📔Configure eSignet Auth Provider for ID Authentication

This document provides instructions on how to configure eSignet Authentication Provider in PBMS to help the end-users to utilise the eSignet option to log into PBMS.

Prerequisites

Create an eSignet client for PBMS/Social Registry as given in eSignet Client Creation guide.
- Create a public key and a private key JWKS pair. Use the public key JWK during eSignet creation and keep the private key JWK.
- Allowed redirect URIs of the client must contain
  https://socialregistry.your.org/auth_oauth/g2p_registry_id/authenticate
Create two ID types on the Registry such as NATIONAL ID and NATIONAL ID TOKEN. To configure ID types refer the Configure ID Types documentation.
Install the OpenID Connect Authentication and G2P Auth: OIDC - Reg ID module.

Procedure

Click the main menu icon and select Settings.

The Settings screen is displayed.

Select the tab Users & Companies, and click the option OAUTH Providers.

Providers screen is displayed.

Click the New button.

Providers New screen is displayed.

Enter the values in the respective fields.

For example, the fields, their descriptions, and sample values are given below.

Feature

Description

Value

Provider name

Enter the provider name.

For example: eSignet for beneficiary portal

Auth Flow

Select the option OpenID Connect Authorization Code Flow from the drop-down.

Token Map

You can find a default value. In the default value replace sub: user_id with individual_id: user_id.

Client ID

The ID of the eSignet client.

To learn more refer to eSignet Client Creation.

Client Authentication Method

Select the option Private Key JWT from the drop-down.

Client Private Key

The Client Private Key of the eSignet client. To learn more, refer to eSignet Client Creation.

Allowed

Uncheck the box.

Allowed in Self Service Portal

Uncheck the box.

Allowed in Service Provider Portal

Uncheck the box.

Enter the label name for the eSignet Login button.

For example: Login with eSignet.

Note: This text with the button name will appear on login page.

Authorization URL, Userinfo URL, Token Endpoint, JWKS URL

These are to be configured as available in the well-known config of eSignet.

Verify Access Token Hash

Check the box to enable the option Verify Access Token.

Allow Signup

Select the option Denies user signup (invitation only) from the drop-down.

Sync User Groups

Select the option Never from the drop-down.

G2P REG ID SETTINGS

G2P Registrant ID Type

Enter the configured ID type

For example: NATIONAL ID.

Note:

The rest of the fields have the default values.

This completes the process of configuring the eSignet Authentication Provider in SR.

To know the process on authenticate an individual, refer ID Authentication Process documentation.

PreviousUser Guides NextID Authentication Process

Last updated 5 months ago

Was this helpful?