Register the MGM heading-link-icon

This section describes how to register the MGM Membership Group Manager. May also be referred to as the Network Manager. It is a virtual node and Corda identity that acts as a central registrar for group membership. on a network. It contains the following:

  1. Build Registration Context
  2. Register the MGM
  3. Confirm Registration

To register the MGM, you must first generate the registration context:

The examples in this section set corda.group.key.session.policy to Distinct, indicating that the ledger and session initiation key must not be the same key. This is the only supported mode at the moment.

To build the registration context using Bash, run the following command, replacing <TLS-CA-CERT> with the PEM format certificate of the CA Certificate Authority. The holders of a PKI trust root that can issue certificates to customers. . This is the trustroot used to validate member Corda identity that has been granted admission to a membership group. Synonym for a virtual node or group member. certificates. The certificate must all be on one line in the curl command. Replace new lines with \n.

export TLS_CA_CERT=$(cat /tmp/ca/ca/root-certificate.pem | awk '{printf "%s\\n", $0}')
export REGISTRATION_CONTEXT='{
  "corda.session.keys.0.id": "'$SESSION_KEY_ID'",
  "corda.ecdh.key.id": "'$ECDH_KEY_ID'",
  "corda.group.protocol.registration": "net.corda.membership.impl.registration.dynamic.member.DynamicMemberRegistrationService",
  "corda.group.protocol.synchronisation": "net.corda.membership.impl.synchronisation.MemberSynchronisationServiceImpl",
  "corda.group.protocol.p2p.mode": "Authenticated_Encryption",
  "corda.group.key.session.policy": "Distinct",
  "corda.group.pki.session": "NoPKI",
  "corda.group.pki.tls": "Standard",
  "corda.group.tls.type": "OneWay",
  "corda.group.tls.version": "1.3",
  "corda.endpoints.0.connectionURL": "https://'$P2P_GATEWAY_HOST':'$P2P_GATEWAY_PORT'",
  "corda.endpoints.0.protocolVersion": "1",
  "corda.group.trustroot.tls.0" : "'$TLS_CA_CERT'"
}'

To build the registration context using PowerShell, run the following command, setting TLS_CA_CERT_PATH to the certificate path:

$TLS_CA_CERT_PATH = "$env:TEMP\tmp\ca\ca\root-certificate.pem"
$REGISTRATION_CONTEXT = @{
  'corda.session.keys.0.id' =  $SESSION_KEY_ID
  'corda.ecdh.key.id' = $ECDH_KEY_ID
  'corda.group.protocol.registration' = "net.corda.membership.impl.registration.dynamic.member.DynamicMemberRegistrationService"
  'corda.group.protocol.synchronisation' = "net.corda.membership.impl.synchronisation.MemberSynchronisationServiceImpl"
  'corda.group.protocol.p2p.mode' = "Authenticated_Encryption"
  'corda.group.key.session.policy' = "Distinct"
  'corda.group.pki.session' = "NoPKI"
  'corda.group.pki.tls' = "Standard"
  'corda.group.tls.version' = "1.3"
  'corda.endpoints.0.connectionURL' = "https://$P2P_GATEWAY_HOST:$P2P_GATEWAY_PORT"
  'corda.endpoints.0.protocolVersion' = "1"
  'corda.group.trustroot.tls.0'  =  [IO.File]::ReadAllText($TLS_CA_CERT_PATH)
}

You can now use the registration context to register the MGM on the network:

To register the MGM using Bash, run this command:

REGISTRATION_REQUEST='{"memberRegistrationRequest":{"context": '$REGISTRATION_CONTEXT'}}'
curl -k -u $REST_API_USER:$REST_API_PASSWORD -d "$REGISTRATION_REQUEST" $REST_API_URL/membership/$MGM_HOLDING_ID

For example:

curl -k -u $REST_API_USER:$REST_API_PASSWORD -d '{ "memberRegistrationRequest": { "context": {
  "corda.session.keys.0.id": "D2FAF709052F",
  "corda.ecdh.key.id": "E2FCF719062B",
  "corda.group.protocol.registration": "net.corda.membership.impl.registration.dynamic.member.DynamicMemberRegistrationService",
  "corda.group.protocol.synchronisation": "net.corda.membership.impl.synchronisation.MemberSynchronisationServiceImpl",
  "corda.group.protocol.p2p.mode": "Authenticated_Encryption",
  "corda.group.key.session.policy": "Distinct",
  "corda.group.pki.session": "NoPKI",
  "corda.group.pki.tls": "Standard",
  "corda.group.tls.type": "OneWay",
  "corda.group.tls.version": "1.3",
  "corda.endpoints.0.connectionURL": "https://localhost:8080",
  "corda.endpoints.0.protocolVersion": "1",
  "corda.group.trustroot.tls.0" : "-----BEGIN CERTIFICATE-----\nMIIBLjCB1aADAgECAgECMAoGCCqGSM49BAMCMBAxDjAMBgNVBAYTBVVLIENOMB4X\nDTIyMDgyMzA4MDUzN1oXDTIyMDkyMjA4MDUzN1owEDEOMAwGA1UEBhMFVUsgQ04w\nWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASG6ijAvbmaIaIwKpZZqTeKmMKfoOPb\ncCK/BqdtKXVTt5AjJtiP/Uoq+481UEQyaUZYXGf5rC1owjT40U2B71qdoyAwHjAP\nBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBrjAKBggqhkjOPQQDAgNIADBFAiEA\n1h6WEfdWUXSjBcenf5ycXPkYQQzI92I54q2WaVVjQHwCIEBk1ov/hYp9RCCDPnJx\nk8WgCZIyhFe0pEmow7MuI/Zk\n-----END CERTIFICATE-----"
} } }' https://localhost:8888/api/v5_2/membership/EF19BF67E77C

Alternatively, using jq:

curl -k -u $REST_API_USER:$REST_API_PASSWORD -d $(
  jq --arg session_key_id $SESSION_KEY_ID '.memberRegistrationRequest.context."corda.session.keys.0.id"=$session_key_id' | \
  jq --arg ecdh_key_id $ECDH_KEY_ID '.memberRegistrationRequest.context."corda.ecdh.key.id"=$ecdh_key_id' | \
  jq '.memberRegistrationRequest.context."corda.group.protocol.registration"="net.corda.membership.impl.registration.dynamic.member.DynamicMemberRegistrationService"' | \
  jq '.memberRegistrationRequest.context."corda.group.protocol.synchronisation"="net.corda.membership.impl.synchronisation.MemberSynchronisationServiceImpl"' | \
  jq '.memberRegistrationRequest.context."corda.group.protocol.p2p.mode"="Authenticated_Encryption"' | \
  jq '.memberRegistrationRequest.context."corda.group.key.session.policy"="Distinct"' | \
  jq '.memberRegistrationRequest.context."corda.group.pki.session"="NoPKI"' | \
  jq '.memberRegistrationRequest.context."corda.group.pki.tls"="Standard"' | \
  jq '.memberRegistrationRequest.context."corda.group.tls.version"="1.3"' | \
  jq '.memberRegistrationRequest.context."corda.group.key.session.policy"="Distinct"' | \
  jq --arg p2p_url "https://$P2P_GATEWAY_HOST:$P2P_GATEWAY_PORT" '.memberRegistrationRequest.context."corda.endpoints.0.connectionURL"=$p2p_url' | \
  jq '.memberRegistrationRequest.context."corda.endpoints.0.protocolVersion"="1"' | \
  jq --rawfile root_certicicate /tmp/ca/ca/root-certificate.pem '.memberRegistrationRequest.context."corda.group.trustroot.tls.0"=$root_certicicate' \
) $REST_API_URL/membership/$MGM_HOLDING_ID

To register the MGM using PowerShell, run this command:

$REGISTER_RESPONSE = Invoke-RestMethod -SkipCertificateCheck  -Headers @{Authorization=("Basic {0}" -f $AUTH_INFO)} -Method Post -Uri "$REST_API_URL/membership/$MGM_HOLDING_ID" -Body (ConvertTo-Json -Depth 4 @{
    memberRegistrationRequest = @{
        context = $REGISTRATION_CONTEXT
    }
})
$REGISTER_RESPONSE.registrationStatus

Registration should return a successful response with the status SUBMITTED. You can confirm that the MGM was onboarded successfully by checking the status of the registration request. The registration ID is returned from the member registration request:

export REGISTRATION_ID=<registration-ID>
curl -k -u $REST_API_USER:$REST_API_PASSWORD -X GET $REST_API_URL/membership/$MGM_HOLDING_ID/$REGISTRATION_ID
Invoke-RestMethod -SkipCertificateCheck  -Headers @{Authorization=("Basic {0}" -f $AUTH_INFO)} -Uri "$REST_API_URL/membership/$MGM_HOLDING_ID/${RESGISTER_RESPONSE.registrationId}"

The status returned for the registration request will be one of the following:

  • APPROVED: The registration request passed all validations and was approved by the MGM.
  • NEW: The member’s Corda cluster A complete set of worker processes. Clusters require a fully functioning virtual node infrastructure. has accepted and persisted the registration request submitted via the REST API but is yet to process it.
  • INVALID: The member’s Corda cluster processed the registration request submitted via the REST API and determined the input to be invalid and did not attempt to send the request to join the network to the MGM’s Corda cluster.
  • SENT_TO_MGM: The member’s Corda cluster processed the registration request submitted via the REST API and found the input to be valid so the request to join the network was forwarded to the MGM’s Corda cluster.
  • RECEIVED_BY_MGM: The MGM has received the registration request.
  • DECLINED: The MGM has received the registration request and it was rejected either automatically because of failed validation or manually by the Network Operator.
  • PENDING_AUTO_APPROVAL: The MGM has received the registration request and all automated validations were successful. The only remaining step is for the MGM to complete an automated approval before the member’s registration request takes effect.
  • PENDING_MANUAL_APPROVAL: The MGM has received the registration request and all automated validations were successful. The only remaining step is for the Network Operator to review and approve the registration via the REST API before the member’s registration request takes effect. To view requests pending manual approval, see Viewing Requests Pending Manual Approval.
  • PENDING_MEMBER_VERIFICATION: The MGM has completed initial validation of the registration request and is now waiting for the registering member to respond to a P2P message in order to validate the provided session initiation key The key for a virtual node, which is published in the `MemberInfo`, and used by Link Managers to authenticate and establish secure messaging sessions between network members. and P2P endpoint.
  • FAILED: The registration request submitted via the REST API passed initial validation on the member’s cluster but failed to be sent to the MGM.

Was this page helpful?

Thanks for your feedback!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

We're sorry this page wasn't helpful. Let us know how we can make it better!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Create an issue

Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.