Register the MGM
This section describes how to register the MGM Membership Group Manager. May also be referred to as the Network Manager. It is a virtual node and Corda identity that acts as a central registrar for group membership. on a network. It contains the following:
Build Registration Context
To register the MGM, you must first generate the registration context:
The examples in this section set corda.group.key.session.policy
to Distinct
, indicating that the ledger and session
initiation key must not be the same key. This is the only supported mode at the moment.
- If you want to use certificates for session initiation keys for peer-to-peer communication, see Configuring Optional Session Certificates for information about the additional JSON fields required in the registration context.
- If you want to use mutual TLS, see Configuring Mutual TLS for additional configuration steps.
Build Registration Context Using Bash
To build the registration context using Bash, run the following command, replacing <TLS-CA-CERT>
with the PEM format certificate of the CA
Certificate Authority. The holders of a PKI trust root that can issue certificates to customers.
. This is the trustroot used to validate member
Corda identity that has been granted admission to a membership group. Synonym for a virtual node or group member.
certificates.
The certificate must all be on one line in the curl command. Replace new lines with \n
.
export TLS_CA_CERT=$(cat /tmp/ca/ca/root-certificate.pem | awk '{printf "%s\\n", $0}')
export REGISTRATION_CONTEXT='{
"corda.session.keys.0.id": "'$SESSION_KEY_ID'",
"corda.ecdh.key.id": "'$ECDH_KEY_ID'",
"corda.group.protocol.registration": "net.corda.membership.impl.registration.dynamic.member.DynamicMemberRegistrationService",
"corda.group.protocol.synchronisation": "net.corda.membership.impl.synchronisation.MemberSynchronisationServiceImpl",
"corda.group.protocol.p2p.mode": "Authenticated_Encryption",
"corda.group.key.session.policy": "Distinct",
"corda.group.pki.session": "NoPKI",
"corda.group.pki.tls": "Standard",
"corda.group.tls.type": "OneWay",
"corda.group.tls.version": "1.3",
"corda.endpoints.0.connectionURL": "https://'$P2P_GATEWAY_HOST':'$P2P_GATEWAY_PORT'",
"corda.endpoints.0.protocolVersion": "1",
"corda.group.trustroot.tls.0" : "'$TLS_CA_CERT'"
}'
Build Registration Context Using PowerShell
To build the registration context using PowerShell, run the following command, setting TLS_CA_CERT_PATH
to the certificate path:
$TLS_CA_CERT_PATH = "$env:TEMP\tmp\ca\ca\root-certificate.pem"
$REGISTRATION_CONTEXT = @{
'corda.session.keys.0.id' = $SESSION_KEY_ID
'corda.ecdh.key.id' = $ECDH_KEY_ID
'corda.group.protocol.registration' = "net.corda.membership.impl.registration.dynamic.member.DynamicMemberRegistrationService"
'corda.group.protocol.synchronisation' = "net.corda.membership.impl.synchronisation.MemberSynchronisationServiceImpl"
'corda.group.protocol.p2p.mode' = "Authenticated_Encryption"
'corda.group.key.session.policy' = "Distinct"
'corda.group.pki.session' = "NoPKI"
'corda.group.pki.tls' = "Standard"
'corda.group.tls.version' = "1.3"
'corda.endpoints.0.connectionURL' = "https://$P2P_GATEWAY_HOST:$P2P_GATEWAY_PORT"
'corda.endpoints.0.protocolVersion' = "1"
'corda.group.trustroot.tls.0' = [IO.File]::ReadAllText($TLS_CA_CERT_PATH)
}
Register the MGM
You can now use the registration context to register the MGM on the network:
Register the MGM using Bash
To register the MGM using Bash, run this command:
REGISTRATION_REQUEST='{"memberRegistrationRequest":{"context": '$REGISTRATION_CONTEXT'}}'
curl -k -u $REST_API_USER:$REST_API_PASSWORD -d "$REGISTRATION_REQUEST" $REST_API_URL/membership/$MGM_HOLDING_ID
For example:
curl -k -u $REST_API_USER:$REST_API_PASSWORD -d '{ "memberRegistrationRequest": { "context": {
"corda.session.keys.0.id": "D2FAF709052F",
"corda.ecdh.key.id": "E2FCF719062B",
"corda.group.protocol.registration": "net.corda.membership.impl.registration.dynamic.member.DynamicMemberRegistrationService",
"corda.group.protocol.synchronisation": "net.corda.membership.impl.synchronisation.MemberSynchronisationServiceImpl",
"corda.group.protocol.p2p.mode": "Authenticated_Encryption",
"corda.group.key.session.policy": "Distinct",
"corda.group.pki.session": "NoPKI",
"corda.group.pki.tls": "Standard",
"corda.group.tls.type": "OneWay",
"corda.group.tls.version": "1.3",
"corda.endpoints.0.connectionURL": "https://localhost:8080",
"corda.endpoints.0.protocolVersion": "1",
"corda.group.trustroot.tls.0" : "-----BEGIN CERTIFICATE-----\nMIIBLjCB1aADAgECAgECMAoGCCqGSM49BAMCMBAxDjAMBgNVBAYTBVVLIENOMB4X\nDTIyMDgyMzA4MDUzN1oXDTIyMDkyMjA4MDUzN1owEDEOMAwGA1UEBhMFVUsgQ04w\nWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASG6ijAvbmaIaIwKpZZqTeKmMKfoOPb\ncCK/BqdtKXVTt5AjJtiP/Uoq+481UEQyaUZYXGf5rC1owjT40U2B71qdoyAwHjAP\nBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBrjAKBggqhkjOPQQDAgNIADBFAiEA\n1h6WEfdWUXSjBcenf5ycXPkYQQzI92I54q2WaVVjQHwCIEBk1ov/hYp9RCCDPnJx\nk8WgCZIyhFe0pEmow7MuI/Zk\n-----END CERTIFICATE-----"
} } }' https://localhost:8888/api/v5_1/membership/EF19BF67E77C
Alternatively, using jq:
curl -k -u $REST_API_USER:$REST_API_PASSWORD -d $(
jq --arg session_key_id $SESSION_KEY_ID '.memberRegistrationRequest.context."corda.session.keys.0.id"=$session_key_id' | \
jq --arg ecdh_key_id $ECDH_KEY_ID '.memberRegistrationRequest.context."corda.ecdh.key.id"=$ecdh_key_id' | \
jq '.memberRegistrationRequest.context."corda.group.protocol.registration"="net.corda.membership.impl.registration.dynamic.member.DynamicMemberRegistrationService"' | \
jq '.memberRegistrationRequest.context."corda.group.protocol.synchronisation"="net.corda.membership.impl.synchronisation.MemberSynchronisationServiceImpl"' | \
jq '.memberRegistrationRequest.context."corda.group.protocol.p2p.mode"="Authenticated_Encryption"' | \
jq '.memberRegistrationRequest.context."corda.group.key.session.policy"="Distinct"' | \
jq '.memberRegistrationRequest.context."corda.group.pki.session"="NoPKI"' | \
jq '.memberRegistrationRequest.context."corda.group.pki.tls"="Standard"' | \
jq '.memberRegistrationRequest.context."corda.group.tls.version"="1.3"' | \
jq '.memberRegistrationRequest.context."corda.group.key.session.policy"="Distinct"' | \
jq --arg p2p_url "https://$P2P_GATEWAY_HOST:$P2P_GATEWAY_PORT" '.memberRegistrationRequest.context."corda.endpoints.0.connectionURL"=$p2p_url' | \
jq '.memberRegistrationRequest.context."corda.endpoints.0.protocolVersion"="1"' | \
jq --rawfile root_certicicate /tmp/ca/ca/root-certificate.pem '.memberRegistrationRequest.context."corda.group.trustroot.tls.0"=$root_certicicate' \
) $REST_API_URL/membership/$MGM_HOLDING_ID
Register the MGM using PowerShell
To register the MGM using PowerShell, run this command:
$REGISTER_RESPONSE = Invoke-RestMethod -SkipCertificateCheck -Headers @{Authorization=("Basic {0}" -f $AUTH_INFO)} -Method Post -Uri "$REST_API_URL/membership/$MGM_HOLDING_ID" -Body (ConvertTo-Json -Depth 4 @{
memberRegistrationRequest = @{
context = $REGISTRATION_CONTEXT
}
})
$REGISTER_RESPONSE.registrationStatus
Confirm Registration
Registration should return a successful response with the status SUBMITTED
.
You can confirm that the MGM was onboarded successfully by checking the status of the registration request.
The registration ID is returned from the member registration request:
export REGISTRATION_ID=<registration-ID>
curl -k -u $REST_API_USER:$REST_API_PASSWORD -X GET $REST_API_URL/membership/$MGM_HOLDING_ID/$REGISTRATION_ID
Invoke-RestMethod -SkipCertificateCheck -Headers @{Authorization=("Basic {0}" -f $AUTH_INFO)} -Uri "$REST_API_URL/membership/$MGM_HOLDING_ID/${RESGISTER_RESPONSE.registrationId}"
The status returned for the registration request will be one of the following:
APPROVED
: The registration request passed all validations and was approved by the MGM.NEW
: The member’s Corda cluster A complete set of worker processes. Clusters require a fully functioning virtual node infrastructure. has accepted and persisted the registration request submitted via the REST API but is yet to process it.INVALID
: The member’s Corda cluster processed the registration request submitted via the REST API and determined the input to be invalid and did not attempt to send the request to join the network to the MGM’s Corda cluster.SENT_TO_MGM
: The member’s Corda cluster processed the registration request submitted via the REST API and found the input to be valid so the request to join the network was forwarded to the MGM’s Corda cluster.RECEIVED_BY_MGM
: The MGM has received the registration request.DECLINED
: The MGM has received the registration request and it was rejected either automatically because of failed validation or manually by the Network Operator.PENDING_AUTO_APPROVAL
: The MGM has received the registration request and all automated validations were successful. The only remaining step is for the MGM to complete an automated approval before the member’s registration request takes effect.PENDING_MANUAL_APPROVAL
: The MGM has received the registration request and all automated validations were successful. The only remaining step is for the Network Operator to review and approve the registration via the REST API before the member’s registration request takes effect. To view requests pending manual approval, see Viewing Requests Pending Manual Approval.PENDING_MEMBER_VERIFICATION
: The MGM has completed initial validation of the registration request and is now waiting for the registering member to respond to a P2P message in order to validate the provided session initiation key The key for a virtual node, which is published in the `MemberInfo`, and used by Link Managers to authenticate and establish secure messaging sessions between network members. and P2P endpoint.FAILED
: The registration request submitted via the REST API passed initial validation on the member’s cluster but failed to be sent to the MGM.
Was this page helpful?
Thanks for your feedback!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.
We're sorry this page wasn't helpful. Let us know how we can make it better!
Chat with us
Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.
Create an issue
Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.
Propose documentation improvements directly
Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.