updated config from develop2 changes mosip#1275 PR

application-default.properties

@@ -276,7 +276,7 @@ mosip.keycloak.issuerUrl=${keycloak.host}/auth/realms/mosip
 mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter
 mosip.kernel.auth.adapter.ssl-bypass=true
 mosip.kernel.auth.appid-realm-map={prereg:'preregistration',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip'}
-mosip.kernel.auth.appids.realm.map={prereg:'preregistration',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip'}
+mosip.kernel.auth.appids.realm.map={prereg:'preregistration',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip',idrepo:'mosip'}
 
 ## Crypto
 mosip.kernel.crypto.asymmetric-algorithm-name=RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING

data-share-default.properties

@@ -33,4 +33,4 @@ mosip.data.share.includePayload=false
 mosip.data.share.digest.algorithm=SHA256
 mosip.data.share.prependThumbprint=true
 
-auth.server.admin.allowed.audience=mosip-partner-client,mosip-creser-client,mosip-ida-client,mosip-regproc-client,mosip-resident-client,mosip-reg-client
+auth.server.admin.allowed.audience=mosip-partner-client,mosip-creser-client,mpartner-default-auth,mosip-regproc-client,mosip-reg-client

id-authentication-default.properties

@@ -18,7 +18,17 @@
 
 mosip.api.internal.url=https://${mosip.api.internal.host}
 ## Client
-mosip.ida.auth.clientId=mosip-ida-client
+# The Online Verification partner ID associated to the IDA instance.
+# This is used to subscribe to the credential issuance event notification sent by credential service.
+# for the particular Online Verification partner.
+# This credential issueance notification is handled inside Internal Authentication module.
+# The credentials issued to the partner will be as per the data-share policy associated to the partner.
+# TO DO: Change the property key to online-verification-partner-id
+ida-auth-partner-id=mpartner-default-auth
+# Kernel auth client ID for IDA
+#Note: since the Online verification Partner ID is used as client ID, for a different IDA instance, this needs to be changed accordingly
+#and also to be added to the 'auth.server.admin.allowed.audience' property of all dependency modules.
+mosip.ida.auth.clientId=${ida-auth-partner-id}
 mosip.ida.auth.secretKey=${mosip.mosip.ida.client.secret}
 mosip.ida.auth.appId=ida
 
@@ -58,13 +68,6 @@ spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true
 log4j.logger.org.hibernate=warn
 hibernate.show_sql=false
 
-## The Online Verification partner ID associated to the IDA instance.
-## This is used to subscribe to the credential issuance event notification sent by credential service.
-## for the particular Online Verification partner. 
-## This credential issueance notification is handled inside Internal Authentication module.
-## The credentials issued to the partner will be as per the data-share policy associated to the partner.
-## TO DO: Change the property key to online-verification-partner-id
-ida-auth-partner-id=mpartner-default-auth
 application.id=IDA
 application.name=ID-Authentication
 
@@ -212,14 +215,25 @@ ida-websub-hotlist-callback-secret=${ida.websub.hotlist.callback.secret}
 ida-websub-masterdata-templates-callback-secret=${ida.websub.masterdata.templates.callback.secret}
 ida-websub-masterdata-titles-callback-secret=${ida.websub.masterdata.titles.callback.secret}
 
-ida-websub-auth-type-callback-url=${mosip.ida-internal-service.url}/idauthentication/v1/internal/callback/authTypeCallback/{partnerId}
+ida-websub-auth-type-callback-relative-url=${server.servlet.context-path}/callback/authTypeCallback/${ida-auth-partner-id}
+ida-websub-auth-type-callback-url=${mosipbox.public.url}${ida-websub-auth-type-callback-relative-url}
 ## Callback url for credential issueance event notification, including id remove/deactivate/activate events
-ida-websub-credential-issue-callback-url=${mosip.ida-internal-service.url}/idauthentication/v1/internal/callback/idchange/{eventType}/{partnerId}
+ida-websub-idchage-callback-url=${mosipbox.public.url}${server.servlet.context-path}/callback/idchange/{eventType}/${ida-auth-partner-id}
+ida-websub-idchange-credential-issued-callback-relative-url=${server.servlet.context-path}/callback/idchange/credential_issued/${ida-auth-partner-id}
+ida-websub-idchange-remove-id-callback-relative-url=${server.servlet.context-path}/callback/idchange/remove_id/${ida-auth-partner-id}
+ida-websub-idchange-deactivate-id-callback-relative-url=${server.servlet.context-path}/callback/idchange/deactivate_id/${ida-auth-partner-id}
+ida-websub-idchange-activate-id-callback-relative-url=${server.servlet.context-path}/callback/idchange/activate_id/${ida-auth-partner-id}
 ## Callback url for MISP/Partner change notification events
 ida-websub-partner-service-callback-url=${mosip.api.internal.url}${server.servlet.context-path}/callback/partnermanagement/{eventType}
-
+ida-websub-partner-service-apikey-approved-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/apikey_approved
+ida-websub-partner-service-partner-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/partner_updated
+ida-websub-partner-service-policy-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/policy_updated
+ida-websub-partner-service-partner-api-key-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/partner_api_key_updated
+ida-websub-partner-service-misp-license-generated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/misp_license_generated
+ida-websub-partner-service-misp-license-updated-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/misp_license_updated
 ## Callback url for hotlist event
-ida-websub-hotlist-callback-url=${mosip.api.internal.url}${server.servlet.context-path}/callback/hotlist
+ida-websub-hotlist-callback-relative-url=${server.servlet.context-path}/callback/hotlist
+ida-websub-hotlist-callback-url=${mosipbox.public.url}${ida-websub-hotlist-callback-relative-url}
 
 #Delay (in milliseconds) for subscription on application startup to avoid failure during intent verification by hub.
 subscriptions-delay-on-startup_millisecs=120000
@@ -250,8 +264,8 @@ ida-topic-hotlist=MOSIP_HOTLIST
 ida-topic-credential-status-update=CREDENTIAL_STATUS_UPDATE
 ida-topic-auth-type-status-update-acknowledge=AUTH_TYPE_STATUS_UPDATE_ACK
 ida-topic-auth-transaction-status=AUTHENTICATION_TRANSACTION_STATUS
-ida-topic-masterdata-templates=masterdata/idauthentication_templates
-ida-topic-masterdata-titles=masterdata/titles
+ida-topic-masterdata-templates=MASTERDATA_IDAUTHENTICATION_TEMPLATES
+ida-topic-masterdata-titles=MASTERDATA_TITLES
 ida-topic-pmp-misp-license-generated=MISP_LICENSE_GENERATED
 ida-topic-pmp-misp-license-updated=MISP_LICENSE_UPDATED
 ida-topic-pmp-partner-api-key-approved=APIKEY_APPROVED
@@ -261,6 +275,14 @@ ida-topic-pmp-policy-updated=POLICY_UPDATED
 ida-topic-fraud-analysis=IDA_FRAUD_ANALYTICS
 ida-topic-auth-anonymous-profile=ANONYMOUS_PROFILE
 
+# in minutes
+mosip.iam.adapter.validate-expiry-check-rate=15
+# in minutes
+mosip.iam.adapter.renewal-before-expiry-interval=15
+#this should be false if you don?t use the self token restTemplate from auth adapter true if you do (needed for websubclient).
+mosip.iam.adapter.self-token-renewal-enable=true
+mosip.auth.filter_disable=false
+
 ## IDA cache
 ## IDA cache Time to live in days - To clear cache scheduled based on the days provided.
 ## value <= 0 means cache clearing based on schedule is disabled.

id-authentication-external-default.properties

@@ -1,8 +1,12 @@
-## Masterdata templates
-ida-websub-masterdata-templates-callback-url=${mosip.api.internal.url}${server.servlet.context-path}/callback/masterdata/templates
-ida-websub-masterdata-titles-callback-url=${mosip.api.internal.url}${server.servlet.context-path}/callback/masterdata/titles
+ida-websub-masterdata-templates-callback-relative-url=${server.servlet.context-path}/callback/masterdata/templates
+ida-websub-masterdata-templates-callback-url=${mosipbox.public.url}${ida-websub-masterdata-templates-callback-relative-url}
+ida-websub-masterdata-titles-callback-relative-url=${server.servlet.context-path}/callback/masterdata/titles
+ida-websub-masterdata-titles-callback-url=${mosipbox.public.url}${ida-websub-masterdata-titles-callback-relative-url}
+
 # Callback url for partner CA certification upload event
-ida-websub-ca-cert-callback-url=${mosip.api.internal.url}${server.servlet.context-path}/callback/partnermanagement/ca_certificate
+ida-websub-ca-cert-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/ca_certificate
+ida-websub-ca-cert-callback-url=${mosipbox.public.url}${ida-websub-ca-cert-callback-relative-url}
+
 # Secret for partner CA certification upload callback
 ida-websub-ca-certificate-callback-secret=${ida.websub.ca.certificate.callback.secret}
 # Topic for Partner CA Certificate Upload event

id-authentication-internal-default.properties

@@ -1,13 +1,13 @@
-# Follow properites have their values assigned via 'overrides' environment variables of config server docker.
-# DO NOT define these in any of the property files.  They must be passed as env variables.  Refer to config-server
-# helm chart:
-# mosip.api.internal.url
+ida-websub-masterdata-templates-callback-relative-url=${server.servlet.context-path}/callback/masterdata/templates
+ida-websub-masterdata-templates-callback-url=${mosipbox.public.url}${ida-websub-masterdata-templates-callback-relative-url}
+ida-websub-masterdata-titles-callback-relative-url=${server.servlet.context-path}/callback/masterdata/titles
+ida-websub-masterdata-titles-callback-url=${mosipbox.public.url}${ida-websub-masterdata-titles-callback-relative-url}
 
-ida-websub-masterdata-templates-callback-url=${mosip.api.internal.url}${server.servlet.context-path}/callback/masterdata/templates
-ida-websub-masterdata-titles-callback-url=${mosip.api.internal.url}${server.servlet.context-path}/callback/masterdata/titles
 
 # Callback url for partner CA certification upload event
-ida-websub-ca-cert-callback-url=${mosip.api.internal.url}${server.servlet.context-path}/callback/partnermanagement/ca_certificate
+ida-websub-ca-cert-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/ca_certificate
+ida-websub-ca-cert-callback-url=${mosipbox.public.url}${ida-websub-ca-cert-callback-relative-url}
+
 # Secret for partner CA certification upload callback
 ida-websub-ca-certificate-callback-secret=${ida.websub.ca.certificate.callback.secret}
 # Topic for Partner CA Certificate Upload event

id-authentication-otp-default.properties

@@ -1,9 +1,12 @@
-## Masterdata templates
-ida-websub-masterdata-templates-callback-url=${mosip.api.internal.url}${server.servlet.context-path}/callback/masterdata/templates
-ida-websub-masterdata-titles-callback-url=${mosip.api.internal.url}${server.servlet.context-path}/callback/masterdata/titles
+ida-websub-masterdata-templates-callback-relative-url=${server.servlet.context-path}/callback/masterdata/templates
+ida-websub-masterdata-templates-callback-url=${mosipbox.public.url}${ida-websub-masterdata-templates-callback-relative-url}
+ida-websub-masterdata-titles-callback-relative-url=${server.servlet.context-path}/callback/masterdata/titles
+ida-websub-masterdata-titles-callback-url=${mosipbox.public.url}${ida-websub-masterdata-titles-callback-relative-url}
 
 # Callback url for partner CA certification upload event
-ida-websub-ca-cert-callback-url=${mosip.api.internal.url}${server.servlet.context-path}/callback/partnermanagement/ca_certificate
+ida-websub-ca-cert-callback-relative-url=${server.servlet.context-path}/callback/partnermanagement/ca_certificate
+ida-websub-ca-cert-callback-url=${mosipbox.public.url}${ida-websub-ca-cert-callback-relative-url}
+
 # Secret for partner CA certification upload callback
 ida-websub-ca-certificate-callback-secret=${ida.websub.ca.certificate.callback.secret}
 # Topic for Partner CA Certificate Upload event

id-repository-default.properties

@@ -26,6 +26,21 @@ mosip.idrepo.objectstore.account-name=idrepo
 mosip.idrepo.objectstore.bucket-name=idrepository
 mosip.idrepo.objectstore.adapter-name=s3Adapter
 
+#IDRepo identity/vid service authentication details
+mosip.idrepo.auth.client-id=mosip-idrepo-client
+mosip.idrepo.auth.secret-key={cipher}cf4e1c8c5f2013a63ff8eeead18b641d2b38c1618e8b90ed55b9af6301fe75b60dbfc04bc5339128b374b21de7cc5eed65c796024ea1862b6fb0e938f06e19f4
+mosip.idrepo.auth.app-id=idrepo
+
+#IDRepo credential service authentication detalis
+mosip.idrepo.credential.auth.client-id=mosip-creser-client
+mosip.idrepo.credential.auth.secret-key={cipher}b5fb76d3a57ce10fc27aee1685ce906836970d52c4cf13a01282bfe99565bedf
+mosip.idrepo.credential.auth.app-id=creser
+
+#IDRepo credential request generator authentication detalis
+mosip.idrepo.credential-req-generator.auth.client-id=mosip-crereq-client
+mosip.idrepo.credential-req-generator.auth.secret-key={cipher}b5fb76d3a57ce10fc27aee1685ce906836970d52c4cf13a01282bfe99565bedf
+mosip.idrepo.credential-req-generator.auth.app-id=crereq
+
 # For auditing
 mosip.idrepo.application.name=ID-Repository
 mosip.idrepo.application.version.pattern=^v\\d+(\\.\\d+)?$
@@ -191,9 +206,9 @@ mosip.idrepo.websub.vid-credential-update.secret= ${idrepo.websub.vid.credential
 mosip.idrepo.websub.credential-status-update.topic=CREDENTIAL_STATUS_UPDATE
 
 ## Auth adapter
-mosip.iam.adapter.clientid.id-repository=mosip-regproc-client
+mosip.iam.adapter.clientid.id-repository=${mosip.idrepo.auth.client-id}
 mosip.iam.adapter.clientsecret.id-repository=${mosip.secret.mosip-reg-client}
-mosip.iam.adapter.appid.id-repository=regproc
+mosip.iam.adapter.appid.id-repository=${mosip.idrepo.auth.app-id}
 mosip.authmanager.client-token-endpoint=${mosip.kernel-auth-service.url}/v1/authmanager/authenticate/clientidsecretkey
 
 mosip.idrepo.uin-generator.rest.uri=${mosip.kernel-idgenerator-service.url}/v1/idgenerator/uin
@@ -223,8 +238,8 @@ hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
 hibernate.jdbc.lob.non_contextual_creation=true
 hibernate.show_sql=false
 # Token generator properties 
-credential.request.token.request.appid=crereq
-credential.request.token.request.clientId=mosip-crereq-client
+credential.request.token.request.appid=${mosip.idrepo.credential-req-generator.auth.app-id}
+credential.request.token.request.clientId=${mosip.idrepo.credential-req-generator.auth.client-id}
 credential.request.token.request.secretKey=${mosip.secret.mosip-reg-client}
 credential.request.token.request.version=1.0
 credential.request.token.request.id=io.mosip.credentialrequestgenerator
@@ -233,6 +248,9 @@ mosip.credential.request.service.id=mosip.credential.request.generator
 mosip.credential.request.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
 mosip.credential.request.service.version=1.0
 
+# Reference Id which is used for encryption/decryption of credential request using keymanager
+mosip.credential.request.crypto-ref-id=credential_request
+
 ## Batch job
 # batch job time intervel in miliseconds
 mosip.credential.request.job.timedelay=15000
@@ -267,8 +285,8 @@ resubscription-delay-secs=43200
 WEBSUBSECRET=test
 
 # Credential service
-credential.service.token.request.appid=creser
-credential.service.token.request.clientId=mosip-creser-client
+credential.service.token.request.appid=${mosip.idrepo.credential.auth.app-id}
+credential.service.token.request.clientId=${mosip.idrepo.credential.auth.client-id}
 credential.service.token.request.secretKey=${mosip.mosip.creser.client.secret}
 credential.service.token.request.id=io.mosip.credentialstore
 # Credential formatter properties 
@@ -355,7 +373,7 @@ auth-token-generator.rest.secretKey=${mosip.secret.mosip-regproc-client}
 # Enabling below property will start logging performance logs in identity and vid service
 mosip.idrepo.aspect-logging.enabled=false
 
-auth.server.admin.allowed.audience=mosip-regproc-client,mosip-resident-client,mosip-ida-client,mosip-admin-client,mosip-crereq-client,mosip-creser-client
+auth.server.admin.allowed.audience=mosip-regproc-client,mosip-resident-client,mosip-ida-client,mosip-admin-client,mosip-crereq-client,mosip-creser-client,mosip-idrepo-client
 
 #openapi properties to sort tag and operations of id-repository services
 springdoc.swagger-ui.tagsSorter=alpha

kernel-default.properties

@@ -446,7 +446,7 @@ mosip.kernel.partner.issuer.certificate.allowed.grace.duration=300
 zone.user.details.url=${mosip.kernel-auth-service.url}/v1/authmanager/userdetails
 
 auth.server.admin.offline.token.validate=false
-auth.server.admin.allowed.audience=mosip-regproc-client,mosip-prereg-client,mosip-admin-client,mosip-partner-client,mosip-crereq-client,mosip-creser-client,mosip-datsha-client,mosip-ida-client,mosip-resident-client,mosip-reg-client
+auth.server.admin.allowed.audience=mosip-regproc-client,mosip-prereg-client,mosip-admin-client,mosip-partner-client,mosip-crereq-client,mosip-creser-client,mosip-datsha-client,mosip-ida-client,mosip-resident-client,mosip-reg-client,mpartner-default-print,mosip-idrepo-clientmosip-syncdata-client,mosip-masterdata-client
 
 mosip.iam.adapter.appid=admin
 mosip.iam.adapter.clientid=mosip-admin-client

partner-management-default.properties

@@ -151,7 +151,7 @@ mosip.keycloak.admin.secret.key=${keycloak.admin.password}
 ## Auth adapter
 auth.server.validate.url=${mosip.kernel-auth-service.url}/v1/authmanager/authorize/admin/validateToken
 auth.server.admin.validate.url=${mosip.kernel-auth-service.url}/v1/authmanager/authorize/admin/validateToken
-auth.server.admin.allowed.audience=mosip-creser-client,mosip-datsha-client,mosip-ida-client,mosip-regproc-client,mosip-admin-client,mosip-reg-client,mosip-pms-client,mosip-resident-client
+auth.server.admin.allowed.audience=mosip-creser-client,mosip-datsha-client,mosip-ida-client,mosip-regproc-client,mosip-admin-client,mosip-reg-client,mosip-pms-client,mosip-resident-client,mosip-idrepo-client
 auth.jwt.secret=authjwtsecret
 auth.jwt.base=Mosip-Token