📔Configure eSignet Auth Provider for ID Authentication
Last updated
Last updated
This document provides instructions on how to configure eSignet Authentication Provider in PBMS to help the end-users to utilise the eSignet option to log into PBMS.
Create an eSignet client for PBMS/Social Registry as given in eSignet Client Creation guide.
Create a public key and a private key JWKS pair. Use the public key JWK during eSignet creation and keep the private key JWK.
Allowed redirect URIs of the client must contain
https://socialregistry.your.org/auth_oauth/g2p_registry_id/authenticate
Create two ID types on the Registry such as NATIONAL ID and NATIONAL ID TOKEN. To configure ID types refer the Configure ID Types documentation.
Install the OpenID Connect Authentication and G2P Auth: OIDC - Reg ID module.
Click the main menu icon and select Settings.
The Settings screen is displayed.
Select the tab Users & Companies, and click the option OAUTH Providers.
Providers screen is displayed.
Click the New button.
Providers New screen is displayed.
Enter the values in the respective fields.
For example, the fields, their descriptions, and sample values are given below.
Provider name
Enter the provider name.
For example: eSignet for beneficiary portal
Auth Flow
Select the option OpenID Connect Authorization Code Flow from the drop-down.
Token Map
You can find a default value. In the default value replace sub: user_id with individual_id: user_id.
Client ID
The ID of the eSignet client.
To learn more refer to eSignet Client Creation.
Client Authentication Method
Select the option Private Key JWT from the drop-down.
Client Private Key
The Client Private Key of the eSignet client. To learn more, refer to eSignet Client Creation.
Allowed
Uncheck the box.
Allowed in Self Service Portal
Uncheck the box.
Allowed in Service Provider Portal
Uncheck the box.
Login button label
Enter the label name for the eSignet Login button.
For example: Login with eSignet.
Note: This text with the button name will appear on login page.
Authorization URL, Userinfo URL, Token Endpoint, JWKS URL
These are to be configured as available in the well-known config of eSignet.
Verify Access Token Hash
Check the box to enable the option Verify Access Token.
Allow Signup
Select the option Denies user signup (invitation only) from the drop-down.
Sync User Groups
Select the option Never from the drop-down.
G2P REG ID SETTINGS
G2P Registrant ID Type
Enter the configured ID type
For example: NATIONAL ID.
Note:
The rest of the fields have the default values.
This completes the process of configuring the eSignet Authentication Provider in SR.
To know the process on authenticate an individual, refer ID Authentication Process documentation.
Click the icon to save the changes.
