FrejaEIDAuthenticatorSAML

This document describes how to configure FrejaEIDAuthenticatorSAML.

A keystore should have been received from Freja eID and imported into PhenixID Server before configuration of the authenticator. The keystore contains a certificate that allows the Freja eID server to verify requests from the PAS authenticator.

Please follow this document to import the keystore.


Properties

Name Description Default value Mandatory
success_template Template to use for user interface (username and password prompt). login.template No
pipeID Id of pipe used by Freja eID Authenticator. Yes
idpID Id of idp configured for Freja eID. Yes
keyStore ID of the keyStore created in PhenixID Server. Yes
trustStore ID of the trustStore based on the public trusted certificates from Verisec. Yes
test_mode Test mode, connecting to Verisec test environment false No

General description

When a SAML SP sends an authentication request to this authenticator, the authenticator will in turn send an authentication request to the Freja eID server for the specified username. If the user has enrolled a device at the Freja eID server, that device will receive a request from the Freja eID server to allow or deny the authentication. The authenticator will regularly check the server for a response from the user, until a response is received or a timeout limit is reached.  If the authentication request is allowed by the user, the user will be allowed to the requested resource.

The keystore

In order for the authenticator to act as a client to the Freja eID server, triggering authentication requests and polling the server for user responses, a keystore with a certificate is necessary. The certificate is provided by Freja eID and must be kept secure. For instructions of how to upload the keystore to the PAS server, see here. The resulting configuration, as seen in the Advanced view, can be seen below.

<p>{
    "id" : "a9bdfe2c-9a0b-4165-8d6d-0ae3f2ec7d9e",
    "type" : "pkcs12",
    "password" : "keystore password",
    "certificateAlias" : "xxxx",
    "privateKeyPassword" : "keystore password",
    "resource" : "c9be2a3b-f3c0-471a-9f87-15ede5d55498",
    "name" : "freja"
  }</p>

The truststore

In order for the PAS server to ensure that it is connecting to the correct Freja eID server, it is necessary to provide a truststore with public certificates

You have to add the add the certificate chain that the above client cert is created from.
This part has to be added manually in the Advanced view.

Open the Keystores part with the pen and add following code at the end.

<p>{
    "id": "frejaeid-truststore",
    "resource": "frejaeid-resource",
    "name": "Verisec Certificate Chain",
    "certificateAlias": "0",
    "type": "pkcs12"
}</p>

Stage and Commit and then open the Resources part with it´s pen.

Add the following code, Stage and Commit.

<p>{
    "description": "Verisec Certificate Chain",
    "id": "frejaeid-resource",
    "content_type": "application/x-pkcs12",
    "content_encoding": "base64",
    "content": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjVENDQTFtZ0F3SUJBZ0lVQy90NG0zcXM3YU4yWHdlMTlzSUVLSDE4ZXd3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZTXhDekFKQmdOVkJBWVRBbE5GTVJJd0VBWURWUVFIRXdsVGRHOWphMmh2YkcweEZEQVNCZ05WQkdFVApDelUxT1RFeE1DMDBPREEyTVIwd0d3WURWUVFLRXhSV1pYSnBjMlZqSUVaeVpXcGhJR1ZKUkNCQlFqRU5NQXNHCkExVUVDeE1FVkdWemRERWNNQm9HQTFVRUF4TVRVbE5CSUZSRlUxUWdTWE56ZFdsdVp5QkRRVEFlRncweE9EQXgKTVRFeE1URTFNakphRncweU16QXhNVEV4TVRFMU1qSmFNSUdLTVFzd0NRWURWUVFHRXdKVFJURVNNQkFHQTFVRQpCeE1KVTNSdlkydG9iMnh0TVJRd0VnWURWUVJoRXdzMU5Ua3hNVEF0TkRnd05qRWRNQnNHQTFVRUNoTVVWbVZ5CmFYTmxZeUJHY21WcVlTQmxTVVFnUVVJeERUQUxCZ05WQkFzVEJGUmxjM1F4SXpBaEJnTlZCQU1UR25ObGNuWnAKWTJWekxuUmxjM1F1Wm5KbGFtRmxhV1F1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQgpDZ0tDQVFFQWc4RTVDaUZlb3QxTUpQYjZ0RHdTT2dmdWRGMjlTZUNsQkdESzB4UG9ueDRXczh1VVFrRlpCeHh6CnJpbGVtNUhQZjF2ZytlamVjTUd0dFgybXpRK2pXY3dEVXpmSjYvM0tONWtBaWF0U04xVFdiWU1NTEt2cGZxTW0KWWNsTEd5NFBFcDJZdkx6YjN3OUY4VTAyU1dSS2ZOTjFXQk1vRnlsNUhEYURkVnhveTV5UWNlUG15QjFMTW52bwptNXhPVHR1QjBIZ283ZWpFeFNNUnlVSzhtRTJmMGszVDZ2N2RRMWJzS09mTW14U25GKzFJNWJwY2JFdGJCVDRpCkFrc2dxVWtPcWN6V21MZlFKczVZRkUvYk1jQklwRGNmU0xtU2VWRU9UbFBiTmY3ZTk4TnhVVmIzVHk3YitCbmQKZS96ZkIrRi9UQUlmVlpzM3YwR3p0b2t0Z25oR1NRSURBUUFCbzRIVE1JSFFNQTRHQTFVZER3RUIvd1FFQXdJRgo0REFNQmdOVkhSTUJBZjhFQWpBQU1COEdBMVVkSXdRWU1CYUFGR3A4aWcrZGNBNGMybDh0b0R3bVg0am9GYitjCk1CSUdBMVVkSUFRTE1Ba3dCd1lGS2dNRUJRZ3dQUVlEVlIwUkJEWXdOSUlhYzJWeWRtbGpaWE11ZEdWemRDNW0KY21WcVlXVnBaQzVqYjIyQ0ZtRjFkR2d1ZEdWemRDNW1jbVZxWVdWcFpDNWpiMjB3SFFZRFZSME9CQllFRkVkNwpoNXlra3dyblV1ekp5bk9JbkN2M0dVenlNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNECkFUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUF3cFJhSUM3c2k1MzNZWU5MM3dPZnV0SjR0d0YxcjhPajVwakgKUkpUTjhKcXdDeUl0d3NnZ2ZGYjk5YklJMEpMYzFDNWh6ZEQrVlNja3ltamY1bVNCQVBLNHV3cWxzWmdtblhvNApxbTJGUkdiZThDRnU1d3ZDWk1xTU43YTJOZytIeStZUWNEVmNueGs0UWZCNSszYTZ0R253OTFrMzYvVldDNGZ5Ck5ZSFJYbWhXWXJxNFNrUFZpc2c2dE8wRHpTRnNleVNQQWc4aTY5TmduMU54V2pWVU9uSkduZUZnNy9WV3RkMXMKYWU5Mlg0eDdoY2UyYmRJYm81MHlSSGZxeVVuU3hpdlRIL216VXVpT2daSFlDbzh4c3V2cDlCWTdPVVI5bzJKagpMbjlSWnpaOVVmRVBmQWI0amJWblR3MG83L1E0dFBvU1ZscGJId1E1ZWVlSUxyR0hYQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdNekNDQkJ1Z0F3SUJBZ0lVUEI0clVxRkZpRzZnNjdhK2NMQ0JDdVRreEdRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VURUxNQWtHQTFVRUJoTUNVMFV4RXpBUkJnTlZCQW9UQ2xabGNtbHpaV01nUVVJeEVqQVFCZ05WQkFzVApDVVp5WldwaElHVkpSREVaTUJjR0ExVUVBeE1RVWxOQklGUmxjM1FnVW05dmRDQkRRVEFlRncweE56QTFNVEF4Ck5ESTJNREJhRncwME56QTFNVEF4TkRJMk1EQmFNRkV4Q3pBSkJnTlZCQVlUQWxORk1STXdFUVlEVlFRS0V3cFcKWlhKcGMyVmpJRUZDTVJJd0VBWURWUVFMRXdsR2NtVnFZU0JsU1VReEdUQVhCZ05WQkFNVEVGSlRRU0JVWlhOMApJRkp2YjNRZ1EwRXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDNm42SXZKY09JCnk5eTR4NFlabGNEWVdHQU5abi81OGFRcS8rcS8ySU9oZXFIN3BmcWYwMEZyWm1URnpYUVRJNGtvUFVPcGFnWU0KRVNHNk1MbGdXN2FrQ25BM1Y1ZHVFdkdCSmdBUjZGbGRhaXdkSE1xV0JLTGI1cHZvQzIvdWN6U05pZStwRWlkUQp1aitPaDVNd1VDSld4NG4yZkxvSk1UUDRMYjFueEZRWHpDalJNV0oxdzNwTSszbURZSnp2TEZoVjJVcjdRQkFkCkpqR0dQQ3ByRGRSRWZ6YW5tN0pnNW1GdGR0Yk1QUG9iTVZES1JpQ3ZmWExhdkU0VWV1cEpGMlJkZzUzMHRwYUoKTWI2bSsrT3NGTU40c0hxMEhVWWlZSXdldGRteFkzVzJkcEtKam1MN3BQUHByY3BuSHFjaTlhM04zMmFqY2xwVgpaN2MwamZ1d0N3ays2RUZZUk5tQ2tLRWtNclNlOHdyOHR1SDRGWXdoVFFDc0ZRZUFXVWFXelNsMjlJZWxteDM4Ck90K2czYVV3OExabHRaek1ZaGFrMjU3Yng0THFmcjIzZWRqejJnNDUvREVrNUgyL3pzdkVHbndxNzN4dHBBSloKclpIU3FndWd3UHFMaEN4S3M5M2FidVNoTWFzOTJDTDdqdUFwNEZqWXpqQlM4NXFRbkhoeFZGemlHb3l2dFVVMwpZUzZaTmFlOTZLYmdXN0tqZDcyaS93ZlVOSktkRjJRQUtXSUpZTDgwYlE5bTJ3K3NMNlROZC90UkczT1hXSkhECnByS1JUWUtpVzJuWnhEb1g0Q2xzTk1XajJpS1BhR3RibDZ0bVpwUkxadGpzOHM5bEFpTkJRZDBYcXRUc3l5ci8KMys4QWZuaHMrREc1NUE0LzkxRGRhWGxEQTRVYnBqWnBEUUlEQVFBQm80SUJBVENCL2pBT0JnTlZIUThCQWY4RQpCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkF6Q0J1QVlEVlIwZ0JJR3dNSUd0TUlHcUJnVXFBd1FGCkJqQ0JvREE0QmdnckJnRUZCUWNDQVJZc2FIUjBjSE02THk5amNITXVkR1Z6ZEM1bWNtVnFZV1ZwWkM1amIyMHYKWTNCekwybHVaR1Y0TG1oMGJXd3daQVlJS3dZQkJRVUhBZ0l3V0F4V1ZHaHBjeUJqWlhKMGFXWnBZMkYwWlNCbwpZWE1nWW1WbGJpQnBjM04xWldRZ0lHbHVJR0ZqWTI5eVpHRnVZMlVnZDJsMGFDQjBhR1VnUm5KbGFtRWdaVWxFCklGUkZVMVFnVUc5c2FXTjVJRU52Ym5SeWIyd3dIUVlEVlIwT0JCWUVGTXF3N0xsWHc1dzlyVG1LRS9yd05icnMKREhlS01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQk9HSTJZNHVYUWVBTVNzd0VTc0lzYkY0UmxrdklRaUdDZAprd3Q3T3pwZmlSY09Rbmt4bTlybHBkUHRDN01halZJNm93dFp3VDZCU0cwam15VUZMaWhwNFZCMDJWTTAyeGtjCllzU0QvNThWK0dmLzFpRWpnUWduTmp6OVo1YlVSR1VpUEs5VFdyY2hpN0UyTUxseVNlSEFFSlVVMXU1aHdVMFYKKzBoUTRTK0VFWkJZZk9WNVdhb0ZtYTJZWEZUU1NDSHR6bUcrT01oSXRnZXZKRnQrT0x5bU9UZXd1Rjd2NHZjUApQVnlVQjlpRWdhd0V3cGpKRUJ0YXhrbUlhSnY0Si9jOTJLS0hjVEt4cjhFYVBmT2w0dDNVQ0htUUxnbkNFRy8zCkhuNktnTnNINlJDT21ab2pkVGY1dndRWjJCN0FjYlZvelUvbm9KWjFvNkM0b1J0NVBrVEVkU25BbVg4cGY0TW4KTlhZbXhQcFhFN0tsRWF6THg5cG9CR1ZvYkNuMFgzRisxQTVwRUhmWThPeS9FT0tjMytac3dXMjk0QXVXQ3MvbgpIbGFtV1BTK2pxTktXM3Fqak5LNkZaczcySUVDdWY5T1NONUJ2RHJVc1c0NGIwWTZvR0lVZXZPdGV4QVhpQldWClNLVDlHc29qcmxZMzZYME8zK2xra3F0VzRhZWExMXFpM29Heis5aVhjUFFlZUQ3a2dma3N6U1lLa245V0IxWVQKai9scFpUbGY5RGx4QTUrK3V1M0dycHg3cVJkQ2xFYkRmNVEySExJU1dWd2lyb2N5U0d6aDR3QUNGSGk2aVFqbgpzcm56SHU5NjhNdE9uTjZGUXQ5elBaeGFSWXJ6THBWLzl5eWFoOWpZWXVMRklHamUreXpBbjVNOE9SVjVwMUF0CkZ2alRSZkg1b0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlHT0RDQ0JDQ2dBd0lCQWdJVWR4T0NNMFNoWUdTUkg2dUhSTVhqOWJLa2dWNHdEUVlKS29aSWh2Y05BUUVMCkJRQXdVVEVMTUFrR0ExVUVCaE1DVTBVeEV6QVJCZ05WQkFvVENsWmxjbWx6WldNZ1FVSXhFakFRQmdOVkJBc1QKQ1VaeVpXcGhJR1ZKUkRFWk1CY0dBMVVFQXhNUVVsTkJJRlJsYzNRZ1VtOXZkQ0JEUVRBZUZ3MHhOekExTVRjeApORFF5TlRKYUZ3MHlOekExTVRjeE5EUXlOVEphTUlHRE1Rc3dDUVlEVlFRR0V3SlRSVEVTTUJBR0ExVUVCeE1KClUzUnZZMnRvYjJ4dE1SUXdFZ1lEVlFSaEV3czFOVGt4TVRBdE5EZ3dOakVkTUJzR0ExVUVDaE1VVm1WeWFYTmwKWXlCR2NtVnFZU0JsU1VRZ1FVSXhEVEFMQmdOVkJBc1RCRlJsYzNReEhEQWFCZ05WQkFNVEUxSlRRU0JVUlZOVQpJRWx6YzNWcGJtY2dRMEV3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFNVaEdECkhIcHFocDlPbUEyZjhIaktIZCtKSkR0ZXhyVlFldHladWpaZmlnOFVWNnk4NW5FY0F3N0ZoMWtFRzlJM0pIZS8KUE5tQkwveTlOYVJicXl3Z1I4ZXZVMGw1d1NCbGV2R2VsejlIK25lR1ZFRnZLa0htRk92cjdmN2M1YlZXYS9VUgp6VG1DZldBb2xLdlkrQXdLbElrZFRFMWVwdG44TTk0MFlGdlVVTEJoTGFEU1pYTmh2djZFWlQ5dzJ4VFQ0WnlICndkOGZhTGZFdnRHcysxM0tyQWh1dGFKSllZNlhxMEZuOVE3MXNYL3g1VDdkRzVJblNpRVBZTmdnVzlwUlZreDYKMW1kYnBpejZ3YUdzTnJNbzB3T3lYOC93ZnB0Z1E4MUI0QlVuS1Q4OUYzTk9oOU03WkpOOStzUnRYMGtXTExSWgpTTitSZzFZeTczRDY4QjB4QWdNQkFBR2pnZ0hUTUlJQnp6QU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUCkFRSC9CQWd3QmdFQi93SUJBREJQQmdnckJnRUZCUWNCQVFSRE1FRXdQd1lJS3dZQkJRVUhNQUdHTTJoMGRIQTYKTHk5eWIyOTBZMkZzWVdJek1TNTBaWE4wTG1aeVpXcGhaV2xrTG1OdmJUbzROemMzTDJGa2MzTXZiMk56Y0RBZgpCZ05WSFNNRUdEQVdnQlRLc095NVY4T2NQYTA1aWhQNjhEVzY3QXgzaWpDQnVBWURWUjBnQklHd01JR3RNSUdxCkJnVXFBd1FGQmpDQm9EQTRCZ2dyQmdFRkJRY0NBUllzYUhSMGNITTZMeTlqY0hNdWRHVnpkQzVtY21WcVlXVnAKWkM1amIyMHZZM0J6TDJsdVpHVjRMbWgwYld3d1pBWUlLd1lCQlFVSEFnSXdXQXhXVkdocGN5QmpaWEowYVdacApZMkYwWlNCb1lYTWdZbVZsYmlCcGMzTjFaV1FnSUdsdUlHRmpZMjl5WkdGdVkyVWdkMmwwYUNCMGFHVWdSbkpsCmFtRWdaVWxFSUZSRlUxUWdVRzlzYVdONUlFTnZiblJ5YjJ3d1hRWURWUjBmQkZZd1ZEQlNvRkNnVG9aTWFIUjAKY0RvdkwzSnZiM1JqWVd4aFlqTXhMblJsYzNRdVpuSmxhbUZsYVdRdVkyOXRPamczTnpjdllXUnpjeTlqY214egpMMlp5WldwaFpXbGtYM0p6WVY5eWIyOTBYMk5oTG1OeWJEQWRCZ05WSFE0RUZnUVVhbnlLRDUxd0RoemFYeTJnClBDWmZpT2dWdjV3d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFHekhrRWtWRE1xY0ErR1JUQXZXMk9XMXREWm8KRmxqTSt3MUF1UXozODBrbU1hbUFsNGYrSW13M1VzVDNKaFhQWmFKTlZvZnFQQk8vRmlvb085bVBJZjhqTXhyeApMZm0vcC8ybjlLNDlSWXdnUk5Ed1Z5VzU5YzFIMGp2SGVQcGZhUnRQUzJvdjBlSStRU012azE0L3BoSXYvYmtOCmQrME9WcDBxZ1RWVFR3d0F2VVFKMlA5Y0RLM09JajdIMHZKaGh3N3V4NjZnTk1IZitJbkVScmJ1MFNpNXJRZW0KU2FmYVFUUzZOMFFOdEpWQWFmUllETS9GVE9kUHVsYnhrYmt0eWJqTWlEVHVKM012aHFLdjV6Q1I4bm9Zd0VCUApWcmVQQXZnNmJ3YjBLMWFDQVFtNElzV0JDS0Y0dDZzcWpydmFxLzNqVW8rTTY1VHAwQUtUS240QjhubVR2R3Y5CmxUNFBnc0NUd3dYYklVY1c1cmZzbUU5d1ZwUmZpZUc3R3g2MnlkSFBsSVBrVENoVXpzL2pvanU4c3lrVm5zc0YKMVlEcVFsZ01hMlNwK2t4NWk3ZWlqWDFlamNKaCtwbXVRVFFuWGo2c0RKcnk4MU90cURPN0Q3RGhhVUhmR0xpbAptWHVyQW9sdWptbGw1TWFiZEJFcTNFNFRUZWJ2djZXU05wRVl3UTFTKzhlRSs5c2xMbm1oUjJSU05wV0dEUS9sCld3Rm9Bc1RDakcrZTlmNTdtR1VsbVNlVTZ6RVJJeGllRVI3d01NN0VhcVdhWW82SmJlT2h1c2JkVFUvTG1zeUEKOGZaWXArZ24vRk04V2w4ZWgxcWovR0ljQWREQUlPM2s4bXFBOThzV1I3TXg1dmdkUk5jbXBDdE9ReHhpaWpDNwpNUmJZS2VCazRIT3RYdzllCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdNekNDQkJ1Z0F3SUJBZ0lVUEI0clVxRkZpRzZnNjdhK2NMQ0JDdVRreEdRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VURUxNQWtHQTFVRUJoTUNVMFV4RXpBUkJnTlZCQW9UQ2xabGNtbHpaV01nUVVJeEVqQVFCZ05WQkFzVApDVVp5WldwaElHVkpSREVaTUJjR0ExVUVBeE1RVWxOQklGUmxjM1FnVW05dmRDQkRRVEFlRncweE56QTFNVEF4Ck5ESTJNREJhRncwME56QTFNVEF4TkRJMk1EQmFNRkV4Q3pBSkJnTlZCQVlUQWxORk1STXdFUVlEVlFRS0V3cFcKWlhKcGMyVmpJRUZDTVJJd0VBWURWUVFMRXdsR2NtVnFZU0JsU1VReEdUQVhCZ05WQkFNVEVGSlRRU0JVWlhOMApJRkp2YjNRZ1EwRXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDNm42SXZKY09JCnk5eTR4NFlabGNEWVdHQU5abi81OGFRcS8rcS8ySU9oZXFIN3BmcWYwMEZyWm1URnpYUVRJNGtvUFVPcGFnWU0KRVNHNk1MbGdXN2FrQ25BM1Y1ZHVFdkdCSmdBUjZGbGRhaXdkSE1xV0JLTGI1cHZvQzIvdWN6U05pZStwRWlkUQp1aitPaDVNd1VDSld4NG4yZkxvSk1UUDRMYjFueEZRWHpDalJNV0oxdzNwTSszbURZSnp2TEZoVjJVcjdRQkFkCkpqR0dQQ3ByRGRSRWZ6YW5tN0pnNW1GdGR0Yk1QUG9iTVZES1JpQ3ZmWExhdkU0VWV1cEpGMlJkZzUzMHRwYUoKTWI2bSsrT3NGTU40c0hxMEhVWWlZSXdldGRteFkzVzJkcEtKam1MN3BQUHByY3BuSHFjaTlhM04zMmFqY2xwVgpaN2MwamZ1d0N3ays2RUZZUk5tQ2tLRWtNclNlOHdyOHR1SDRGWXdoVFFDc0ZRZUFXVWFXelNsMjlJZWxteDM4Ck90K2czYVV3OExabHRaek1ZaGFrMjU3Yng0THFmcjIzZWRqejJnNDUvREVrNUgyL3pzdkVHbndxNzN4dHBBSloKclpIU3FndWd3UHFMaEN4S3M5M2FidVNoTWFzOTJDTDdqdUFwNEZqWXpqQlM4NXFRbkhoeFZGemlHb3l2dFVVMwpZUzZaTmFlOTZLYmdXN0tqZDcyaS93ZlVOSktkRjJRQUtXSUpZTDgwYlE5bTJ3K3NMNlROZC90UkczT1hXSkhECnByS1JUWUtpVzJuWnhEb1g0Q2xzTk1XajJpS1BhR3RibDZ0bVpwUkxadGpzOHM5bEFpTkJRZDBYcXRUc3l5ci8KMys4QWZuaHMrREc1NUE0LzkxRGRhWGxEQTRVYnBqWnBEUUlEQVFBQm80SUJBVENCL2pBT0JnTlZIUThCQWY4RQpCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkF6Q0J1QVlEVlIwZ0JJR3dNSUd0TUlHcUJnVXFBd1FGCkJqQ0JvREE0QmdnckJnRUZCUWNDQVJZc2FIUjBjSE02THk5amNITXVkR1Z6ZEM1bWNtVnFZV1ZwWkM1amIyMHYKWTNCekwybHVaR1Y0TG1oMGJXd3daQVlJS3dZQkJRVUhBZ0l3V0F4V1ZHaHBjeUJqWlhKMGFXWnBZMkYwWlNCbwpZWE1nWW1WbGJpQnBjM04xWldRZ0lHbHVJR0ZqWTI5eVpHRnVZMlVnZDJsMGFDQjBhR1VnUm5KbGFtRWdaVWxFCklGUkZVMVFnVUc5c2FXTjVJRU52Ym5SeWIyd3dIUVlEVlIwT0JCWUVGTXF3N0xsWHc1dzlyVG1LRS9yd05icnMKREhlS01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQk9HSTJZNHVYUWVBTVNzd0VTc0lzYkY0UmxrdklRaUdDZAprd3Q3T3pwZmlSY09Rbmt4bTlybHBkUHRDN01halZJNm93dFp3VDZCU0cwam15VUZMaWhwNFZCMDJWTTAyeGtjCllzU0QvNThWK0dmLzFpRWpnUWduTmp6OVo1YlVSR1VpUEs5VFdyY2hpN0UyTUxseVNlSEFFSlVVMXU1aHdVMFYKKzBoUTRTK0VFWkJZZk9WNVdhb0ZtYTJZWEZUU1NDSHR6bUcrT01oSXRnZXZKRnQrT0x5bU9UZXd1Rjd2NHZjUApQVnlVQjlpRWdhd0V3cGpKRUJ0YXhrbUlhSnY0Si9jOTJLS0hjVEt4cjhFYVBmT2w0dDNVQ0htUUxnbkNFRy8zCkhuNktnTnNINlJDT21ab2pkVGY1dndRWjJCN0FjYlZvelUvbm9KWjFvNkM0b1J0NVBrVEVkU25BbVg4cGY0TW4KTlhZbXhQcFhFN0tsRWF6THg5cG9CR1ZvYkNuMFgzRisxQTVwRUhmWThPeS9FT0tjMytac3dXMjk0QXVXQ3MvbgpIbGFtV1BTK2pxTktXM3Fqak5LNkZaczcySUVDdWY5T1NONUJ2RHJVc1c0NGIwWTZvR0lVZXZPdGV4QVhpQldWClNLVDlHc29qcmxZMzZYME8zK2xra3F0VzRhZWExMXFpM29Heis5aVhjUFFlZUQ3a2dma3N6U1lLa245V0IxWVQKai9scFpUbGY5RGx4QTUrK3V1M0dycHg3cVJkQ2xFYkRmNVEySExJU1dWd2lyb2N5U0d6aDR3QUNGSGk2aVFqbgpzcm56SHU5NjhNdE9uTjZGUXQ5elBaeGFSWXJ6THBWLzl5eWFoOWpZWXVMRklHamUreXpBbjVNOE9SVjVwMUF0CkZ2alRSZkg1b0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t"
}</p>

The information in the content property is the .cer version of the root and intermediate certificates "Freja eID Production Root",  "Freja eID Production Issuing CA" and the corresponding test certificates concatenated into one file. That file has has then been base64 encoded to fit in the content property above

Configuring the authenticator

Start by configuring the scenario, Federation - Username and password, according to this instruction.
See information about values for the scenario below.

When done, go  to the Advanced tab and locate the Authentication - HTTP entry, that was configured in the previous "Federation - Username and password" scenario.

Change the value of the name parameter from "PostUidAndPasswordSAML" to "FrejaEIDAuthenticatorSAML".

Example Freja eID SAMLAuthenticator

In PhenixID configuration portal, go to advanced and click on the pencil next to "Authentication - HTTP".

Authenticator should look similar to this:

<p>{
        "id": "13d61f3d-3b41-49d9-ba7c-24a3b3b8911e",
        "alias": "Freja2018",
        "name": "FrejaEIDAuthenticatorSAML",
        "displayName": "SAMLUidPwd",
        "configuration": {
            "success_template": "samlconsent",
            "pipeID": "ff6cb2b4-101c-4734-b1bf-eb61526257c9",
            "idpID": "459256d5-fb72-4bf6-8628-229a2f091c2f",
            "keyStore": "b3d10a11-e325-4c6b-89e9-66bc2b240b81",
            "trustStore": "frejaeid-truststore"
        }
    }</p>

Add the keyStore parameter and value to the configuration. The value for keyStore can be found in PhenixID configuration portal, under Scenarios and then Federation, Keystore. Use the ID of the keystore created/imported earlier.

When done click Stage changes and Commit changes.

Configure the execution flow

Open the Execution flow tab and expand the flow.

Delete valve #1 (InputParameterExistValidatorValve), valve #2 (LDAPSearchValve) and valve #3 (LDAPBindValve).

On the valve AssertionProvider, make sure that the value for "NAME ID ATTRIBUTE" is set to "userIdentifier" and values for "ADDITIONAL ATTRIBUTES" is set to "userGivenName,userSurName".

Add valve ItemCreateFromRequestValve with the value {{request.uid}} for parameter "DESTINATION ITEM ID".
Place this valve before AssertionProvider in the valve list.

When done, press Save.

Example Pipes (from the section "Pipe valves")

<p>{
    "id": "85808f6d-8228-41b4-a8b5-afb2a1cebc16",
    "name": "ItemCreateFromRequestValve",
    "enabled": "true",
    "config": {
	"proceed_on_error": "false",
	"dest_id": "{{request.uid}}"
	},
	"pipe_ref": "ff6cb2b4-101c-4734-b1bf-eb61526257c9"
}

----

{
    "id": "356c244c-daee-425e-9488-24f876d84751",
    "name": "AssertionProvider",
    "enabled": "true",
    "config": {
	"targetEntityID": "459256d5-fb72-4bf6-8628-229a2f091c2f",
	"sourceID": "https://external_sp/sp",
	"nameIDAttribute": "userIdentifier",
	"guide_ref": "e691e6e8-f519-4458-b389-8ed3a6b14f3d",
	"additionalAttributes": "userGivenName,userSurName"
	}
}</p>

Requirements

A keystore with a valid certificate is uploaded to the PAS server.

User enrolled for freja e-id.