Versions Compared

Version Old Version 33 New Version 34
Changes made by

Muralitharan K

Muralitharan K

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • To enable operator login with fingerprint authentication, below SQLs to be executed biometric authentication we need to execute SQLs in Postgres database as there is no Swagger API available for this option in master service.

  • All the operators/supervisors should have been onboarded and they should not have default role assigned in Keycloak. And open operator/supervisor user in keycloak and add new attribute as given here. (eg: key=rid and value=10001100020000220220516081234)

  • There different types of authentication method available as mentioned here, but here we have taken “FINGERPRINT” as authentication method and Role as “REGISTRATION_OFFICER”

Supported Authentication Methods:

"OTP"
"IRIS"
"FACE"
"FINGERPRINT"
"PWD"

  • MOSIP strongly suggest a DBA should perform the below steps in database.

    1. Connects to MOSIP_MASTER database and master schema to execute all the below SQL queries.

    2. Execute below query to disable password based authentication for all the Operators.

      Code Block
      languagesql
      -- To disable password authentication --
UPDATE app_authentication_method 
SET is_active=false, upd_dtimes=now() 
WHERE role_code='REGISTRATION_OFFICER' 
AND auth_method_code='PWD'
AND process_id IN ('login_auth', 'packet_auth', 'eod_auth', 'exception_auth');

      Save or commit the DB changes.

    3. Execute below query to enable fingerprint based authentication for all the Operators.

      Code Block
      languagesql
      -- To enable finger print authentication --
UPDATE app_authentication_method 
SET is_active=true, upd_dtimes=now() 
WHERE role_code='REGISTRATION_OFFICER' 
AND auth_method_code='FINGERPRINT'
AND process_id IN ('login_auth', 'packet_auth', 'eod_auth', 'exception_auth');

      Save or commit the DB changes.

    4. Once both the SQL queries are executed, the master sync to be performed in all the Registration Client from all the operator’s machine and logout from RegClient. Then next login to RegClient will enforce operator to provide finger print to success login.

    5. To enable biometric authentication in RegClient for Supervisor, simply change the role_code='REGISTRATION_SUPERVISOR' in the above SQLs and perform the steps from a to d.