- This guide will walk you through the deployment process of the Esignet application.
- The setup involves creating
- Kubernetes cluster
- Setting up Nginx
- Installing Istio
- Configuring storage class
- Configuring the necessary dependent services
- Deploying Esignet services
- Kubernetes cluster should be ready with storage class and ingress configured properly.
- Below is the document containing steps to create and configure K8 cluster.
esignet-globalconfigmap: For eSignet K8's env,esignet-globalconfigmap inesignetnamespace contains Domain related information. Follow below steps to add domain details foresignet-globalconfigmap.- Copy
esignet-global-cm.yaml.sampletoesignet-global-cm.yaml.cp esignet-global-cm.yaml.sample esignet-global-cm.yaml - Update the domain names in
esignet-global-cm.yamlcorrectly for your environment. - Create a google recaptcha v2 ("I am not a Robot") from Google with required domain name ex:[sandbox.mosip.net] Recaptcha Admin and set esignet captcha.
- External IAM scope: [TODO]
- If using an external IAM, copy the secrets from the external IAM and create a secret named keycloak-client-secrets in the esignet namespace.
- Copy
- Install pre-requisites
./install-prereq.sh
- Update values file for postgres init here.
- Execute
initialise-prereq.shscript to initialise postgres and keycloak../initialise-prereq.sh
During deployment, the system will prompt for user input to select the appropriate plugin. The available options are listed below:
- esignet-mock-plugin
- mosip-identity-plugin
- sunbird-rc-plugin
- custom-plugin"
./install-esignet.sh
- Before proceeding with the Onboarding steps, please ensure that the Mock Relying Party services are deployed and running.
- Deployment of the mock Relying Party portal is optional if you already have your own Relying Party portal.
- You can refer to the default mock relying party implementation here:
- Once the Relying Party is deployed, proceed with the onboarding.
- There are two ways to proceed, either with mosip identity plugin or with mock plugin.
- If Esignet is getting deployed with MOSIP then we need to execute the onboarder for MISP partner and mock-rp oidc clientId.
- Onboarder scripts.
Download and import eSignet-with-mock.postman_environment.json and eSignet.postman_collection.json postman collection from here)
- Fetch the Authentication Token
Navigate to "OIDC Client Mgmt" → "Mock" → "Get Auth Token" to retrieve the authentication token.
- Update the client_secret (retrieve it from the keycloak-client-secrets).
- Update the iam_url (Keycloak URL) in the request body.
- Retrieve the Keycloak URL from the config-map under keycloak-host → keycloak-external-url.
- Fetch the CSRF Token
- Navigate to "OIDC Client Mgmt" → "Mock" → "Get CSRF Token" to obtain the CSRF token.
- Update the "url" to ge the CSRF Token.
- Update the Request Fields for OIDC Client Creation
- Before executing the "Create OIDC Client" request, update the following fields in the request body:
- url
- logo-uri
- redirect-uri
- client-name
- client-id
- Before executing the "Create OIDC Client" request, update the following fields in the request body:
- Update the clientId in Deployment
- Once the clientId is created and activated, update the clientId in the mock-relying-party-ui deployment.
- Update the Client Private Key
- Retrieve the
client-private-keyfrom the eSignet-with-mock Postman environment, as shown in the image below:
- Encode the retrieved
client-private-keyusing Base64. - Update the Base64-encoded
client-private-keyin the mock-relying-party service secret.
- Retrieve the
This deployment is limited to mock Below section related to configuring IDA is not tested. Still it can be tried out
Onboard eSignet as MISP partner in MOSIP PMS using our onboarder script We should override properties defined here if there is any change in the MOSIP IDA domain names. Update the 'MOSIP_ESIGNET_AUTHENTICATOR_IDA_SECRET_KEY' property with MOSIP IDA keycloak client secret.