Local signing - API - Transaction (text) signing using Swedish BankID
Prerequisites
- BankID test client certificate (FPTestcert2_20150818_102329.p12 for test environments)
- BankID customer client certificate (for production environments)
- Access to BankID infrastructure from PhenixID Server
- Access to BankID infrastructure from Mobile device
- Access to BankID infrastructure from Client
- Signing Service installed
- The reader of this document should have some basic knowledge about PhenixID Server.
- Changes will be made to the file phenix-store.json, so please make sure to have a backup of this file.
Authentication
It is recommended to add authentication to the API. These authentication methods are supported:
- Client certificate (recommended).
Use a reverse proxy to add client certificate authentication. Add valves to the pipe(s) to verify the certificate.
- Basic authentication
Add valves to the pipes to perform basic authentication verification.
Add local sign-api module
- Login to configuration manager
- Click the Advanced tab
- Open Modules (click on the pen)
- Add this module:
{
"module": "com.phenixidentity~phenix-signing-api",
"enabled": "true",
"config": {
"tenant": [
{
"id": "t1",
"displayName": "Tenant1",
"allowedPipe": [
"bankidsign",
"bankidcollect"
]
}
]
},
"id": "signapi_module"
}- Click Stage Changes and Commit Changes
- Open NODE_GROUPS (click on the pen)
- Add id of the newly added module to module_refs. Example below.
{
"name": "default",
"description": "Default node group (created automatically) - all nodes belong to this group",
"config": {
"module_refs": "signapi_module,sealapp,signapp_1,......"
},
"created": "2017-07-03T11:38:03.135Z",
"id": "493afd0e-0fe8-40e4-b1a1-a24a5e2df6e2",
"modified": "2017-07-03T14:39:43.257Z"
}- Click Stage Changes and Commit Changes
Add BankID certificate
- Add the BankID certificate (to connect to BankID backend) using the scenario Federation->Keystore->Add keystore.
- Copy the ID of the keystore. This will be used in later step.
Add pipes to trigger BankID signing and collect signature
- Click the Advanced tab
- Open Pipes (click on the pen)
- Add these pipes. Change these properties to suit your environment:
- bankid_keystore -> The id value copied in previous step.
{ "id": "bankidsign", "description": "sign with bankid", "valves": [ { "name": "BankIDSignValve", "config": { "bankid_keystore" : "myID", "mode": "test","version": "v6.0", "user_visible_data": "{{request.userVisibleData}}", "user_non_visible_data": "{{request.userNonVisibleData}}","user_visible_data_format": "simpleMarkdownV1", "client_ip_request_param": "X-Forwarded-For" } } ] }, { "id": "bankidcollect", "description": "Collect", "valves": [ { "name": "BankIDCollectSignatureValve", "config": { "bankid_keystore" : "myID", "mode": "test","version":"v6.0" "transactionID": "{{request.transactionID}}", "customerID": "{{request.tenant}}" } }, { "name": "BankIDCompatCollectValve", "config": {} } ] }
- Click Stage Changes and Commit Changes
Test
Use a HTTP rest client for testing and debugging. Follow this document to structure the HTTP requests properly.