forked from mosip/mosip-config
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathsignup-default.properties
156 lines (135 loc) · 8.96 KB
/
signup-default.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#----------------------------------------------------------------------------------------------------------------------------
# challenge.timeout, resend-delay are count as seconds
mosip.signup.id-schema.version=0.2
mosip.signup.identifier.regex=^\\+855[1-9]\\d{7,8}$
mosip.signup.identifier.prefix=+855
mosip.signup.supported-languages={'khm','eng'}
mosip.signup.password.pattern=^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[\\x5F\\W])(?=.{8,20})[a-zA-Z0-9\\x5F\\W]{8,20}$
mosip.signup.password.max-length=20
mosip.signup.generate-challenge.blocked.timeout=300
mosip.signup.challenge.timeout=60
mosip.signup.audit.description.max-length=2048
mosip.signup.password.min-length=8
mosip.signup.fullname.pattern=^[\\u1780-\\u17FF\\u19E0-\\u19FF\\u1A00-\\u1A9F\\u0020]{1,30}$
## Time given to generate and verify the challenge in seconds.
## Default resend delay is 60 seconds, with 3 attempts, so 60*3=180 seconds.
## Adding 60 seconds for the default generate challenge 180+60=240
## Adding 10 seconds buffer to default 240 seconds = 250 seconds.
## so 250 seconds is the Generate and verify cookie max age.
mosip.signup.unauthenticated.txn.timeout=250
mosip.signup.challenge.resend-attempt=3
mosip.signup.challenge.resend-delay=${mosip.signup.challenge.timeout}
## Time given to complete registration and get back the status of the registration in seconds.
## Considering 5 minutes(300 seconds) to complete registration form and submit.
## Default status request limit is 10 with 20 seconds request delay, 10*20=200 seconds
## so 300+200=500 seconds is the authentication cookie max age.
mosip.signup.verified.txn.timeout=300
mosip.signup.status-check.txn.timeout=200
mosip.signup.status.request.delay=20
mosip.signup.status.request.limit=10
## ------------------------------------- challenge configuration -------------------------------------------------------
mosip.signup.supported.generate-challenge-type=OTP
mosip.signup.supported.challenge-format-types={'alpha-numeric', 'base64url-encoded-json'}
mosip.signup.supported.challenge-types={'OTP', 'KBA'}
mosip.signup.supported.challenge.otp.length=6
## ------------------------------------- Cache configuration -----------------------------------------------------------
mosip.signup.cache.symmetric-algorithm-name=AES/CFB/PKCS5Padding
spring.cache.type=simple
#spring.cache.type=redis
#spring.cache.cache-names=${mosip.esignet.cache.names}
#spring.redis.host=localhost
#spring.redis.port=6379
management.health.redis.enabled=false
mosip.esignet.cache.names=challenge_generated,challenge_verified,status_check,blocked_identifier,keystore,key_alias
mosip.esignet.cache.size={'challenge_generated': 200, \
'challenge_verified': 200,\
'status_check': 200,\
'blocked_identifier':2000,\
'keystore' : 10, \
'key_alias' : 2 }
## Note: keystore TTL should be more than the key_alias cache TTL.
## So that key rotation happens before the actual key is removed from the keystore cache.
mosip.esignet.cache.expire-in-seconds={'challenge_generated': ${mosip.signup.unauthenticated.txn.timeout},\
'challenge_verified': ${mosip.signup.verified.txn.timeout},\
'status_check': ${mosip.signup.status-check.txn.timeout}, \
'blocked_identifier': ${mosip.signup.generate-challenge.blocked.timeout},\
'keystore' : 600, \
'key_alias' : 300 }
## ------------------------------------- Auth adapter ------------------------------------------------------------------
auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken
auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/
auth-token-generator.rest.issuerUrl=${keycloak.internal.url}/auth/realms/mosip
mosip.keycloak.issuerUrl=${keycloak.internal.url}/auth/realms/mosip
mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter
mosip.kernel.auth.adapter.ssl-bypass=true
mosip.kernel.auth.appid-realm-map={admin:'mosip',crereq:'mosip',creser:'mosip',idrepo:'mosip', signup:'mosip'}
mosip.kernel.auth.appids.realm.map={admin:'mosip',crereq:'mosip',creser:'mosip',idrepo:'mosip','regproc':'mosip', signup:'mosip'}
mosip.iam.adapter.clientid=mosip-signup-client
mosip.iam.adapter.clientsecret=${mosip.signup.client.secret}
mosip.iam.adapter.appid=signup
mosip.iam.adapter.issuerURL=${keycloak.external.url}/auth/realms/mosip
mosip.authmanager.client-token-endpoint=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey
mosip.iam.adapter.validate-expiry-check-rate=15
mosip.iam.adapter.renewal-before-expiry-interval=15
mosip.iam.adapter.self-token-renewal-enable=true
mosip.service-context=${server.servlet.context-path}
mosip.service.end-points=/**/*
mosip.service.exclude.auth.allowed.method=GET,POST
mosip.security.csrf-enable=true
mosip.security.cors-enable=true
## -------------------------- External endpoints -----------------------------------------------------------------------
mosip.signup.generate-challenge.endpoint=http://otpmanager.kernel/v1/otpmanager/otp/generate
mosip.signup.get-identity.endpoint=http://identity.idrepo/idrepository/v1/identity/idvid/%s@phone?type=demo&idType=HANDLE
mosip.signup.identity.endpoint=http://identity.idrepo/idrepository/v1/identity/
mosip.signup.generate-hash.endpoint=http://keymanager.keymanager/v1/keymanager/generateArgon2Hash
mosip.signup.get-uin.endpoint=http://idgenerator.kernel/v1/idgenerator/uin
mosip.signup.send-notification.endpoint=http://notifier.kernel/v1/notifier/sms/send
mosip.signup.get-registration-status.endpoint=http://credentialrequest.idrepo/v1/credentialrequest/get/{applicationId}
mosip.signup.audit-endpoint=http://auditmanager.kernel/v1/auditmanager/audits
mosip.signup.add-identity.request.id=mosip.id.create
mosip.signup.update-identity.request.id=mosip.id.update
mosip.signup.identity.request.version=v1
## --------------------------------- captcha validator------------------------------------------------------------------
mosip.signup.send-challenge.captcha-required=true
mosip.signup.integration.captcha-validator=GoogleRecaptchaValidatorService
mosip.signup.captcha-validator.url=https://www.google.com/recaptcha/api/siteverify
mosip.signup.captcha-validator.site-key=${signup.captcha.site.key}
mosip.signup.captcha-validator.secret=${signup.captcha.secret.key}
## ----------------------------- UI-Config -----------------------------------------------------------------------------
# Only after current challenge timeout we should enable resend in the UI.
# In this case timeout and resend-delay should be same always.
mosip.signup.ui.config.key-values={\
'identifier.pattern': '${mosip.signup.identifier.regex}', \
'identifier.prefix': '${mosip.signup.identifier.prefix}', \
'captcha.site.key': '${mosip.signup.captcha-validator.site-key}', \
'otp.length': ${mosip.signup.supported.challenge.otp.length}, \
'password.pattern': '${mosip.signup.password.pattern}', \
'password.length.max': ${mosip.signup.password.max-length}, \
'password.length.min': ${mosip.signup.password.min-length}, \
'challenge.timeout': ${mosip.signup.challenge.resend-delay}, \
'resend.attempts': ${mosip.signup.challenge.resend-attempt}, \
'resend.delay': ${mosip.signup.challenge.resend-delay}, \
'fullname.pattern': '${mosip.signup.fullname.pattern}', \
'status.request.delay': ${mosip.signup.status.request.delay}, \
'status.request.limit': ${mosip.signup.status.request.limit}, \
'popup.timeout': 10, \
'signin.redirect-url': 'https://${mosip.esignet.host}/authorize', \
'identifier.allowed.characters': '^[0-9]+', \
'identifier.length.min': 8, \
'identifier.length.max': 9, \
'fullname.allowed.characters': '^[\\u1780-\\u17FF\\u19E0-\\u19FF\\u1A00-\\u1A9F\\u0020]', \
'fullname.length.min': 1, \
'fullname.length.max': 30, \
'otp.blocked' : ${mosip.signup.generate-challenge.blocked.timeout} \
}
## ----------------------------- SMS-message -----------------------------------------------------------------------------
# Default charset encoding ISO-8859-1 does not support khmer language characters, so templates in khm language are base64 encoded.
mosip.signup.sms-notification-template.send-otp.khm=4Z6U4Z+S4Z6a4Z6+IHtjaGFsbGVuZ2V9IOGeiuGevuGemOGfkuGelOGeuOGeleGfkuGekeGfgOGehOGeleGfkuGekeGetuGej+Gfi+GeguGejuGek+GeuCBLaElEIOGemuGelOGen+Gfi+GeouGfkuGek+GegOGflA==
mosip.signup.sms-notification-template.send-otp.eng=Use {challenge} to verify your KhID account.
mosip.signup.sms-notification-template.registration.khm=4Z6i4Z+S4Z6T4Z6A4Z6U4Z624Z6T4Z6F4Z674Z+H4Z6I4Z+S4Z6Y4Z+E4Z+H4Z6C4Z6O4Z6T4Z64IEtoSUQg4Z6K4Z+E4Z6Z4Z6H4Z+E4Z6C4Z6H4Z+Q4Z6Z4Z+U
mosip.signup.sms-notification-template.registration.eng=You successfully registered to KhID account.
mosip.signup.sms-notification-template.forgot-password.khm=4Z6i4Z+S4Z6T4Z6A4Z6U4Z624Z6T4Z6V4Z+S4Z6b4Z624Z6f4Z+L4Z6U4Z+S4Z6K4Z684Z6a4Z6W4Z624Z6A4Z+S4Z6Z4Z6f4Z6Y4Z+S4Z6E4Z624Z6P4Z+LIEtoSUQg4Z6K4Z+E4Z6Z4Z6H4Z+E4Z6C4Z6H4Z+Q4Z6Z4Z+U
mosip.signup.sms-notification-template.forgot-password.eng=You successfully changed KhID password.
#------------------------------------------ Others ---------------------------------------------------------------------
logging.level.io.mosip.signup=INFO
logging.level.org.springframework.web.client.RestTemplate=INFO