forked from mosip/mosip-config
-
Notifications
You must be signed in to change notification settings - Fork 0
/
admin-default.properties
321 lines (273 loc) · 16.6 KB
/
admin-default.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
# Follow properites have their values assigned via 'overrides' environment variables of config server docker.
# DO NOT define these in any of the property files. They must be passed as env variables. Refer to config-server
# helm chart:
# db.dbuser.password
# keycloak.internal.url
# keycloak.external.url
# mosip.admin.client.secret (convention: <realm>.<keycloak client name>.secret)
# mosip.regproc.client.secret
mosip.admin.version-id=v1.0
mosip.admin.request-id=ADMIN.REQUEST
## Database properties
# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace
# If database is external to production, provide the DNS or ip of the host and port
mosip.kernel.database.hostname=postgres-postgresql.postgres
mosip.kernel.database.port=5432
## Account management
authmanager.base.url=${mosip.kernel.authmanager.url}/v1/authmanager
mosip.admin.accountmgmt.auth-manager-base-uri=${mosip.kernel.authmanager.url}/v1/authmanager
mosip.admin.accountmgmt.user-name-url=/username/
mosip.admin.accountmgmt.user-detail-url=/userdetail/
mosip.admin.accountmgmt.unblock-url=/unblock/
mosip.admin.accountmgmt.change-passoword-url=/changepassword/
mosip.admin.accountmgmt.reset-password-url=/resetpassword/
mosip.admin.app-id=admin
mosip.kernel.signature.cryptomanager-encrypt-url=${mosip.kernel.keymanager.url}/v1/keymanager/private/encrypt
auth.server.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken
auth.server.refreshToken.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/refreshToken
auth.server.admin.allowed.audience=mosip-regproc-client,mosip-admin-client
auth.role.prefix=ROLE_
auth.header.name=Authorization
## Databases
javax.persistence.jdbc.driver=org.postgresql.Driver
javax.persistence.jdbc.url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master
javax.persistence.jdbc.user=masteruser
javax.persistence.jdbc.password=${db.dbuser.password}
hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect
hibernate.jdbc.lob.non_contextual_creation=true
hibernate.hbm2ddl.auto=none
hibernate.show_sql=false
hibernate.format_sql=false
hibernate.connection.charSet=utf8
hibernate.cache.use_second_level_cache=false
hibernate.cache.use_query_cache=false
hibernate.cache.use_structured_entries=false
hibernate.generate_statistics=false
## Use registration
auth.server.user-register-url=${mosip.kernel.authmanager.url}/v1/authmanager/user
mosip.kernel.emailnotifier-url=${mosip.kernel.notification.url}/v1/notifier/email/send
auth.server.sendotp-url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/sendotp
auth.server.user-add-password-url=${mosip.kernel.authmanager.url}/v1/authmanager/user/addpassword
mosip.admin-appid=admin
mosip.admin-otp-context=auth-otp
mosip.admin-userid-otp-type=USERID
## Security policy
mosip.admin.security.policy.auth-types=bio,nonbio
mosip.admin.security.policy.bio=finger,iris,face
mosip.admin.security.policy.nonbio=otp,password
mosip.admin.security.policy.policy-types=type1,type2,type3
mosip.admin.security.policy.type1=password
mosip.admin.security.policy.type2=password,otp
mosip.admin.security.policy.type3=otp
mosip.admin.security.policy.role-policy-mapping={ZONAL_ADMIN:'type2',ZONAL_APPROVER:'type1',CENTRAL_ADMIN:'type1',CENTRAL_APPROVER:'type1',REGISTRATION_OFFICER:'type1',REGISTRATION_SUPERVISOR:'type1',REGISTRATION_OPERATOR:'type1'}
mosip.admin.security.policy.userrole-auth-url=${mosip.kernel.authmanager.url}/v1/authmanager/role/{appId}/{username}
## Masterdata cards
mosip.admin.masterdata.lang-code=eng,ara,fra
mosip.admin-services.required.roles=GLOBAL_ADMIN
#masterdata machine
mosip.admin.masterdata.card.machines-eng=Machines
mosip.admin.masterdata.card.machines-ara=\u0622\u0644\u0627\u062A
mosip.admin.masterdata.card.machines-fra=Machines
#masterdata machine specs
mosip.admin.masterdata.card.machine-specs-eng=Machine Specifications
mosip.admin.masterdata.card.machine-specs-fra=Spécifications de la machine
mosip.admin.masterdata.card.machine-specs-ara=\u0645\u0648\u0627\u0635\u0641\u0627\u062A \u0627\u0644\u062C\u0647\u0627\u0632
#masterdata machine types
mosip.admin.masterdata.card.machine-types-eng=Machine Types
mosip.admin.masterdata.card.machine-types-fra=Types de machines
mosip.admin.masterdata.card.machine-types-ara=\u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0645\u0627\u0643\u064A\u0646\u0627\u062A
#masterdata devices
mosip.admin.masterdata.card.devices-eng=Devices
mosip.admin.masterdata.card.devices-ara=\u0627\u0644\u0623\u062C\u0647\u0632\u0629
mosip.admin.masterdata.card.devices-fra=Dispositifs
#masterdata device specs
mosip.admin.masterdata.card.device-specs-eng=Device Specification
mosip.admin.masterdata.card.device-specs-fra=Spécification de l'appareil
mosip.admin.masterdata.card.device-specs-ara=\u0645\u0648\u0627\u0635\u0641\u0627\u062A \u0627\u0644\u062C\u0647\u0627\u0632
#masterdata device types
mosip.admin.masterdata.card.device-types-eng=Device Types
mosip.admin.masterdata.card.device-types-fra=Types de périphériques
mosip.admin.masterdata.card.device-types-ara=\u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0623\u062C\u0647\u0632\u0629
#masterdata registration center
mosip.admin.masterdata.card.centers-eng=Registration Center
mosip.admin.masterdata.card.centers-fra=Centre d'inscription
mosip.admin.masterdata.card.centers-ara=\u0645\u0631\u0643\u0632 \u0627\u0644\u062A\u0633\u062C\u064A\u0644
#masterdata regcenter type
mosip.admin.masterdata.card.center-type-eng=Registration Center Type
mosip.admin.masterdata.card.center-type-fra=Type de centre d'inscription
mosip.admin.masterdata.card.center-type-ara=\u0646\u0648\u0639 \u0645\u0631\u0643\u0632 \u0627\u0644\u062A\u0633\u062C\u064A\u0644
#masterdata blacklisted words
mosip.admin.masterdata.card.blacklisted-eng=Blacklisted Words
mosip.admin.masterdata.card.blacklisted-fra=Mots sur la liste noire
mosip.admin.masterdata.card.blacklisted-ara=\u0643\u0644\u0645\u0627\u062A \u0641\u064A \u0627\u0644\u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u0633\u0648\u062F\u0627\u0621
#masterdata title
mosip.admin.masterdata.card.titles-eng=Title
mosip.admin.masterdata.card.titles-fra=Titre
mosip.admin.masterdata.card.titles-ara=\u0639\u0646\u0648\u0627\u0646
#masterdata gender
mosip.admin.masterdata.card.genders-eng=Gender
mosip.admin.masterdata.card.genders-fra=le sexe
mosip.admin.masterdata.card.genders-ara=\u062C\u0646\u0633
#masterdata individual types
mosip.admin.masterdata.card.individuals-eng=Individual
mosip.admin.masterdata.card.individuals-fra=Individuel
mosip.admin.masterdata.card.individuals-ara=\u0641\u0631\u062F
#masterdata document types
mosip.admin.masterdata.card.document-types-eng=Document Types
mosip.admin.masterdata.card.document-types-fra=Types de documents
mosip.admin.masterdata.card.document-types-ara=\u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0645\u0633\u062A\u0646\u062F\u0627\u062A
#masterdata document category
mosip.admin.masterdata.card.document-category-eng=Document Category
mosip.admin.masterdata.card.document-category-fra=Catégorie de document
mosip.admin.masterdata.card.document-category-ara=\u0641\u0626\u0629 \u0627\u0644\u0648\u062B\u064A\u0642\u0629
## masteradata holidays
mosip.admin.masterdata.card.holidays-eng=Holidays
mosip.admin.masterdata.card.holidays-fra=Vacances
mosip.admin.masterdata.card.holidays-ara=\u0627\u0644\u0639\u0637\u0644
## masterdata locations
mosip.admin.masterdata.card.locations-eng=Locations
mosip.admin.masterdata.card.locations-fra=Emplacements
mosip.admin.masterdata.card.locations-ara=\u0645\u0648\u0627\u0642\u0639
## masterdata template
mosip.admin.masterdata.card.templates-eng=Templates
mosip.admin.masterdata.card.templates-fra=Modèles
mosip.admin.masterdata.card.templates-ara=\u0642\u0648\u0627\u0644\u0628
## masterdata valid document
mosip.admin.masterdata.card.valid-document-eng=Valid Documents
mosip.admin.masterdata.card.valid-document-fra=Documents valides
mosip.admin.masterdata.card.valid-document-ara=\u0648\u062B\u0627\u0626\u0642 \u0635\u0627\u0644\u062D\u0629
## UIN activate/deactivate
mosip.admin.uinmgmt.uin-detail-search=${mosip.idrepo.identity.url}/v1/identity/uin/{uin}
mosip.kernel.packet-status-update-url=${mosip.regproc.transaction.service.url}/registrationprocessor/v1/registrationtransaction/search/
mosip.kernel.packet-reciever-api-url=${mosip.packet.receiver.url}/registrationprocessor/v1/packetreceiver/registrationpackets
mosip.kernel.zone-validation-url=${mosip.kernel.masterdata.url}/v1/masterdata/zones/authorize
mosip.kernel.registrationcenterid.length=5
mosip.kernel.audit.manager.api=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits
mosip.kernel.masterdata.audit-url=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits
mosip.admin-services.audit.manager.api=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits
mosip.open-id.base-url=${keycloak.internal.url}
mosip.admin-services.open-id.realmid=mosip
mosip.admin-services.open-id.login_flow.name=authorization_code
mosip.admin-services.open-id.clientid=mosip-admin-client
mosip.admin-services.open-id.clientsecret=${mosip.admin.client.secret}
mosip.admin-services.redirecturi=${mosip.api.internal.url}/v1/admin/login-redirect/
mosip.admin-services.open-id.login_flow.scope=email
mosip.admin-services.open-id.login_flow.response_type=code
mosip.admin-services.open-id.authorization_endpoint=${keycloak.internal.url}/auth/realms/{realmId}/protocol/openid-connect/auth
mosip.admin-services.open-id.token_endpoint=${keycloak.internal.url}/auth/realms/{realmId}/protocol/openid-connect/token
mosip.admin-services.cookie.security=true
mosip.ui.spec.default.domain=registration-client
## Security
mosip.security.csrf-enable=false
mosip.security.cors-enable=false
mosip.security.origins=localhost:8080
mosip.security.secure-cookie=false
# IAM
mosip.iam.module.login_flow.name=authorization_code
mosip.iam.module.clientID=mosip-admin-client
mosip.iam.module.clientsecret=${mosip.admin.client.secret}
mosip.iam.module.redirecturi=${mosip.api.internal.url}/v1/admin/login-redirect/
#mosip.iam.module.redirecturi=${tempuri}/v1/admin/login-redirect/
#mosip.iam.module.login_flow.scope=cls
mosip.iam.module.login_flow.scope=email
mosip.iam.module.login_flow.response_type=code
#This is the endpoint use by ui(browser) based applications to redirect to open-id system. This URL should be reachable through the browser.
mosip.iam.authorization_endpoint=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/auth
mosip.iam.module.admin_realm_id=mosip
mosip.iam.token_endpoint=${keycloak.internal.url}/auth/realms/mosip/protocol/openid-connect/token
mosip.iam.certs_endpoint=${keycloak.external.url}/auth/realms/mosip/protocol/openid-connect/certs
regproc.token.request.appid=regproc
regproc.token.request.clientId=mosip-regproc-client
regproc.token.request.secretKey=${mosip.regproc.client.secret}
regproc.token.request.id=io.mosip.registration.processor
regproc.token.request.version=1.0
KEYBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey
# IAM adapter
mosip.iam.adapter.appid=admin
mosip.iam.adapter.clientid=mosip-admin-client
mosip.iam.adapter.clientsecret=${mosip.admin.client.secret}
mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip
mosip.authmanager.client-token-endpoint=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey
# in minutes
mosip.iam.adapter.validate-expiry-check-rate=1440
# in minutes
mosip.iam.adapter.renewal-before-expiry-interval=1440
#this should be false if you don?t use this restTemplate true if you do
mosip.iam.adapter.self-token-renewal-enable=true
# LostRid
mosip.registration.processor.lostrid.id=mosip.registration.lostrid
mosip.registration.processor.lostrid.version=1.0
LOST_RID_API=${mosip.regproc.status.service.url}/registrationprocessor/v1/registrationstatus/lostridsearch
logging.level.org.springframework.web.client.RestTemplate=DEBUG
# Roles
mosip.role.admin.getpacketstatusupdate=REGISTRATION_ADMIN
mosip.role.admin.postbulkupload=GLOBAL_ADMIN,REGISTRATION_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN
mosip.role.admin.getbulkuploadtranscationtranscationid=GLOBAL_ADMIN,REGISTRATION_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN
mosip.role.admin.getbulkuploadgetalltransactions=GLOBAL_ADMIN,REGISTRATION_ADMIN,ZONAL_ADMIN,MASTERDATA_ADMIN
mosip.role.admin.postauditmanagerlog=GLOBAL_ADMIN,ZONAL_ADMIN
mosip.role.admin.getgeneratecsrcertificateapplicationidreferenceid=KEY_MAKER
mosip.role.admin.postuploadcertificate=KEY_MAKER
mosip.role.admin.postgeneratecsr=KEY_MAKER
mosip.role.admin.postuploadotherdomaincertificate=KEY_MAKER
mosip.role.admin.getlostRiddetailsrid=GLOBAL_ADMIN,ZONAL_ADMIN
mosip.role.admin.postlostRid=GLOBAL_ADMIN,ZONAL_ADMIN
mosip.role.admin.getapplicantDetailsrid=DIGITALCARD_ADMIN
mosip.role.admin.getapplicantDetailsgetLoginDetails=DIGITALCARD_ADMIN
mosip.role.admin.getriddigitalcardrid=DIGITALCARD_ADMIN
# packet-manager
mosip.commons.packetnames=id,evidence,optional
provider.packetreader.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|BIOMETRIC_CORRECTION,classname:io.mosip.commons.packet.impl.PacketReaderImpl
provider.packetwriter.mosip=source:REGISTRATION_CLIENT,process:NEW|UPDATE|LOST|BIOMETRIC_CORRECTION,classname:io.mosip.commons.packet.impl.PacketWriterImpl
objectstore.adapter.name=PosixAdapter
objectstore.crypto.name=OnlinePacketCryptoServiceImpl
default.provider.version=v1.0
object.store.base.location=./packets
objectstore.packet.source=REGISTRATION_CLIENT
packet.manager.account.name=PACKET_MANAGER_ACCOUNT
objectstore.packet.supervisor_biometrics_file_name=supervisor_bio_cbeff
objectstore.packet.officer_biometrics_file_name=officer_bio_cbeff
mosip.kernel.xsdstorage-uri = LOCAL
mosip.kernel.xsdfile = LOCAL
#----JSON Validator Component----
#Property Source of the Identity Schema. LOCAL specifies the schema is stored within the application. Should not be modified
mosip.kernel.jsonvalidator.property-source = LOCAL
#Storage Location of the Identity Schema. LOCAL specifies the schema is stored within the application. Should not be modified
mosip.kernel.jsonvalidator.file-storage-uri=LOCAL
mosip.kernel.machineid.length=5
auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/
MACHINE_GET_API=${mosip.kernel.masterdata.url}/v1/masterdata/machines/mappedmachines/
CRYPTOMANAGERDECRYPT_API=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt
CRYPTOMANAGER_DECRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/decrypt
CRYPTOMANAGER_ENCRYPT=${mosip.kernel.keymanager.url}/v1/keymanager/encrypt
mosip.kernel.syncdata-service-get-tpm-publicKey-url=${mosip.kernel.syncdata.url}/v1/syncdata/tpm/publickey/
mosip.admin.packetupload.packetsync.url=${mosip.regproc.status.service.url}/registrationprocessor/v1/registrationstatus/syncV2
mosip.admin.packetupload.packetsync.name=fullName,name,firstName,middleName,lastName
mosip.admin.packetupload.packetsync.email=email
mosip.admin.packetupload.packetsync.phone=phone
mosip.admin.audit.manager.eventName.pattern=^(Click|Page View): ([\\W|\\w]{1,100}$)
registration.processor.identityjson=identity-mapping.json
###Key manager url's used by KeyManagerDelegation api from admin-service to delegate request
mosip.kernel.keymanager.generatecsr=${mosip.kernel.keymanager.url}/v1/keymanager/generateCSR
mosip.kernel.keymanager.getcertificate=${mosip.kernel.keymanager.url}/v1/keymanager/getCertificate?
mosip.kernel.keymanager.uploadcertificate=${mosip.kernel.keymanager.url}/v1/keymanager/uploadCertificate
mosip.kernel.keymanager.uploadotherdomaincertificate=${mosip.kernel.keymanager.url}/v1/keymanager/uploadOtherDomainCertificate
# this property are used in AdminProxyService to get base url and version
mosip.admin.masterdata.service.url=http://masterdata.kernel/v1
mosip.admin.keymanager.service.url=http://keymanager.keymanager/v1
mosip.admin.masterdata.service.version=masterdata.kernel/v1
mosip.admin.keymanager.service.version=keymanager.keymanager/v1
mosip.admin.base.url=http:/
mosip.service.end-points=/**/masterdata/**,/**/keymanager/**
auth.allowed.urls=https://${mosip.admin.host}/
# query param usd to refer url to redirect after logout
mosip.iam.post-logout-uri-param-key=post_logout_redirect_uri
# end session endpoint in OIDC
mosip.iam.end-session-endpoint-path=/protocol/openid-connect/logout
#--------------------Applicant Details Api-----------------------------
mosip.admin.identityMappingJson=identity-mapping.json
mosip.admin.applicant-details.exposed-identity-fields=dob,applicantPhoto
RETRIEVE_IDENTITY_API=${mosip.idrepo.identity.url}/idrepository/v1/identity/idvid
## this property is used to configure max limit of search for the login user to get applicantDetails
mosip.admin.applicant-details.max.login.count=30
#-------------------Digital Card Api-----------------------------------
DIGITAL_CARD_STATUS_URL=${mosip.digitalcard.service.url}/v1/digitalcard