/esignet

Open ID based e-Signet service for large scale verification & authentication.

Primary LanguageJavaMozilla Public License 2.0MPL-2.0

Maven Package upon a push Quality Gate Status

e-Signet Project

Overview

This repository contains the implementation of Authorization Code flow of OAuth 2.0. Supports all the mandatory features of OIDC (Open ID Connect) specification.

e-Signet repository contains following:

  1. esignet-core - Library containing all the common interfaces, DTOs and utils that is used as dependency in the other esignet module libraries and services
  2. esignet-service - Deployable API service containing all the OIDC and UI controllers.
  3. esignet-integration-api - Library containing all the integration interfaces.
  4. client-management-service-impl - Client management implementations classes.
  5. oidc-service-impl - Oauth and OIDC implementation classes.
  6. binding-service-impl - key and individualId binding service implementation classes.
  7. db_scripts - Contains all the db scripts required to setup or upgrade the DB for esignet module.

Databases

Refer to SQL scripts.

Build & run (for developers)

The project requires JDK 11.

  1. Build and install:
    $ mvn clean install -Dgpg.skip=true
    
  2. Build Docker for a service:
    $ docker build -f Dockerfile
    

Installing in k8s cluster using helm

Pre-requisites

  1. Set the kube config file of the Mosip cluster having dependent services is set correctly in PC.
  2. Make sure DB setup is done.
  3. Add / merge below mentioned properties files into existing config branch:
  4. Below are the dependent services required for esignet service:
    Chart Chart version
    Keycloak 7.1.18
    Keycloak-init 12.0.1-B3
    Postgres 10.16.2
    Postgres Init 12.0.1-B3
    Minio 10.1.6
    Kafka 0.4.2
    Config-server 12.0.1-B3
    Websub 12.0.1-B2
    Artifactory server 12.0.1-B3
    Keymanager service 12.0.1-B2
    Kernel services 12.0.1-B2
    Biosdk service 12.0.1-B3
    Idrepo services 12.0.1-B2
    Pms services 12.0.1-B3
    IDA services 12.0.1-B3

Install

  • Install kubectl and helm utilities.
  • Run install-all.sh to deploy esignet services.
    cd helm
    ./install-all.sh
    
  • During the execution of the install-all.sh script, a prompt appears requesting information regarding the presence of a public domain and a valid SSL certificate on the server.
  • If the server lacks a public domain and a valid SSL certificate, it is advisable to select the n option. Opting it will enable the init-container with an emptyDir volume and include it in the deployment process.
  • The init-container will proceed to download the server's self-signed SSL certificate and mount it to the specified location within the container's Java keystore (i.e., cacerts) file.
  • This particular functionality caters to scenarios where the script needs to be employed on a server utilizing self-signed SSL certificates.

Delete

  • Run delete-all.sh to remove esignet services.
    cd helm
    ./delete-all.sh
    

Restart

  • Run restart-all.sh to restart esignet services.
    cd helm
    ./restart-all.sh
    

Onboard esignet

  • Run onboarder's install.sh script to exchange jwk certificates.

APIs

API documentation is available here.

License

This project is licensed under the terms of Mozilla Public License 2.0.