PhenixID DocumentationPhenixID Signing ServicesPhenixID Signing Service 2.8 ConfigurationLocal signing - API - Transaction (text) signing using Swedish BankID

Local signing - API - Transaction (text) signing using Swedish BankID

Prerequisites

- BankID test client certificate (FPTestcert2_20150818_102329.p12 for test environments)

- BankID customer client certificate (for production environments)

- Access to BankID infrastructure from PhenixID Server

- Access to BankID infrastructure from Mobile device

- Access to BankID infrastructure from Client

- Signing Service installed

- The reader of this document should have some basic knowledge about PhenixID Server.

- Changes will be made to the file phenix-store.json, so please make sure to have a backup  of this file.

Authentication

It is recommended to add authentication to the API. These authentication methods are supported:

- Client certificate (recommended).
Use a reverse proxy to add client certificate authentication. Add valves to the pipe(s) to verify the certificate.

- Basic authentication
Add valves to the pipes to perform basic authentication verification.

Add local sign-api module

- Login to configuration manager

- Click the Advanced tab

- Open Modules (click on the pen)

- Add this module:

{
		"module": "com.phenixidentity~phenix-signing-api",
		"enabled": "true",
		"config": {
			"tenant": [
				{
					"id": "t1",
					"displayName": "Tenant1",
					"allowedPipe": [
						"bankidsign",
						"bankidcollect"
					]
				}
			]
		},
		"id": "signapi_module"
	}

- Click Stage Changes and Commit Changes

- Open NODE_GROUPS (click on the pen)

- Add id of the newly added module to module_refs. Example below.

{
		    "name": "default",
        "description": "Default node group (created automatically) - all nodes belong to this group",
		"config": {
			"module_refs": "signapi_module,sealapp,signapp_1,......"
		},
		"created": "2017-07-03T11:38:03.135Z",
		"id": "493afd0e-0fe8-40e4-b1a1-a24a5e2df6e2",
		"modified": "2017-07-03T14:39:43.257Z"
	}

- Click Stage Changes and Commit Changes


 

Add BankID certificate

- Add the BankID certificate (to connect to BankID backend) using the scenario Federation->Keystore->Add keystore.

- Copy the ID of the keystore. This will be used in later step.

Add pipes to trigger BankID signing and collect signature

- Click the Advanced tab

- Open Pipes (click on the pen)

- Add these pipes. Change these properties to suit your environment:

- bankid_keystore -> The id value copied in previous step.

{
"id": "bankidsign",
"description": "sign with bankid",
"valves": [
        {
          "name": "BankIDSignValve",
          "config": {
              "bankid_keystore" : "myID",
              "mode": "test",
              "pnr": "{{request.pnr}}",
              "user_visible_data": "{{request.userVisibleData}}",
              "user_non_visible_data": "{{request.userNonVisibleData}}",
              "client_ip_request_param": "X-Forwarded-For"
        }
     }
   ]
},
{
		"id": "bankidcollect",
		"description": "Collect",
		"valves": [
			{
				"name": "BankIDCollectSignatureValve",
				"config": {
					"bankid_keystore" : "myID",
					"mode": "test",
					"transactionID": "{{request.transactionID}}",
					"customerID": "{{request.tenant}}"
				}
			}
		]
	}

- Click Stage Changes and Commit Changes

Test

Use a HTTP rest client for testing and debugging. Follow this document to structure the HTTP requests properly.