used for crypto manager in authentication for biometrics
## TO DO: Value to be Changed to IDA-BIO
partner.biometric.reference.id=IDA-FIR
## Reference ID used for crypto manager in internal authentication for biometrics
internal.biometric.reference.id=INTERNAL
identity-cache.reference.id=IDENTITY_CACHE
mosip.sign.applicationid=${application.id}
mosip.sign.refid=SIGN
## Kernel Symmetric Key decryption bytes count for AAD
ida.aad.lastbytes.num=16
## Kernel Symmetric Key decryption bytes count for Salt
ida.salt.lastbytes.num=12
## Request timeout used across all REST API calls in IDA
mosip.ida.request.timeout.secs=10
## Common JSON media type used across all REST API calls in IDA
mosip.ida.request.mediaType=application/json
## IDA mapping
ida.mapping.json.filename=identity-mapping.json
mosip.ida.mapping.json-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/${ida.mapping.json.filename}
ida.mapping.property.source=url:${mosip.ida.mapping.json-uri}
idp.amr-acr.mapping.json.filename=amr-acr-mapping.json
mosip.idp.amr-acr.mapping.json-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/${idp.amr-acr.mapping.json.filename}
idp.amr-acr.ida.mapping.property.source=${mosip.idp.amr-acr.mapping.json-uri}
# The attribute name in the Mapping Json used to fetch Anonymous profile preferred language attribute
mosip.preferred.language.attribute.name=preferredLanguage
# The attribute name in the Mapping Json used to fetch Anonymous profile location attributes
mosip.location.profile.attribute.name=locationHierarchyForProfiling
# Used in Child Auth Filter
mosip.date-of-birth.attribute.name=dateOfBirth
# Used in DOB matching and Child Auth filter
mosip.date-of-birth.pattern=yyyy/MM/dd
# The separators for composite ID Attribute such as fullAddress.
# By default the separator is space.
# Usage: ida.id.attribute.separator.<id_attribute>=<separator string>
# For Example, full address attributes are separated with comman (,).
ida.id.attribute.separator.fullAddress=,
## Biosdk
## Url below assumes the biosdk server is running inside cluster in `biosdk` namespace
mosip.biosdk.default.service.url=${mosip.mock.biosdk.url}/biosdk-service
## For real biosdk
# This class will be loaded in runtime, the containing jar should be available in classpath
mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0
# The version of the BIO SDK API implemeted for Finger modality
mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.version=0.9
# The default URL will be taken if no format specified in the extraction or the incoming extraction format is not configured.
# If the below default configuration is not configured, the one of the configured url will be used as the default URL.
# If no URL is configured, the default URL will be taken from the environment variable 'mosip_biosdk_service'.
mosip.biometric.sdk.providers.finger.mosip-ref-impl-sdk-client.format.url.default=${mosip.biosdk.default.service.url}
# The fully qualified Class Name of the BIO SDK API implemented for Iris modality
# This class will be loaded in runtime, the containing jar should be available in classpath
mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0
# The version of the BIO SDK API implemeted for Iris modality
mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.version=0.9
mosip.biometric.sdk.providers.iris.mosip-ref-impl-sdk-client.format.url.default=${mosip.biosdk.default.service.url}
# The fully qualified Class Name of the BIO SDK API implemented for Face modality
# This class will be loaded in runtime, the containing jar should be available in classpath
mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.classname=io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0
# The version of the BIO SDK API implemeted for Face modality
mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.version=0.9
mosip.biometric.sdk.providers.face.mosip-ref-impl-sdk-client.format.url.default=${mosip.biosdk.default.service.url}
## Kernel-Audit
audit.rest.uri=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits
audit.rest.httpMethod=POST
audit.rest.headers.mediaType=${mosip.ida.request.mediaType}
audit.rest.timeout=${mosip.ida.request.timeout.secs}
## Kernel OTP Validator
otp-validate.rest.uri=${mosip.kernel.otpmanager.url}/v1/otpmanager/otp/validate
otp-validate.rest.httpMethod=GET
otp-validate.rest.headers.mediaType=${mosip.ida.request.mediaType}
otp-validate.rest.timeout=${mosip.ida.request.timeout.secs}
## Kernel OTP Generator
otp-generate.rest.uri=${mosip.kernel.otpmanager.url}/v1/otpmanager/otp/generate
otp-generate.rest.httpMethod=POST
otp-generate.rest.headers.mediaType=${mosip.ida.request.mediaType}
otp-generate.rest.timeout=${mosip.ida.request.timeout.secs}
## Mail Notification
mail-notification.rest.uri=${mosip.kernel.notification.url}/v1/notifier/email/send
mail-notification.rest.httpMethod=POST
mail-notification.rest.headers.mediaType=multipart/form-data
mail-notification.rest.timeout=${mosip.ida.request.timeout.secs}
## SMS Notification
sms-notification.rest.uri=${mosip.kernel.notification.url}/v1/notifier/sms/send
sms-notification.rest.httpMethod=POST
sms-notification.rest.headers.mediaType=${mosip.ida.request.mediaType}
sms-notification.rest.timeout=${mosip.ida.request.timeout.secs}
## Get Identity Data for RID (with type specified as query param) - Used in Internal Auth based on User ID
rid-uin.rest.uri=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid/{rid}?type={type}
rid-uin.rest.httpMethod=GET
rid-uin.rest.headers.mediaType=${mosip.ida.request.mediaType}
rid-uin.rest.timeout=${mosip.ida.request.timeout.secs}
## Get Identity Data for RID (without type specified) - Used in Internal Auth based on User ID
rid-uin-auth.rest.uri=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid/{rid}
rid-uin-auth.rest.httpMethod=GET
rid-uin-auth.rest.headers.mediaType=${mosip.ida.request.mediaType}
rid-uin-auth.rest.timeout=${mosip.ida.request.timeout.secs}
## Partner service API to validate MISP Lisence Key - Partner ID - Partner API Key combination
id-pmp-service.rest.uri=${mosip.pms.partnermanager.url}/v1/partnermanager/partners/{partner_id}/apikey/{partner_api_key}/misp/{misp_license_key}/validate?needPartnerCert={need_partner_cert}
id-pmp-service.rest.httpMethod=GET
id-pmp-service.rest.headers.mediaType=${mosip.ida.request.mediaType}
id-pmp-service.rest.timeout=${mosip.ida.request.timeout.secs}
## Data Share API configurations - used to download data from data share URL provided in credential issueance event
data-share-get.rest.uri=dummy_url_to_be_replaced_in_runtime
data-share-get.rest.httpMethod=GET
data-share-get.rest.headers.mediaType=application/octet-stream
data-share-get.rest.timeout=10
data-share-get-decrypt-ref-id=${ida-auth-partner-id}
## Title Service rest api-GET
id-masterdata-title-service.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/title
id-masterdata-title-service.rest.httpMethod=GET
id-masterdata-title-service.rest.headers.mediaType=${mosip.ida.request.mediaType}
id-masterdata-title-service.rest.timeout=${mosip.ida.request.timeout.secs}
## Master Data - Template Single Language
id-masterdata-template-service.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/templates/{langcode}/{templatetypecode}
id-masterdata-template-service.rest.httpMethod=GET
id-masterdata-template-service.rest.headers.mediaType=${mosip.ida.request.mediaType}
id-masterdata-template-service.rest.timeout=${mosip.ida.request.timeout.secs}
## Master Data - Template Multi language
id-masterdata-template-service-multilang.rest.uri=${mosip.kernel.masterdata.url}/v1/masterdata/templates/templatetypecodes/{code}
id-masterdata-template-service-multilang.rest.httpMethod=GET
id-masterdata-template-service-multilang.rest.headers.mediaType=${mosip.ida.request.mediaType}
id-masterdata-template-service-multilang.rest.timeout=${mosip.ida.request.timeout.secs}
## Websub
ida-websub-authtype-callback-secret=${ida.websub.authtype.callback.secret}
ida-websub-credential-issue-callback-secret=${ida.websub.credential.issue.callback.secret}
ida-websub-partner-service-callback-secret=${ida.websub.partner.service.callback.secret}
ida-websub-hotlist-callback-secret=${ida.websub.hotlist.callback.secret}
ida-websub-masterdata-templates-callback-secret=${ida.websub.masterdata.templates.callback.secret}
ida-websub-masterdata-titles-callback-secret=${ida.websub.masterdata.titles.callback.secret}
ida-websub-credential-issue-callback-url=
## Callback url for MISP/Partner change notification events
ida-websub-partner-service-callback-url=${mosip.ida.internal.url}/${server.servlet.context-path}/callback/partnermanagement/{eventType}
ida-websub-partner-service-apikey-approved-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/apikey_approved
ida-websub-partner-service-partner-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/partner_updated
ida-websub-partner-service-policy-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/policy_updated
ida-websub-partner-service-partner-api-key-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/partner_api_key_updated
ida-websub-partner-service-misp-license-generated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/misp_license_generated
ida-websub-partner-service-misp-license-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/misp_license_updated
ida-websub-partner-service-oidc-client-created-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/oidc_client_created
ida-websub-partner-service-oidc-client-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/oidc_client_updated
#Delay (in milliseconds) for subscription on application startup to avoid failure during intent verification by hub.
subscriptions-delay-on-startup_millisecs=120000
# The time interval in seconds to schedule subscription of topics which is done as a
# work-around for the bug: MOSIP-9496. By default the
# this property value is set to 0 that disables this workaround.
# To enable the resubscrition scheduling, this property should be assigned with a positive
# number like 1 * 60 * 60 = 3600 for one hour
ida-websub-resubscription-delay-secs=43200
delay-to-pull-missing-credential-after-topic-subscription_millisecs=60000
## Websub even topics
ida-topic-auth-type-status-updated=${ida-auth-partner-id}/AUTH_TYPE_STATUS_UPDATE
## Topic for Credential Issueance Event (for UIN/VID create/update events)
ida-topic-credential-issued=${ida-auth-partner-id}/CREDENTIAL_ISSUED
## Topic for ID Remove Event (UIN blocked / VID revoked events)
ida-topic-remove-id=${ida-auth-partner-id}/REMOVE_ID
## Topic for ID Deactivate Event (UIN/VID deactivate events)
ida-topic-deactivate-id=${ida-auth-partner-id}/DEACTIVATE_ID
## Topic for ID Activate Event (UIN/VID activate events)
ida-topic-activate-id=${ida-auth-partner-id}/ACTIVATE_ID
ida-topic-pmp-partner-updated=PARTNER_UPDATED
ida-topic-pmp-partner-api-key-updated=APIKEY_UPDATED
ida-topic-pmp-policy-updated=POLICY_UPDATED
ida-topic-hotlist=MOSIP_HOTLIST
ida-topic-credential-status-update=CREDENTIAL_STATUS_UPDATE
ida-topic-auth-type-status-update-acknowledge=AUTH_TYPE_STATUS_UPDATE_ACK
ida-topic-auth-transaction-status=AUTHENTICATION_TRANSACTION_STATUS
ida-topic-masterdata-templates=MASTERDATA_IDAUTHENTICATION_TEMPLATES
ida-topic-masterdata-titles=MASTERDATA_TITLES
ida-topic-pmp-misp-license-generated=MISP_LICENSE_GENERATED
ida-topic-pmp-misp-license-updated=MISP_LICENSE_UPDATED
ida-topic-pmp-partner-api-key-approved=APIKEY_APPROVED
ida-topic-fraud-analysis=IDA_FRAUD_ANALYTICS
ida-topic-auth-anonymous-profile=ANONYMOUS_PROFILE
ida-topic-pmp-oidc-client-created=OIDC_CLIENT_CREATED
ida-topic-pmp-oidc-client-updated=OIDC_CLIENT_UPDATED
# in minutes
mosip.iam.adapter.validate-expiry-check-rate=15
# in minutes
mosip.iam.adapter.renewal-before-expiry-interval=15
#this should be false if you don?t use the self token restTemplate from auth adapter true if you do (needed for websubclient).
mosip.iam.adapter.self-token-renewal-enable=true
mosip.auth.filter_disable=false
## IDA cache
## IDA cache Time to live in days - To clear cache scheduled based on the days provided.
## value <= 0 means cache clearing based on schedule is disabled.
ida-cache-ttl-in-days=1
## To disable cache, set value to NONE, otherwise SIMPLE to enable cache.
## Value is based on CacheType enum provided by Spring Boot
## spring.cache.type=SIMPLE
spring.cache.type=NONE
## Function configs
#The modulo value to be calculated for a UIN/VID used to get salt value to be used in UIN/VID hashing
ida.uin.salt.modulo=1000
## ID demographic normalization
# This is used to define the seperator for normalizing regex(pattern) and the replacement word. Default is set to '='.
ida.norm.sep==
####### Demo Name/Address Normalization Regular Expressions and their replacement configurations
#Format:
# ida.demo.<name/address/common>.normalization.regex.<languageCode/any>[<sequential index starting from 0>]=<reqular expression>${ida.norm.sep}<replacement string>
# If replacement string is not specified that regular expression will be replaced with empty string
# Note: The sequence should not break in the middle, otherwise all normalization properties will not be read for the particular type.
## For eng.
ida.demo.address.normalization.regex.eng[0]=[CcSsDdWwHh]/[Oo]
ida.demo.address.normalization.regex.eng[1]=(M|m|D|d)(rs?)(.)
ida.demo.address.normalization.regex.eng[2]=(N|n)(O|o)(\\.)?
ida.demo.address.normalization.regex.eng[3]=[aA][pP][aA][rR][tT][mM][eE][nN][tT]${ida.norm.sep}apt
ida.demo.address.normalization.regex.eng[4]=[sS][tT][rR][eE][eE][tT]${ida.norm.sep}st
ida.demo.address.normalization.regex.eng[5]=[rR][oO][aA][dD]${ida.norm.sep}rd
ida.demo.address.normalization.regex.eng[6]=[mM][aA][iI][nN]${ida.norm.sep}mn
ida.demo.address.normalization.regex.eng[7]=[cC][rR][oO][sS][sS]${ida.norm.sep}crs
ida.demo.address.normalization.regex.eng[8]=[oO][pP][pP][oO][sS][iI][tT][eE]${ida.norm.sep}opp
ida.demo.address.normalization.regex.eng[9]=[mM][aA][rR][kK][eE][tT]${ida.norm.sep}mkt
ida.demo.address.normalization.regex.eng[10]=1[sS][tT]${ida.norm.sep}1
ida.demo.address.normalization.regex.eng[11]=1[tT][hH]${ida.norm.sep}1
ida.demo.address.normalization.regex.eng[12]=2[nN][dD]${ida.norm.sep}2
ida.demo.address.normalization.regex.eng[13]=2[tT][hH]${ida.norm.sep}2
ida.demo.address.normalization.regex.eng[14]=3[rR][dD]${ida.norm.sep}3
ida.demo.address.normalization.regex.eng[15]=3[tT][hH]${ida.norm.sep}3
ida.demo.address.normalization.regex.eng[16]=4[tT][hH]${ida.norm.sep}4
ida.demo.address.normalization.regex.eng[17]=5[tT][hH]${ida.norm.sep}5
ida.demo.address.normalization.regex.eng[18]=6[tT][hH]${ida.norm.sep}6
ida.demo.address.normalization.regex.eng[19]=7[tT][hH]${ida.norm.sep}7
ida.demo.address.normalization.regex.eng[20]=8[tT][hH]${ida.norm.sep}8
ida.demo.address.normalization.regex.eng[21]=9[tT][hH]${ida.norm.sep}9
ida.demo.address.normalization.regex.eng[22]=0[tT][hH]${ida.norm.sep}0
# Note: the common normalization attributes will be replaced at the end.
# Special characters are removed : . , - * ( ) [ ] ` ' / \ # "
# Replace spcial char with space.Trailing space is removed from property. As a workaround first replacing with " ." then removing the "."
ida.demo.common.normalization.regex.any[0]=[\\.|,|\\-|\\*|\\(|\\)|\\[|\\]|`|\\'|/|\\|#|\"]${ida.norm.sep} .
# Trailing space is removed from property. As a workaround first replacing with " ." then removing the "."
ida.demo.common.normalization.regex.any[1]=\\s+${ida.norm.sep} .
ida.demo.common.normalization.regex.any[2]=\\.${ida.norm.sep}
# Language Code
ida.errormessages.default-lang=en
## OTP flooding
## Configure Time limit for OTP Flooding scenario (in minutes)
otp.request.flooding.duration=1
otp.request.flooding.max-count=100
## Notification templates
ida.auth.mail.content.template=auth-email-content
ida.auth.mail.subject.template=auth-email-subject
ida.otp.mail.content.template=ida-auth-otp-email-content-template
ida.otp.mail.subject.template=ida-auth-otp-email-subject-template
ida.auth.sms.template=auth-sms
ida.otp.sms.template=ida-auth-otp-sms-template
## UIN/VID/USERID Masking to be done on SMS/EMAIL notification
## Configure the no of digits to be masked while masking UIN/VID/USERID.
## For example if UIN is 1234567890 and mask count is 6, masked UIN will be: XXXXXX7890
notification.uin.masking.charcount=8
notification.date.format=dd-MM-yyyy
notification.time.format=HH:mm:ss
## Allowed authentication types for Authentciation/E-KYC/Internal Authentication requests
## Accepted values otp-request, otp, demo, bio-Finger, bio-Iris, bio-Face
## Configure authentications permissable for a country
auth.types.allowed=demo,otp,bio-Finger,bio-Iris,bio-Face
## Configure authentications permissable for e-KYC for a country
ekyc.auth.types.allowed=demo,otp,bio-Finger,bio-Iris,bio-Face
## Configure authentication types permissable for internal authentication
internal.auth.types.allowed=otp,bio-Finger,bio-Iris,bio-Face
## Allowed IdTypes for hotlisting
mosip.ida.internal.hotlist.idtypes.allowed=UIN,VID,PARTNER_ID,DEVICE,DEVICE_PROVIDER
## Datetime
#Example allowed date time formats: "2020-10-23T12:21:38.660Z" , 2019-03-28T10:01:57.086+05:30
datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSSXXX
# Request IDs used in IDA REST APIs
ida.api.id.auth=mosip.identity.auth
ida.api.id.kyc=mosip.identity.kyc
ida.api.id.otp=mosip.identity.otp
ida.api.id.staticpin=mosip.identity.staticpin
ida.api.id.vid=mosip.identity.vid
ida.api.id.internal=mosip.identity.auth.internal
ida.api.id.auth.transactions=mosip.identity.authtransactions.read
ida.api.id.otp.internal=mosip.identity.otp.internal
ida.api.id.kycauth=mosip.identity.kycauth
ida.api.id.kycexchange=mosip.identity.kycexchange
## Request versions
ida.api.version.auth=1.0
ida.api.version.kyc=1.0
ida.api.version.otp=1.0
ida.api.version.staticpin=1.0
ida.api.version.vid=1.0
ida.api.version.internal=1.0
ida.api.version.auth.transactions=1.0
ida.api.version.otp.internal=1.0
ida.api.version.kycauth=1.0
ida.api.version.kycexchange=1.0
## Auth response token config
## Preference to turn on/off of authentication response token for a Country
## A partner specific policy will govern how the response token is generated, whether it should be Random/Partner or Policy specific
## TO DO: Remane static.token.enable to auth.token.enable
static.token.enable=true
## Allowed ID Types (allowed values : UIN/VID/USERID) to be supported for Authentication/KYC/OTP Requests
request.idtypes.allowed=VID,UIN
## The ID types to be supported for Internal Authentication/OTP Requests
request.idtypes.allowed.internalauth=UIN,VID
## Cryptograpic/Signature verificate related configurations
mosip.ida.internal.thumbprint-validation-required=false
mosip.ida.internal.trust-validation-required=false
## Kernel retry
# The retry limit excluding the first attempt before attempting for retries. Default is set to 5.
kernel.retry.attempts.limit=5
## The initial interval to be used for exponential backoff in milli seconds. If the exponential backoff is disabled by setting 'kernel.retry.exponential.backoff.multiplier' value as 1, this initial interval will be used as the fixed backoff interval for every retries. Default value is 200 millisecs
kernel.retry.exponential.backoff.initial.interval.millisecs=100
## The multiplier for exponential backoff intreval. A double value greater than or equal to 1. Setting to 1 will make it to fixed backoff, more than 1 will apply exponential backoff. Default is 1.0 (fixed backoff). For exponential backoff the suggested value is 1.5 or 2. The next backoff interval is calculated with the formula: NextBackOffInterval = initialInterval * Math.pow(multiplier, retryCount)
kernel.retry.exponential.backoff.multiplier=1.5
kernel.retry.exponential.backoff.max.interval.millisecs=1000
## Whether to traverse to the root cause exception from the exception thrown and use the same root cause to decide whether to retry or not. Default is true.
kernel.retry.traverse.root.cause.enabled=false
## Comma separated List of fully qualified Exceptions which are retryable (inclusion list). Their subclasses will also be considered in the evaluation.
kernel.retry.retryable.exceptions=io.mosip.idrepository.core.exception.IdRepoRetryException,org.springframework.dao.DataIntegrityViolationException,org.hibernate.exception.ConstraintViolationException,org.springframework.orm.ObjectOptimisticLockingFailureExceptionf
## Comma separated List of fully qualified Exceptions which are not-retryable (exclusion list). Their subclasses will also be considered in the evaluation.
kernel.retry.nonretryable.exceptions=
## Credential Store batch and retry configurations
## To disable automatic job launch in startup, setting to false.
spring.batch.job.enabled=false
## Chunk size of items to be processed in spring batch. This value also assigned to the thread count, and hence all the items are processed in parellel asynchronusly.
ida.batch.credential.store.chunk.size=5
ida.batch.credential.store.job.delay=1000
## The retry limit excluding the first attempt before attempting for retries
ida.credential.store.retry.max.limit=10
ida.credential.store.retry.backoff.interval.millisecs=5000
## The multiplier for exponential backoff intreval. A double value greater than or equal to 1. Setting to 1 will make it to fixed backoff, more than 1 will apply exponential backoff. Default is 1.0 (fixed backoff). For exponential backoff the suggested value is 1.5 or 2. The next backoff interval is calculated with the formula: NextBackOffInterval = initialInterval * Math.pow(multiplier, retryCount)
ida.credential.store.retry.backoff.exponential.multiplier=1.5
ida.credential.store.retry.backoff.exponential.max.interval.millisecs=120000
## Configurations needed for dependent libraries
## Softhsm
mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io
mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf
mosip.kernel.keymanager.hsm.keystore-type=PKCS11
mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.ida.security.pin}
## Security - used in Internal Authentication Services by default Kernel Auth Adapter
mosip.security.csrf-enable=false
mosip.security.cors-enable=false
mosip.security.origins=localhost:8080
mosip.security.secure-cookie=false
## Key-manager
mosip.root.key.applicationid=ROOT
mosip.kernel.certificate.sign.algorithm=SHA256withRSA
## Default certificate params
mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER
mosip.kernel.keymanager.certificate.default.organization=IITB
mosip.kernel.keymanager.certificate.default.location=BANGALORE
mosip.kernel.keymanager.certificate.default.state=KA
mosip.kernel.keymanager.certificate.default.country=IN
## Zero Knowledge Master & Public Key identifier.
mosip.kernel.zkcrypto.masterkey.application.id=${application.id}
mosip.kernel.zkcrypto.masterkey.reference.id=${identity-cache.reference.id}
mosip.kernel.zkcrypto.publickey.application.id=${application.id}
mosip.kernel.zkcrypto.publickey.reference.id=CRED_SERVICE
mosip.kernel.zkcrypto.wrap.algorithm-name=AES/ECB/NoPadding
mosip.kernel.zkcrypto.derive.encrypt.algorithm-name=AES/ECB/PKCS5Padding
## Application Id for PMS master key.
mosip.kernel.partner.sign.masterkey.application.id=PMS
## Kernel salt generator
mosip.kernel.salt-generator.db.key-alias=javax.persistence.jdbc
mosip.kernel.salt-generator.schemaName=${javax.persistence.jdbc.schema}
## TokenId generator
mosip.kernel.tokenid.uin.salt=${mosip.kernel.uin.salt}
mosip.kernel.tokenid.partnercode.salt=${mosip.kernel.partnercode.salt}
## Partner Management Service allowed partner domains
mosip.kernel.partner.allowed.domains=AUTH,DEVICE,FTM
# IAM Adapter
mosip.iam.adapter.clientid=${mosip.ida.auth.clientId}
mosip.iam.adapter.clientsecret=${mosip.ida.auth.secretKey}
mosip.iam.adapter.appid=${mosip.ida.auth.appId}
mosip.authmanager.client-token-endpoint=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey
## IDA key generator
keymanager.persistence.jdbc.driver=org.postgresql.Driver
keymanager_database_url=jdbc:postgresql://${mosip.ida.database.hostname}:${mosip.ida.database.port}/mosip_ida
keymanager_database_username=${mosip.ida.database.user}
keymanager_database_password=${db.dbuser.password}
mosip.kernel.keymanager.autogen.appids.list=ROOT,${application.id},${mosip.sign.applicationid}:${mosip.sign.refid},${application.id}:${mosip.kernel.zkcrypto.masterkey.reference.id},IDA_KYC_EXCHANGE,IDA_KEY_BINDING
mosip.kernel.keymanager.autogen.basekeys.list=${application.id}:${internal.reference.id},${application.id}:${partner.reference.id},${application.id}:${partner.biometric.reference.id},${application.id}:${mosip.kernel.zkcrypto.publickey.reference.id},${application.id}:${ida-auth-partner-id}
zkcrypto.random.key.generate.count=0
keymanager.persistence.jdbc.schema=ida
## TODO: For testing. Revert in production
mosip.kernel.keymanager.keystore.keyreference.enable.cache=false
## Admin
# Configure N time period threshold for accepting auth/OTP/KYC request for a country
authrequest.received-time-allowed.seconds=120
# Configuration for +/- time period adjustment in minutes for the request time validation, so that
# The requests originating from a system that is not in time-sync will be accepted for the time period
authrequest.received-time-adjustment.seconds=120
#Configuration for time period difference between each biometric segment and digital Id capture
authrequest.biometrics.allowed-segment-time-difference-in-seconds=120
# Credential Request API to get Request IDs for the given status, pageStart and page
cred-request-service-get-request-ids.pageSize=10
cred-request-service-get-request-ids.statusCode=ISSUED
ida-max-credential-pull-window-days=2
ida-max-websub-messages-pull-window-days=2
cred-request-service-get-request-ids.rest.uri=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/getRequestIds?direction=ASC&orderBy=updateDateTime&pageNumber={pageNumber}&pageSize=${cred-request-service-get-request-ids.pageSize}&statusCode=${cred-request-service-get-request-ids.statusCode}&effectivedtimes={effectivedtimes}
cred-request-service-get-request-ids.rest.httpMethod=GET
cred-request-service-get-request-ids.rest.headers.mediaType=${mosip.ida.request.mediaType}
cred-request-service-get-request-ids.rest.timeout=${mosip.ida.request.timeout.secs}
# Credential Request API to get Request IDs for the given status, pageStart and page
cred-request-service-retrigger-cred-issuance.rest.uri=${mosip.idrepo.credrequest.generator.url}/v1/credentialrequest/retrigger/{requestId}
cred-request-service-retrigger-cred-issuance.rest.httpMethod=PUT
cred-request-service-retrigger-cred-issuance.rest.headers.mediaType=${mosip.ida.request.mediaType}
cred-request-service-retrigger-cred-issuance.rest.timeout=${mosip.ida.request.timeout.secs}
# Child Auth Filter configurations
ida.child-auth-filter.factors.denied=otp,bio
ida.child-auth-filter.child.max.age=5
# The chunk size of failed message items to be processed in spring batch. This value also assigned to the thread count, and hence all the items are processed in parellel asynchronusly.
ida.fetch.failed.websub.messages.chunk.size=10
## Auth filters
# Comma Seperated list of fully qualified classes of the auth filters in the order in which they have to be executed.
# If validation with one filter fails with an error, the rest of the filter in the sequence will be skipped
# and error will be returned in the auth response.
#Auth Filters for external auth
ida.mosip.external.auth.filter.classes.in.execution.order=io.mosip.authentication.hotlistfilter.impl.PartnerIdHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.IndividualIdHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.DeviceProviderHotlistFilterImpl,io.mosip.authentication.hotlistfilter.impl.DeviceHotlistFilterImpl,io.mosip.authentication.childauthfilter.impl.ChildAuthFilterImpl,io.mosip.authentication.authtypelockfilter.impl.AuthTypeLockFilterImpl
#Auth Filters for kyc auth
ida.mosip.internal.auth.filter.classes.in.execution.order=io.mosip.authentication.hotlistfilter.impl.IndividualIdHotlistFilterImpl,io.mosip.authentication.childauthfilter.impl.ChildAuthFilterImpl
## Demo SDK integration
mosip.demographic.sdk.api.classname=io.mosip.demosdk.client.impl.spec_1_0.Client_V_1_0
mosip.normalizer.sdk.api.classname=io.mosip.demosdk.client.impl.spec_1_0.Normalizer_V_1_0
#This is the frontend url configured in the open-id system. This url should match the issuer attribute in JWT.
auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/
auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken
#This url should be reachable internally to issue token.
auth-token-generator.rest.issuerUrl=${keycloak.internal.url}/auth/realms/mosip
#Fixed delay in which cleanup will be done in Hours
mosip.hotlist.cleanup-schedule.fixed-delay-in-hours=24
# The target enviornment. This values should be comma separted.
#Ex.Staging,Developer
mosip.ida.allowed.enviromemnts=Staging,Developer,Pre-Production,Production
# Allowed domain Uris. This values should be comma separted.
#Ex. https://dev.mosip.net,https://qa2.mosip.net
mosip.ida.allowed.domain.uris=${mosip.api.internal.url},https://${mosip.esignet.host}
biometrics.datetime.pattern=yyyy-MM-dd'T'HH:mm:ssXXX
#The list of attributes in identity that are to be decrypted by default
ida-default-identity-filter-attributes=phone,fullName,dateOfBirth,email
#------ Un-encrypted Credential Attributes list -----------
#The list of attributes in identity that not are Zero Knowledge encrpted while creating the credential in credential service as per the datashare policy. The same credential format is dumped in IDA DB (identity_cache table).
#These attributes will not be decrypted when fetching the records from IDA DB for Authentication/EKYC/OTP requests.
#By default all attributes are assumed to be Zero Knowledge encrypted.
#Specify the attributes here only if they are not encrypted as per the datashare policy.
ida-zero-knowledge-unencrypted-credential-attributes=
#openapi properties to sort tags and operations in Id Authentication
springdoc.swagger-ui.tagsSorter=alpha
springdoc.swagger-ui.operationsSorter=alpha
# for Fraud management
mosip.ida.fraud-analysis-enabled=true
mosip.ida.active-async-thread-count=100
# Logging of thread queue done based on below value in ms. Logging is done only if queue value of any one thread group crosses below specified threshold.
mosip.ida.monitor-thread-queue-in-ms=600000
mosip.ida.max-thread-queue-threshold=100
## Roles
mosip.role.idauth.postotp=RESIDENT
mosip.role.idauth.postauth=REGISTRATION_PROCESSOR,REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,RESIDENT
mosip.role.idauth.postverifyidentity=REGISTRATION_PROCESSOR,REGISTRATION_ADMIN,REGISTRATION_OFFICER,REGISTRATION_SUPERVISOR,RESIDENT
mosip.role.idauth.getauthtransactionsindividualid=RESIDENT
mosip.role.keymanager.postencrypt=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,CREDENTIAL_REQUEST
mosip.role.keymanager.postdecrypt=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,CREDENTIAL_REQUEST
mosip.role.keymanager.postencryptwithpin=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
mosip.role.keymanager.postdecryptwithpin=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
mosip.role.keymanager.postencryptdt=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
mosip.role.keymanager.postdecryptdt=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
mosip.role.keymanager.postgeneratemasterkeyobjecttype=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
mosip.role.keymanager.getgetcertificate=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,KEY_MAKER
mosip.role.keymanager.postgeneratecsr=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,KEY_MAKER
mosip.role.keymanager.postuploadcertificate=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,KEY_MAKER
mosip.role.keymanager.postuploadotherdomaincertificate=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT,KEY_MAKER
mosip.role.keymanager.postgeneratesymmetrickey=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
mosip.role.keymanager.putrevokekey=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
mosip.role.keymanager.postuploadcacertificate=PARTNER_ADMIN
mosip.role.keymanager.postuploadpartnercertificate=PARTNER_ADMIN,PARTNER
mosip.role.keymanager.getgetpartnercertificatepartnercertid=PARTNER_ADMIN,PARTNER
mosip.role.keymanager.postverifycertificatetrust=PARTNER_ADMIN,PARTNER
mosip.role.keymanager.postsign=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
mosip.role.keymanager.postvalidate=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
mosip.role.keymanager.postpdfsign=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
mosip.role.keymanager.postjwtsign=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
mosip.role.keymanager.postjwtverify=INDIVIDUAL,ID_AUTHENTICATION,REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_PROCESSOR,PRE_REGISTRATION_ADMIN,RESIDENT
#logging.level.root=DEBUG
# Secret will be used during kyc token generation.
mosip.ida.kyc.token.secret=${mosip.ida.kyc.token.secret}
mosip.ida.kyc.token.expire.time.adjustment.seconds=3000
mosip.ida.kyc.exchange.default.lang=eng
mosip.ida.idp.consented.address.subset.attributes=street_address,locality,region,postal_code,country