latest
Community
Blog
License

📔Configure eSignet Auth Provider for ID Authentication

This document provides instructions on how to configure eSignet Authentication Provider in PBMS to help the end-users to utilise the eSignet option to log into PBMS.

Prerequisites

  • Create an eSignet client for PBMS/Social Registry as given in eSignet Client Creation guide.

    • Create a public key and a private key JWKS pair. Use the public key JWK during eSignet creation and keep the private key JWK.

    • Allowed redirect URIs of the client must contain

      https://socialregistry.your.org/auth_oauth/g2p_registry_id/authenticate

  • Create two ID types on the Registry such as NATIONAL ID and NATIONAL ID TOKEN. To configure ID types refer the Configure ID Types documentation.

  • Install the OpenID Connect Authentication and G2P Auth: OIDC - Reg ID module.

Procedure

The Settings screen is displayed.

  1. Select the tab Users & Companies, and click the option OAUTH Providers.

Providers screen is displayed.

  1. Click the New button.

Providers New screen is displayed.

  1. Enter the values in the respective fields.

For example, the fields, their descriptions, and sample values are given below.

FeatureDescriptionValue

Provider name

Enter the provider name.

For example: eSignet for beneficiary portal

Auth Flow

Select the option OpenID Connect Authorization Code Flow from the drop-down.

Token Map

You can find a default value. In the default value replace sub: user_id with individual_id: user_id.

Client ID

The ID of the eSignet client.

To learn more refer to eSignet Client Creation.

Client Authentication Method

Select the option Private Key JWT from the drop-down.

Client Private Key

The Client Private Key of the eSignet client. To learn more, refer to eSignet Client Creation.

Allowed

Uncheck the box.

Allowed in Self Service Portal

Uncheck the box.

Allowed in Service Provider Portal

Uncheck the box.

Login button label

Enter the label name for the eSignet Login button.

For example: Login with eSignet.

Note: This text with the button name will appear on login page.

Authorization URL, Userinfo URL, Token Endpoint, JWKS URL

These are to be configured as available in the well-known config of eSignet.

Verify Access Token Hash

Check the box to enable the option Verify Access Token.

Allow Signup

Select the option Denies user signup (invitation only) from the drop-down.

Sync User Groups

Select the option Never from the drop-down.

G2P REG ID SETTINGS

G2P Registrant ID Type

Enter the configured ID type

For example: NATIONAL ID.

Note:

The rest of the fields have the default values.

This completes the process of configuring the eSignet Authentication Provider in SR.

To know the process on authenticate an individual, refer ID Authentication Process documentation.

PreviousUser GuidesNextID Authentication Process

Last updated

Logo

Copyright © 2024 OpenG2P. This work is licensed under Creative Commons Attribution International LicenseCC-BY-4.0 unless otherwise noted.