/
To Onboard Auth Partner for esignet

To Onboard Auth Partner for esignet

Owned by Nivetha, created
Last updated: Mar 20, 2025
3 min read

This document outlines the step-by-step process for integrating a new authentication partner.

Pre-requisites

  • MOSIP 1.2.0.x setup with the Partner Management Portal deployed

  • The CA certificate utility to create the Auth partner certificates

The CA_CERT_UTILITY is a certificate creation utility that uses shell script commands being executed sequentially to generate valid certificates. For Linux machines running the script is easy but windows machines will need the git installed or need the OpenSSL application installed in the machine.

Please update all the URLs as per your environment

POLICY GROUP AND POLICY

Step 1: Login to the pms portal with the user having the roles pms_admin, PARTNER_ADMIN

Step 2: Create policy group, to which the partner belongs to.

image-20250319-125414.png

Step 3: Create Auth policy by providing the name, description, policy group, policy data and activate. sample policy given below.

image-20250319-130306.png
image-20250319-131541.png

Partner Self - Registration

Step 1: Register the “Authentication Partner” using the Partner Management Portal
https://pmp.dev.mosip.net/

Organization Name” is required while creating the partner certificate, hence organization name should be the same in both partner certificate and while registering the partner.

If the “Register” option is not found. login to keycloak → realm settings → login → enable user registration and refresh pmp portal..

image-20241119-083923.png
image-20241119-082246.png
image-20250319-124424.png

Step 2: To Create Mock CA, Sub CA and Partner Certificates using the CA Certificate Utility

  • Run the “ create-certs.sh "

  • Sequentially create the certificates for CA, SUBCA and Partner (also known as client)

CA.png
ICA.png

The “Organization name” passed while registering the partner has to be used to create the client certificate.

Step 3: After the completion of the above steps, the certificates are created in the same folder. The required certificate sheets are highlighted below.

Step 4: Steps to upload the above certificates in MOSIP.

All the above certificates has to be uploaded sequentially, as per the below sequence,
RootCA → IntermediateCA → Client

  1. Rename the below certificates

    1. RootCA.crt → RootCA.cer

    2. InternmediateCA.crt → InternmediateCA.cer

    3. Client.crt → Client.cer

  2. Login to the partner management portal using the user which has the role “PARTNER_ADMIN” assigned and navigate to the “Upload CA Certificate”

    Upload CA Certificate Screen

  3. Upload the RootCA.cer

  4. Upload the InternmediateCA.cer

  5. Login to the partner management portal using the credentials of the “Authentication Partner” registered in Step 1 and map to the policy group.

    image-20250319-133117.png

  6. upload the Client.cer in the Upload Certificate option.

image-20250319-133524.png

Once uploaded, you can click on “View Certificate” button and see the signed certificate.

--------------------------------------------------------------

Related articles

OIDC CLIENT CREATION