Configuration Properties
The Liveness Check Proxy application uses the following public configuration properties:
Database Configuration
| Property | Default | Note |
|---|---|---|
spring.datasource.url |
Database JDBC URL | |
spring.datasource.username |
Database JDBC username | |
spring.datasource.password |
Database JDBC password | |
spring.jpa.hibernate.ddl-auto |
Configuration of automatic database schema creation | |
spring.jpa.properties.hibernate.connection.characterEncoding |
utf8 |
Character encoding |
spring.jpa.properties.hibernate.connection.useUnicode |
true |
Character encoding - Unicode support |
REST Service Authentication Configuration
Access to REST services that provide sensitive information is restricted to users with elevated privileges. Please select your preferred authentication type and configure the settings bellow accordingly.
| Property | Default | Note |
|---|---|---|
liveness-check-proxy.security.auth.authType |
basic_http |
REST API authentication type. Either basic_http or oauth2. |
Basic HTTP
If you select basic HTTP authentication, the following configuration properties may need to be adjusted. For detailed instructions on setting up basic HTTP authentication, refer to the deployment section.
| Property | Default | Note |
|---|---|---|
liveness-check-proxy.security.auth.basicHttp.realm |
Liveness Check Proxy |
Realm of the authentication to indicate a scope of protection. |
liveness-check-proxy.security.auth.basicHttp.defaultPasswordEncoder |
sha_256 |
Default used hash algorithm to encode password. Either sha_256 or bcrypt. |
Oauth2.x
If you select Oauth2 for authentication, review the following configuration properties to ensure they meet your requirements. For detailed setup instructions, refer to the deployment section.
| Property | Default | Note |
|---|---|---|
spring.security.oauth2.resource-server.jwt.issuer-uri |
URL of the authorization server. | |
spring.security.oauth2.resource-server.jwt.audiences |
A comma-separated list of allowed aud JWT claim values to be validated. |
|
liveness-check-proxy.security.auth.oauth2.rolesClaimName |
roles |
Name of the token claim that contains the user roles. |
User Details Provider Configuration
| Property | Default | Note |
|---|---|---|
liveness-check-proxy.user-details.provider |
user-data-store |
Provider of the User Details (mock, user-data-store). |
User Data Store Configuration
| Property | Default | Note |
|---|---|---|
liveness-check-proxy.user-details.provider.user-data-store.serviceBaseUrl |
Base URL of the user data store service REST API. | |
liveness-check-proxy.user-details.provider.user-data-store.serviceUserAgent |
Wultra/LivenessCheckProxy |
User agent to use when making HTTP calls to the user data store service. |
liveness-check-proxy.user-details.provider.user-data-store.documentAttributes |
{} |
Attributes in JSON format that are included in document containing a photo for liveness check. |
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.httpBasicAuthEnabled |
true |
Whether is the basic authentication enabled. |
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.httpBasicAuthUsername |
Basic authentication username. | |
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.httpBasicAuthPassword |
Basic authentication password. | |
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.acceptInvalidSslCertificate |
false |
Whether invalid SSL certificate is accepted when calling User Data Store REST service. |
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.maxInMemorySize |
10485760 |
Maximum in memory size of HTTP requests when calling User Data Store REST service. |
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.proxyEnabled |
false |
Whether proxy server is enabled when calling User Data Store REST service. |
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.responseTimeout |
60s |
Response timeout for User Data Store REST service calls. |
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.maxIdleTime |
200s |
Max idle time for User Data Store REST service calls. |
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.proxyHost |
Proxy host to be used when calling User Data Store REST service. | |
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.proxyPort |
Proxy port to be used when calling User Data Store REST service. | |
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.proxyUsername |
Proxy username to be used when calling User Data Store REST service. | |
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.proxyPassword |
Proxy password to be used when calling User Data Store REST service. |
Liveness Verification Provider Configuration
| Property | Default | Note |
|---|---|---|
liveness-check-proxy.verification.provider |
iproov |
Provider of the liveness verification (mock, innovatrics, iproov). |
Innovatrics Configuration
| Property | Default | Note |
|---|---|---|
liveness-check-proxy.verification.provider.innovatrics.serviceBaseUrl |
Base REST service URL for Innovatrics. | |
liveness-check-proxy.verification.provider.innovatrics.serviceToken |
Authentication token for Innovatrics. | |
liveness-check-proxy.verification.provider.innovatrics.serviceUserAgent |
Wultra/LivenessCheckProxy |
User agent to use when making HTTP calls to Innovatrics REST service. |
liveness-check-proxy.verification.provider.innovatrics.livenessScoreThreshold |
0.875 | Liveness verification minimal score threshold. |
liveness-check-proxy.verification.provider.innovatrics.similarityScoreThreshold |
0.322 | Face matching minimal score threshold. |
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.acceptInvalidSslCertificate |
false |
Whether invalid SSL certificate is accepted when calling Innovatrics REST service. |
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.maxInMemorySize |
10485760 |
Maximum in memory size of HTTP requests when calling Innovatrics REST service. |
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.proxyEnabled |
false |
Whether proxy server is enabled when calling Innovatrics REST service. |
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.responseTimeout |
60s |
Response timeout for Innovatrics REST service calls. |
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.maxIdleTime |
200s |
Max idle time for Innovatrics REST service calls. |
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.proxyHost |
Proxy host to be used when calling Innovatrics REST service. | |
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.proxyPort |
Proxy port to be used when calling Innovatrics REST service. | |
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.proxyUsername |
Proxy username to be used when calling Innovatrics REST service. | |
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.proxyPassword |
Proxy password to be used when calling Innovatrics REST service. |
See Innovatrics documentation regarding similarity score threshold and liveness score threshold for details how the score setting affects false acceptance rates (FAR) or false rejection rates (FRR).
iProov Configuration
| Property | Default | Note |
|---|---|---|
liveness-check-proxy.verification.provider.iproov.serviceBaseUrl |
Base REST service URL for iProov. | |
liveness-check-proxy.verification.provider.iproov.apiKey |
The API key of the service provider. | |
liveness-check-proxy.verification.provider.iproov.apiSecret |
The API secret for the service provider | |
liveness-check-proxy.verification.provider.iproov.oAuthClientUsername |
OAuth client username to iProov REST service. | |
liveness-check-proxy.verification.provider.iproov.oAuthClientPassword |
OAuth client password to iProov REST service. | |
liveness-check-proxy.verification.provider.iproov.selfieExpected |
false |
Whether a selfie of a user is expected to be included in the verification response. |
liveness-check-proxy.verification.provider.iproov.assuranceType |
genuine_presence |
The assurance type of the claim (genuine_presence or liveness). |
liveness-check-proxy.verification.provider.iproov.riskProfile |
The pre-defined risk profile to use for this claim. | |
liveness-check-proxy.verification.provider.iproov.imageSource |
oid |
The source of the image (i.e. Electronic ID eid, Optical ID oid or Selfie selfie). |
liveness-check-proxy.verification.provider.iproov.serviceUserAgent |
Wultra/LivenessCheckProxy |
User agent to use when making HTTP calls to iProov REST service. |
liveness-check-proxy.verification.provider.iproov.restClientConfig.acceptInvalidSslCertificate |
false |
Whether invalid SSL certificate is accepted when calling iProov REST service. |
liveness-check-proxy.verification.provider.iproov.restClientConfig.maxInMemorySize |
10485760 |
Maximum in memory size of HTTP requests when calling iProov REST service. |
liveness-check-proxy.verification.provider.iproov.restClientConfig.proxyEnabled |
false |
Whether proxy server is enabled when calling iProov REST service. |
liveness-check-proxy.verification.provider.iproov.restClientConfig.responseTimeout |
60s |
Response timeout for iProov REST service calls. |
liveness-check-proxy.verification.provider.iproov.restClientConfig.maxIdleTime |
200s |
Max idle time for iProov REST service calls. |
liveness-check-proxy.verification.provider.iproov.restClientConfig.proxyHost |
Proxy host to be used when calling iProov REST service. | |
liveness-check-proxy.verification.provider.iproov.restClientConfig.proxyPort |
Proxy port to be used when calling iProov REST service. | |
liveness-check-proxy.verification.provider.iproov.restClientConfig.proxyUsername |
Proxy username to be used when calling iProov REST service. | |
liveness-check-proxy.verification.provider.iproov.restClientConfig.proxyPassword |
Proxy password to be used when calling iProov REST service. |
It is recommended to configure iProov service via the iProov’s support team to:
- Enable
frameresponse feature to receive image of the verified person from successful verification process for audit purpose. - Enable
reasonresponse feature to receive a more detailed description of the verification process failure.
Last updated on Sep 11, 2024 (16:39)
Edit on Github
Send Feedback