Versions Compared

Version Old Version 35 New Version Current
Changes made by

Krishnan Rajagopalan

Muralitharan K

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Download the attached native-togo zip file

  • Extract the zip file in the required place

  • Copy the folder path where the zip file is extracted

  • Go to System Environment Variables setting application

  • In the System Variables section add new variable called FACE_SDK_BIN_ROOT and value is native-togo folder path

  • Append the same native-togo folder path in Path variable also

  • Copy config.properties and iris_sdk.lic files from the extracted native-togo folder

  • And paste in the RegClient application root folder

  • To enable this feature at Registration Client application, following properties should be enabled with flag 'Y' in registration-default.properties file which is present in mosip-config repository in GitHub.

    • mosip.registration.mds.deduplication.enable.flag

  • And additionally following properties need to be updated with Vendor(who is going to support Local Deduplication) specific SDK class path. Here are the properties specific to Tech5 vendor

    • mosip.biometric.sdk.provider.finger.classname=ai.tech5.client.ClientSDK

    • mosip.biometric.sdk.provider.iris.classname=ai.tech5.client.ClientSDK

  • Note: Vendor specific(Tech5) SDK is integration with latest regclient zip. Please download the latest one to avail this feature.

  • Now system is ready to perform local deduplication and biometrics quality check

11. Enabling Operator Login with Biometric : -

Pre-requisite :

...

  1. The operator/supervisor should have been onboarded

...

All the operators/supervisors should have been onboarded and they should not have default role assigned in Keycloak. And open operator/supervisor user in keycloak and add new attribute as given here. (eg: key=rid and value=10001100020000220220516081234)

...

  1. 'default' role is not mapped in the user object of the operator/supervisor in keycloack

  2. The operator/supervisor's RID is present in user attribute list in keycloak as below

  • Image Added

Updating the login authentication mode

By default, the login authentication mode is password-based. In order to change the authentication mode, it is necessary to update the database directly. At the time of writing this procedure, we observe that there are no APIs available to update the authentication mode without touching the database directly.

The following are the authentication modes available

Supported Authentication Methods:

"OTP"
"IRIS"
"FACE"
"FINGERPRINT"
"PWD"

MOSIP strongly suggest a DBA should perform the below steps in database.

...

Connects to MOSIP_MASTER database and master schema to execute all the below SQL queries.

...

In order to change the authentication mode, login to the PostgreSQL database, and connect to mosip_master schema using any of the supported database client utility such as pgAdmin and run the following update queries

  • Disable password based authentication for operators and supervisors

    Code Block
    languagesql
    -- To disable password authentication --
UPDATE app_authentication_method 
SET is_active=false, upd_dtimes=now() 
WHERE role_code
    =
     in ('REGISTRATION_OFFICER','REGISTRATION_SUPERVISOR')  
AND auth_method_code='PWD'
AND process_id IN ('login_auth', 'packet_auth', 'eod_auth', 'exception_auth');

    Save or commit the DB changes.

    Execute below query to enable fingerprint based authentication for all the Operators.

  • Enable a Biometric Fingerprint authentication mode for operators and supervisors

    Code Block
    languagesql
    -- To enable finger print authentication --
UPDATE app_authentication_method 
SET is_active=true, upd_dtimes=now() 
WHERE role_code
    =
     in ('REGISTRATION_OFFICER','REGISTRATION_SUPERVISOR') 
AND auth_method_code='FINGERPRINT'
AND process_id IN ('login_auth', 'packet_auth', 'eod_auth', 'exception_auth');

    Save or commit the DB changes.

Note 1 : In-order to enable other biometric authentication modality such IRIS or Face, replace the auth_method_code with “IRIS” or “FACE” respectively.

Note 2 : In-order to enable biometric authentication for operator only and not the supervisor, give the appropriate role_code in the update query.

  • Once

    both

    the

    SQL

    above queries are successfully executed,

    the master sync to be performed in all the Registration Client from all the operator’s machine and logout from RegClient. Then next login to RegClient will enforce operator to provide finger print to success login.To enable biometric authentication in RegClient for Supervisor

    perform the following operations on the registration client where the operators need to login using their biometrics

    • From the home screen of the registration client, perform sync operation.

    • After the successful completion of the sync operation, logout of the registration client and enter the user name of the operator.

  • You would see the following screen displaying the biometric mode of login (in this case fingerprint)

...

Note : To enable biometric Login for operator only, simply change the role_code='REGISTRATION_

...

OFFICER' in the above

...

SQL query.

  • You may place your left 4-finger to authenticate and login into the registration client.