📔Configure eSignet Auth Provider for ID Authentication
Last updated
Last updated
Copyright © 2024 OpenG2P. This work is licensed under Creative Commons Attribution International LicenseCC-BY-4.0 unless otherwise noted.
This document provides instructions on how to configure eSignet Authentication Provider in PBMS to help the end-users to utilise the eSignet option to log into PBMS.
Create an eSignet client for PBMS/Social Registry as given in eSignet Client Creation guide.
Create a public key and a private key JWKS pair. Use the public key JWK during eSignet creation and keep the private key JWK.
Allowed redirect URIs of the client must contain
https://socialregistry.your.org/auth_oauth/g2p_registry_id/authenticate
Create two ID types on the Registry such as NATIONAL ID and NATIONAL ID TOKEN. To configure ID types refer the Configure ID Types documentation.
Install the OpenID Connect Authentication and G2P Auth: OIDC - Reg ID module.
Click the main menu icon and select Settings.
The Settings screen is displayed.
Select the tab Users & Companies, and click the option OAUTH Providers.
Providers screen is displayed.
Click the New button.
Providers New screen is displayed.
Enter the values in the respective fields.
For example, the fields, their descriptions, and sample values are given below.
| Feature | Description | Value |
|---|---|---|
Provider name | Enter the provider name. | For example: eSignet for beneficiary portal |
Auth Flow | Select the option OpenID Connect Authorization Code Flow from the drop-down. | |
Token Map | You can find a default value. In the default value replace | |
Client ID | The ID of the eSignet client. To learn more refer to eSignet Client Creation. | |
Client Authentication Method | Select the option Private Key JWT from the drop-down. | |
Client Private Key | The Client Private Key of the eSignet client. To learn more, refer to eSignet Client Creation. | |
Allowed | Uncheck the box. | |
Allowed in Self Service Portal | Uncheck the box. | |
Allowed in Service Provider Portal | Uncheck the box. | |
Login button label | Enter the label name for the eSignet Login button. | For example: Note: This text with the button name will appear on login page. |
Authorization URL, Userinfo URL, Token Endpoint, JWKS URL | These are to be configured as available in the well-known config of eSignet. | |
Verify Access Token Hash | Check the box to enable the option Verify Access Token. | |
Allow Signup | Select the option Denies user signup (invitation only) from the drop-down. | |
Sync User Groups | Select the option Never from the drop-down. | |
G2P REG ID SETTINGS | ||
G2P Registrant ID Type | Enter the configured ID type | For example: |
Note:
The rest of the fields have the default values.
This completes the process of configuring the eSignet Authentication Provider in SR.
To know the process on authenticate an individual, refer ID Authentication Process documentation.
Click the icon to save the changes.
