DIVOC
DIVOC 3.0
DIVOC 3.0
  • Introduction to DIVOC
    • What DIVOC is and what it's not
    • DIVOC Docs Index
  • Platform
    • Release Notes
      • DIVOC 2.0 Release Features
      • DIVOC 3.0 Release Features
    • Specification
      • API Documentation
      • Setting up DIVOC development environment
    • DIVOC's Verifiable Certificate Features 2.0
      • Creating a DIVOC Certificate
        • Overview of DIVOC’s digital certificates
        • What information is included in the DIVOC certificate?
        • DIVOC’s certificate generation service: How does it work?
        • Compliance with internationally used COVID-19 certificate schemas
      • Distributing a DIVOC Certificate
      • Updating a DIVOC Certificate
      • Revoking a DIVOC Certificate
      • Verifying a DIVOC Certificate
      • DIVOC's Native COVID-19 Certificate Specification
      • DIVOC’s EU-DCC Adapter Service
      • DIVOC’s SHC Adapter Service
      • Adding a User Type in DIVOC
      • Printing Certificates at a Facility
      • Normal QR Code Versus Signed/Verifiable QR Code
      • What Information Goes Into a QR Code?
      • WHO Master Vaccine Checklist
      • EU Master Vaccine Checklist
    • DIVOC's Verifiable Certificate Features 3.0
      • How to Configure a New Tenant?
      • How to Access the VC System and Generate Tokens
      • How to Generate Certificates
      • How to Fetch Certificates
      • How to Update Certificates
      • How to Revoke Certificates
      • How to Suspend Certificates
    • DIVOC Architecture
    • Installation
      • Skills needed to set up DIVOC
      • Implementation Checklist
      • Setting Up DIVOC in k8 Cluster
        • How to Install DIVOC
        • How to Install DIVOC for V3.0
        • Backup & Restore: Postgres, Clickhouse, Kafka, & Redis
        • Infrastructure Recovery
        • Server Hardening
    • Verifiable Credential (VC): Production Deployment
    • Configuration
      • Configuring the Certification and Verification Component
        • Generating Signed Key Pairs
        • Configuring certificates
          • Step 1: Create a certification generation request
          • Step 2: Configure the QR code content
          • Step 3: Configure the certificate template
        • How to set up the verification portal for implementation
        • How to configure the update certificate API
        • Configuring Environment Variables in 2.0
      • Configuration Management Via ETCD
        • Adding a New Vaccine and ICD-11 Mapping
          • Adding a New Vaccine and ICD-11 Mapping Using ETCD CLI
        • PDF Template Change for Vaccine Certificates
          • PDF Template Change for Vaccine Certificates via ETCD CLI
        • EU Vaccine Configurations
          • Adding a New Vaccine and its Mapping via ETCD CLI
        • Payload Changes in the QR Code
          • Payload Changes in the QR Code via ETCD CLI
    • Performance Report
  • Products
    • Issuing COVID-19 Vaccination Certificates in India
    • Issuing COVID-19 Test Reports in India
    • Issuing COVID-19 Vaccination Certificates in Sri Lanka
    • Issuing COVID-19 Vaccination Certificates in the Philippines
    • Issuing COVID-19 Vaccination Certificates in Jamaica
      • Troubleshooting
    • Issuing COVID-19 Vaccination Certificates in Indonesia
    • Open Events
      • Past Events
      • DIVOC in the Media
  • DIVOC Demo
    • Program Setup (Via Orchestration Module)
    • Facility App
    • Issue and Verify Certificates
    • Citizen Portal
    • Feedback
    • Analytics
  • Community
    • Roadmap
    • Partner Support
      • Terms and Conditions of Using the DIVOC Site
      • Privacy Policy: Short Version for Display
      • Privacy Policy: Detailed
      • Platform Policy Guidelines
      • Privacy Policy Recommendations
      • Troubleshooting Guide
    • Source Code
    • Discussion Forum
    • Issues
    • Project Repo
Powered by GitBook
On this page
  • Set up Keycloak
  • Set up Mail for Admin User on Keycloak
  • Create Tenant
  1. Platform
  2. DIVOC's Verifiable Certificate Features 3.0

How to Configure a New Tenant?

In this section, we will go through the steps involved in a typical flow, starting from creating new tenants to enabling them to create schemas and verifiable credentials (VCs).

Set up Keycloak

  • Login to the Keycloak console (localhost/auth/admin) as admin (password: admin). If you are getting https required error while trying to access the Keycloak console, run the following commands to set the SSL requirement of external requests to NONE (Note: This should be reverted back once the https is set up and moved to production).

- Connect to the registry DB and run the following query (Postgres DB configured in the docker compose file):

update REALM set ssl_required='NONE' where id = 'master';

- Restart Keycloak service:

docker-compose -f docker-compose-vc-issuance.yml up -d --build --no-deps keycloak

  • The Sunbird-RC realm must have already been created due to the volume mounting of the realm file in the docker compose file.

  • Click on Clients in the configure section on the left pane and click on admin-api.

  • Go to the credentials tab. Click on Regenerate Secret and copy the new secret.

  • Change the sunbird_sso_admin_client_secret to the copied secret in the docker-compose-vc-issuance.yml.

  • Rebuild and restart the registry service that uses sunbird_sso_admin_client_secret.

docker-compose -f docker-compose-vc-issuance.yml up -d --build --no-deps vc-registry

Set up Mail for Admin User on Keycloak

This step can be skipped during the development phase and user activation can be directly done in Keycloak. The following section explains how that can be done: The admin user can create tenants using the token generated with client-credentials of the admin-api. When a tenant is created, Keycloak should send out an email to the tenant user id (email id of tenant). The email account should be configured to the Keycloak admin user.

  • Click on the ‘Admin’ username at the top right corner, select “manage account” >> “Personal Info” and update the first name, the last name, and the email address in the admin user profile.

  • Go back to the Sunbird-RC realm page. Navigate to the ‘Email’ tab in the “realm-settings” section.

  • Update the email configuration with smtp address, host, email address and password (The app password should be used in the password field, which can be obtained after setting up your email to send emails via third-party applications).

  • Test the connection to check if the email has been properly set up.

Create Tenant

  • Make a request to Keycloak with the client_credentials to generate a JWT, which will further be used to create tenants.

  • Create a tenant using the token received in the above step, with the userId as the email Id of the tenant. This creates a tenant with the default password: abcd@123.

  • The tenant account can either be:

    - Enabled/activated using the tenant portal (localhost) by setting up a new password and email confirmation,

  • (or)

    - Navigate to the Keycloak UI users section in the Sunbird-RC realm and select the tenant user created. Toggle the “Email Verified” button to ‘ON’ and empty the “Required user actions” and save.

PreviousDIVOC's Verifiable Certificate Features 3.0NextHow to Access the VC System and Generate Tokens

Last updated 2 years ago

All content on this page by is licensed under a .

eGov Foundation
Creative Commons Attribution 4.0 International License
Creative Commons License