UIN or VID not available in database for Authentication

Owned by Rounak Nayak (Unlicensed), created
Dec 08, 2020
2 min read

Problem

After MOSIP deployment, we were able to create a packet and generate an UIN. But when we try to perform authentication we getting an error stating that UIN or VID not available for authentication.

Probable reasons due to which this issue might arise,

  1. Online Verification Partner is not available (i.e. the IDA instance in partner database)

  2. There is no data share policy for Online Verification Partner to send credentials via. data share URL

  3. The policy is not configured properly for performing biometric extraction

  4. The partner id is not mapped properly in the IDA instance

  5. The policy id is not mapped properly in ID Repository

  6. Websub is not working properly as we are not able to send or receive events

  7. Data Share URL is not accessible by IDA as there are some issue encrypting and decrypting the data as keys are not properly set between the instances.

Solution

Steps to make sure these issues doesn’t arise,

  1. Salt generator for ID Repo should be run.

  2. The mpartner-default-auth partner to be inserted in partner management as Online_verification_Partner.

  3. The mpolicy-default-auth policy to be inserted for the above partner as DataShare policy.

  4. In the configurations for the ID Repository and IDA instance, the Partner ID and Policy ID need to be set properly.

    1. ida-auth-partner-id=mpartner-default-auth in id-authentication-mz.properties

    2. credentialType.policyid.AUTH=mpolicy-default-auth in id-repository-mz.properties

  5. The extractors mentioned in the policy should be available and mapped to the policy & partner.

  6. Data Share should be running.

  7. Credential Issuance should be running and credential request should be created when a record gets created or updated in ID Repository.

  8. Key generation jobs should have run for Kernel Key Manager and IDA.

  9. Certificate should be uploaded for IDA:PUBLIC_KEY in Kernel Key Manager (Upload other domain certificate API), by getting IDA:CRED_SERVICE key from IDA Internal Key Manager Service.

  10. Certificate should be uploaded for IDA:mpartner-default-auth using the Upload Partner Certificate API (in Partner Management), by getting IDA:mpartner-default-auth key from IDA Internal Key Manager Service. The respective parent ROOT & IDA certificates should be inserted before uploading the above partner certificate, by getting the certificate from IDA Internal Key Manager Service (use Upload CA Certificate API in Partner Management).

  11. Websub service is running.

Once the above listed items are verified credential request should have created in the credential tables and the records should get populated in IDA database.

Filter by label

There are no items with the selected labels at this time.