Configuration Properties

The Liveness Check Proxy application uses the following public configuration properties:

Database Configuration

Property Default Note
spring.datasource.url   Database JDBC URL
spring.datasource.username   Database JDBC username
spring.datasource.password   Database JDBC password
spring.jpa.hibernate.ddl-auto   Configuration of automatic database schema creation
spring.jpa.properties.hibernate.connection.characterEncoding utf8 Character encoding
spring.jpa.properties.hibernate.connection.useUnicode true Character encoding - Unicode support

REST Service Authentication Configuration

Access to REST services that provide sensitive information is restricted to users with elevated privileges. Please select your preferred authentication type and configure the settings bellow accordingly.

Property Default Note
liveness-check-proxy.security.auth.authType basic_http REST API authentication type. Either basic_http or oauth2.

Basic HTTP

If you select basic HTTP authentication, the following configuration properties may need to be adjusted. For detailed instructions on setting up basic HTTP authentication, refer to the deployment section.

Property Default Note
liveness-check-proxy.security.auth.basicHttp.realm Liveness Check Proxy Realm of the authentication to indicate a scope of protection.
liveness-check-proxy.security.auth.basicHttp.defaultPasswordEncoder sha_256 Default used hash algorithm to encode password. Either sha_256 or bcrypt.

Oauth2.x

If you select Oauth2 for authentication, review the following configuration properties to ensure they meet your requirements. For detailed setup instructions, refer to the deployment section.

Property Default Note
spring.security.oauth2.resource-server.jwt.issuer-uri   URL of the authorization server.
spring.security.oauth2.resource-server.jwt.audiences   A comma-separated list of allowed aud JWT claim values to be validated.
liveness-check-proxy.security.auth.oauth2.rolesClaimName roles Name of the token claim that contains the user roles.

User Details Provider Configuration

Property Default Note
liveness-check-proxy.user-details.provider user-data-store Provider of the User Details (mock, user-data-store).

User Data Store Configuration

Property Default Note
liveness-check-proxy.user-details.provider.user-data-store.serviceBaseUrl   Base URL of the user data store service REST API.
liveness-check-proxy.user-details.provider.user-data-store.serviceUserAgent Wultra/LivenessCheckProxy User agent to use when making HTTP calls to the user data store service.
liveness-check-proxy.user-details.provider.user-data-store.documentAttributes {} Attributes in JSON format that are included in document containing a photo for liveness check.
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.httpBasicAuthEnabled true Whether is the basic authentication enabled.
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.httpBasicAuthUsername   Basic authentication username.
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.httpBasicAuthPassword   Basic authentication password.
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.acceptInvalidSslCertificate false Whether invalid SSL certificate is accepted when calling User Data Store REST service.
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.maxInMemorySize 10485760 Maximum in memory size of HTTP requests when calling User Data Store REST service.
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.proxyEnabled false Whether proxy server is enabled when calling User Data Store REST service.
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.responseTimeout 60s Response timeout for User Data Store REST service calls.
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.maxIdleTime 200s Max idle time for User Data Store REST service calls.
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.proxyHost   Proxy host to be used when calling User Data Store REST service.
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.proxyPort   Proxy port to be used when calling User Data Store REST service.
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.proxyUsername   Proxy username to be used when calling User Data Store REST service.
liveness-check-proxy.user-details.provider.user-data-store.restClientConfig.proxyPassword   Proxy password to be used when calling User Data Store REST service.

Liveness Verification Provider Configuration

Property Default Note
liveness-check-proxy.verification.provider iproov Provider of the liveness verification (mock, innovatrics, iproov).

Innovatrics Configuration

Property Default Note
liveness-check-proxy.verification.provider.innovatrics.serviceBaseUrl   Base REST service URL for Innovatrics.
liveness-check-proxy.verification.provider.innovatrics.serviceToken   Authentication token for Innovatrics.
liveness-check-proxy.verification.provider.innovatrics.serviceUserAgent Wultra/LivenessCheckProxy User agent to use when making HTTP calls to Innovatrics REST service.
liveness-check-proxy.verification.provider.innovatrics.livenessScoreThreshold 0.875 Liveness verification minimal score threshold.
liveness-check-proxy.verification.provider.innovatrics.similarityScoreThreshold 0.322 Face matching minimal score threshold.
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.acceptInvalidSslCertificate false Whether invalid SSL certificate is accepted when calling Innovatrics REST service.
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.maxInMemorySize 10485760 Maximum in memory size of HTTP requests when calling Innovatrics REST service.
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.proxyEnabled false Whether proxy server is enabled when calling Innovatrics REST service.
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.responseTimeout 60s Response timeout for Innovatrics REST service calls.
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.maxIdleTime 200s Max idle time for Innovatrics REST service calls.
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.proxyHost   Proxy host to be used when calling Innovatrics REST service.
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.proxyPort   Proxy port to be used when calling Innovatrics REST service.
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.proxyUsername   Proxy username to be used when calling Innovatrics REST service.
liveness-check-proxy.verification.provider.innovatrics.restClientConfig.proxyPassword   Proxy password to be used when calling Innovatrics REST service.

See Innovatrics documentation regarding similarity score threshold and liveness score threshold for details how the score setting affects false acceptance rates (FAR) or false rejection rates (FRR).

iProov Configuration

Property Default Note
liveness-check-proxy.verification.provider.iproov.serviceBaseUrl   Base REST service URL for iProov.
liveness-check-proxy.verification.provider.iproov.apiKey   The API key of the service provider.
liveness-check-proxy.verification.provider.iproov.apiSecret   The API secret for the service provider
liveness-check-proxy.verification.provider.iproov.oAuthClientUsername   OAuth client username to iProov REST service.
liveness-check-proxy.verification.provider.iproov.oAuthClientPassword   OAuth client password to iProov REST service.
liveness-check-proxy.verification.provider.iproov.selfieExpected false Whether a selfie of a user is expected to be included in the verification response.
liveness-check-proxy.verification.provider.iproov.assuranceType genuine_presence The assurance type of the claim (genuine_presence or liveness).
liveness-check-proxy.verification.provider.iproov.riskProfile   The pre-defined risk profile to use for this claim.
liveness-check-proxy.verification.provider.iproov.imageSource oid The source of the image (i.e. Electronic ID eid, Optical ID oid or Selfie selfie).
liveness-check-proxy.verification.provider.iproov.serviceUserAgent Wultra/LivenessCheckProxy User agent to use when making HTTP calls to iProov REST service.
liveness-check-proxy.verification.provider.iproov.restClientConfig.acceptInvalidSslCertificate false Whether invalid SSL certificate is accepted when calling iProov REST service.
liveness-check-proxy.verification.provider.iproov.restClientConfig.maxInMemorySize 10485760 Maximum in memory size of HTTP requests when calling iProov REST service.
liveness-check-proxy.verification.provider.iproov.restClientConfig.proxyEnabled false Whether proxy server is enabled when calling iProov REST service.
liveness-check-proxy.verification.provider.iproov.restClientConfig.responseTimeout 60s Response timeout for iProov REST service calls.
liveness-check-proxy.verification.provider.iproov.restClientConfig.maxIdleTime 200s Max idle time for iProov REST service calls.
liveness-check-proxy.verification.provider.iproov.restClientConfig.proxyHost   Proxy host to be used when calling iProov REST service.
liveness-check-proxy.verification.provider.iproov.restClientConfig.proxyPort   Proxy port to be used when calling iProov REST service.
liveness-check-proxy.verification.provider.iproov.restClientConfig.proxyUsername   Proxy username to be used when calling iProov REST service.
liveness-check-proxy.verification.provider.iproov.restClientConfig.proxyPassword   Proxy password to be used when calling iProov REST service.

It is recommended to configure iProov service via the iProov’s support team to:

  • Enable frame response feature to receive image of the verified person from successful verification process for audit purpose.
  • Enable reason response feature to receive a more detailed description of the verification process failure.
Last updated on Sep 11, 2024 (16:39) Edit on Github Send Feedback
Search

develop

Liveness Check Proxy