ES-1638

docker-compose/README.md

@@ -2,63 +2,33 @@
 
 This is the docker-compose setup to run esignet UI and esignet-service with mock identity system. This is not for production use.
 
-## What is in the docker-compose setup folder?
+## I am a developer, how to setup dependent services to edit and test esignet-service?
 
-1. "app" folder holds the Dockerfile required to build custom artifactory-server. This artifactory server will host all the files under app/static folder.
-All the i18n bundles, dummy softhsm conf, signin-with-esignet button plugin files are served from this server. 
-2. "config" folder holds the esignet and mock-identity system properties file.
-3. "docker-compose.yml" file with esignet and mock-identity-system setup with other required services
-4. "init.sql" comprises DDL and DMLs required by esignet and mock-identity-system.
-5. "loader_path" this is esignet mount volume from where all the runtime dependencies are loaded to classpath. If any new esignet plugins to be tested
-should be placed in this folder and respective plugin configuration should be updated in config/esignet-default.properties.
+1. Run `docker-compose up -f dependent-docker-compose.yml` to start all the dependent services.
+2. Go to command line for the project root directory and run `mvn clean install -Dgpg.skip=true -DskipTests=true`
+3. Add [esignet-mock-plugin.jar](../esignet-service/target/esignet-plugins/esignet-mock-plugin.jar) to esignet-service classpath in your IDE.
+4. Start the [EsignetServiceApplication.java](../esignet-service/src/main/java/io/mosip/esignet/EsignetServiceApplication.java) from your IDE.
+5. Import files under [postman-collection](../postman-collection) folder into your postman to test/validate OIDC flow.
 
-```Note: Refer https://docs.esignet.io/integration to know how to create custom plugins to integrate.```
+## How to bring up the complete eSignet setup for a Demo?
 
-## How to run this setup?
+1. Run [docker-compose.yml](docker-compose.yml) to start eSignet UI and backend service.
+2. Access eSignet UI at http://localhost:3000
+3. Access eSignet backend services at http://localhost:8088/v1/esignet/swagger-ui.html
+4. Onboard relying party in eSignet, import files under [postman-collection](../postman-collection) folder into your postman. And invoke requests under `OIDC Client Mgmt/Mock` folder in postman. Copy the client ID in the `Create OIDC client` response.
+5. Add a `SignIn with eSignet` button in the relying party website and embed [eSignet authorize URL](http://localhost:3000/authorize?nonce=ere973eieljznge2311&state=eree2311&client_id=client_id&redirect_uri=redirect_uri&scope=openid&response_type=code&acr_values=mosip:idp:acr:generated-code&claims_locales=en&ui_locales=en-IN) in the button. Make sure to replace the query parameter values in the url before embedding in the button.
+6. Add a user in the mock-identity-system.
+7. Now the setup is completely ready to start the OIDC flow. [Refer eSignet user guides](https://docs.esignet.io/end-user-guide) for more information.
 
-1. Create loader_path folder in the same directory and Download the eisgnet mock plugin from [here](https://repo1.maven.org/maven2/io/mosip/esignet/mock/mock-esignet-integration-impl/0.9.2/mock-esignet-integration-impl-0.9.2.jar) 
-and copy the downloaded jar under loader_path directory.
 
-2. Start the docker-compose file
+`Note: To know more about the relying party onboard and query parameters used in the eSignet authorize URL [refer eSignet docs](https://docs.esignet.io/integration/relying-party)`
 
-> docker-compose up
+## How to add user identity in the mock-identity-system?
 
-3. Download the postman script from [here](../docs/postman-collections/esignet-with-mock-IDA.postman_collection.json)
-and its environment from [here](../docs/postman-collections/esignet-with-mock-IDA.postman_environment.json)
+Import files under [postman-collection](../postman-collection) folder into your postman. And invoke requests under `User Mgmt/Mock` folder in postman.
 
-4. Import the downloaded collection and environment into postman.
 
-5. To create an OIDC/OAuth client, run the below request from the postman collection "OIDC Client mgmt" folder
-   * Get CSRF token
-   * Create OIDC Client
 
-6. To Create a Mock identity, run the below request from the postman collection "Mock-Identity-System" folder
-   * Create Mock Identity
 
-7. To run the OIDC flow with mock identity run the below request(same order) from the postman collection "AuthCode flow with OTP login" folder.
-   * Get CSRF token
-   * Authorize / OAuthdetails request
-   * Send OTP
-   * Authenticate User
-   * Authorization Code
-   * Get Tokens
-   * Get userInfo
 
-8. To run the Verifiable Credential Issuance flow with mock identity run the below request(same order) from the postman collection "VCI" folder.
-   * Get CSRF token
-   * Authorize / OAuthdetails request
-   * Send OTP
-   * Authenticate User
-   * Authorization Code
-   * Get Tokens
-   * Get Credential
-
-
-## How to Access esignet UI?
-
-To invoke the authorize endpoint of esignet UI to start OIDC/VCI flow, use the below URL:
-
-http://localhost:3000/authorize?nonce=ere973eieljznge2311&state=eree2311&client_id=health-service-client&redirect_uri=https://healthservices.com/callback&scope=openid&response_type=code&acr_values=mosip:idp:acr:generated-code&claims=%7B%22userinfo%22:%7B%22name%22:%7B%22essential%22:false%7D,%22phone_number%22:%7B%22essential%22:true%7D%7D,%22id_token%22:%7B%7D%7D&claims_locales=en&display=page&state=consent&ui_locales=en-IN
-
-```Note: Change the value of client_id, redirect_uri, acr_values and claims as per your requirement in the above URL.```
 

docker-compose/docker-compose.yml

@@ -37,9 +37,22 @@ services:
       - KAFKA_ENABLED=false
       - SPRING_AUTOCONFIGURE_EXCLUDE=org.springframework.boot.autoconfigure.kafka.KafkaAutoConfiguration
       - SPRING_DATASOURCE_URL=jdbc:postgresql://database:5432/mosip_esignet?currentSchema=esignet
-      - SPRING_DATASOURCE_USERNAME=postgres
-      - SPRING_DATASOURCE_PASSWORD=postgres
       - SPRING_CACHE_TYPE=simple
-      - MOCK_IDENTITY_SYSTEM_DOMAIN_URL=http://mock-identity-system:8082
+      - MOSIP_ESIGNET_MOCK_DOMAIN_URL=http://mock-identity-system:8082
     depends_on:
-      - database
+      - database
+      - mock-identity-system
+
+  esignet-ui:
+    build:
+      context: ../oidc-ui
+      dockerfile: Dockerfile
+    user: root
+    ports:
+      - 3000:3000
+    environment:
+      - container_user=mosip
+      - DEFAULT_WELLKNOWN=%5B%7B%22name%22%3A%22OpenID%20Configuration%22%2C%22value%22%3A%22%2F.well-known%2Fopenid-configuration%22%7D%2C%7B%22name%22%3A%22Jwks%20Json%22%2C%22value%22%3A%22%2F.well-known%2Fjwks.json%22%7D%2C%7B%22name%22%3A%22Authorization%20Server%22%2C%22value%22%3A%22%2F.well-known%2Foauth-authorization-server%22%7D%5D
+      - SIGN_IN_WITH_ESIGNET_PLUGIN_URL=https://github.com/raw/mosip/artifactory-ref-impl/master/artifacts/src/mosip-plugins/sign-in-with-esignet/sign-in-with-esignet.zip
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf

esignet-service/src/main/resources/application-default.properties

@@ -118,6 +118,7 @@ spring.security.oauth2.resourceserver.jwt.issuer-uri=${keycloak.external.url}/au
 spring.security.oauth2.resourceserver.jwt.jwk-set-uri=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs
 
 ##------------------------------------------ Kafka configurations ------------------------------------------------------
+kafka.enabled=true
 kafka.profile=kafka.svc.cluster.local
 kafka.port=9092
 spring.kafka.bootstrap-servers=kafka-0.kafka-headless.${kafka.profile}:${kafka.port},kafka-1.kafka-headless.${kafka.profile}:${kafka.port},kafka-2.kafka-headless.${kafka.profile}:${kafka.port}
@@ -331,7 +332,7 @@ mosip.kernel.keymanager.hsm.keystore-type=PKCS11
 mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf
 # Passkey of keystore for PKCS11, PKCS12
 # For Offline & JCE proer can be left blank. JCE password use other JCE specific properties.
-mosip.kernel.keymanager.hsm.keystore-pass=${security.pin}
+mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.esignet.security.pin}
 
 
 mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io
@@ -386,11 +387,11 @@ mosip.esignet.authenticator.default.auth-factor.kbi.field-details={}
 mosip.esignet.ui.config.otp.length=6
 mosip.esignet.ui.config.password.regex=^.{8,20}$
 mosip.esignet.ui.config.password.max-length=20
-mosip.esignet.ui.config.username.regex=^[1-9][0-9]{7,8}$
-mosip.esignet.ui.config.username.prefix=+855
-mosip.esignet.ui.config.username.postfix=@phone
-mosip.esignet.ui.config.username.max-length=9
-mosip.esignet.ui.config.username.input-type=number
+mosip.esignet.ui.config.username.regex=.*
+mosip.esignet.ui.config.username.prefix=
+mosip.esignet.ui.config.username.postfix=
+mosip.esignet.ui.config.username.max-length=12
+mosip.esignet.ui.config.username.input-type=text
 
 mosip.esignet.ui.config.key-values={'sbi.env': '${mosip.esignet.authenticator.ida-env:Developer}', 'sbi.timeout.DISC': 30, \
   'sbi.timeout.DINFO': 30, 'sbi.timeout.CAPTURE': 30, 'sbi.capture.count.face': 1, 'sbi.capture.count.finger': 1, \