Versions Compared

Version Old Version 35 New Version 36
Changes made by

Krishnan Rajagopalan

Krishnan Rajagopalan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

11. Enabling Operator Login with Biometric : -

Pre-requisite :

...

  1. The operator/supervisor should have been onboarded

...

All the operators/supervisors should have been onboarded and they should not have default role assigned in Keycloak. And open operator/supervisor user in keycloak and add new attribute as given here. (eg: key=rid and value=10001100020000220220516081234)

...

  1. 'default' role is not mapped in the user object of the operator/supervisor in keycloack

  2. The operator/supervisor's RID is present in user attribute ist in keycloak as below

  • Image Added

Updating the login authentication mode

By default, the login authentication mode is password-based. In order to change the authentication mode, it is necessary to update the database directly. At the time of writing this procedure, we observe that there are no APIs available to update the authentication mode without touching the database directly.

The following are the authentication modes available

Supported Authentication Methods:

"OTP"
"IRIS"
"FACE"
"FINGERPRINT"
"PWD"

MOSIP strongly suggest a DBA should perform the below steps in database.

...

In order to change the authentication mode, login to the PostgreSQL database, the connect to mosip_master schema using any of the supported database client utility and run the following queries

  • Execute below query to disable password based authentication for all the Operators.

    Code Block
    languagesql
    -- To disable password authentication --
UPDATE app_authentication_method 
SET is_active=false, upd_dtimes=now() 
WHERE role_code='REGISTRATION_OFFICER' 
AND auth_method_code='PWD'
AND process_id IN ('login_auth', 'packet_auth', 'eod_auth', 'exception_auth');

    Save or commit the DB changes.

  • Execute below query to enable a different authentication mode such as fingerprint

    based

    authentication for all the Operators.

    Code Block
    languagesql
    -- To enable finger print authentication --
UPDATE app_authentication_method 
SET is_active=true, upd_dtimes=now() 
WHERE role_code='REGISTRATION_OFFICER' 
AND auth_method_code='FINGERPRINT'
AND process_id IN ('login_auth', 'packet_auth', 'eod_auth', 'exception_auth');

    Save or commit the DB changes.

  • Once

    both

    the

    SQL

    above queries are successfully executed,

    the master sync to be performed in all the Registration Client from all the operator’s machine and logout from RegClient. Then next login to RegClient will enforce operator to provide finger print to success login.To enable biometric authentication in RegClient

    perform the following operations on the registration clients where the operators need to login using their biometrics

    • From the home screen of the registration client, perform sync operation.

    • After the successful completion of the sync operation, logout of the registration client.

  • You may see the login screen displaying the biometric mode of login (in this case fingerprint login)

Note : To enable biometric Login for Supervisor, simply change the role_code='REGISTRATION_SUPERVISOR' in the above

...

SQL query