PhenixID web apps authentication – BankID

This authenticator is used to authenticate users with BankID (desktop or mobile BankID).

Modules Required

  • auth-http
  • phenix-pipes

Configuration

Configuration Properties:

Name Description Default value Mandatory
loginTemplate Template to use for user interface. bankid.template No
successURL The URL to redirect the browser to after successful authentication Yes
includeQueryString Enable to append query string (passed to authenticator) to successURL. false No
pipeID Id of pipe used to validate username and password. Yes
errorURL The URL to redirect the browser to if an error occurs. No
keyStore Keystore to use to communicate with BankID backend servers. Must point to an existing KEYSTORE in the configuration. Yes
mode Controls which bankid backend environment to use. Leave blank ("") for production, specify "test" for test environment. No

Example configuration

HTTP Authenticators

  	{
		"id": "bid",
		"alias": "bid",
		"name": "BankID",
		"configuration": {
			"pipeID": "pipeBID",
			"keyStore": "bankidkeystore",
			"password": "qwerty123",
			"mode": "test",
			"successURL": "/selfservice/",
			"enableHoneypot": "yes",
			"loginTemplate": "bankid.template",
			"translation": [
				"bankid.messages.title_starting",
				"bankid.messages.title_current_device",
				"bankid.messages.title_mobile_device",
				"bankid.messages.title_qrcode",
				"bankid.messages.text_starting",
				"bankid.messages.text_current_device",
				"bankid.messages.text_mobile_device",
				"bankid.messages.text_qrcode",
				"bankid.messages.input_personal_number",
				"bankid.messages.button_submit",
				"bankid.messages.button_start_over",
				"bankid.messages.button_start_manually",
				"bankid.messages.info_bankid_link_creation_app",
				"bankid.messages.info_bankid_url_link_redirection_success_app",
				"bankid.messages.info_open_app",
				"bankid.messages.info_rediection_app",
				"bankid.messages.info_verified_app",
				"bankid.messages.info_qrcode_scanned_app",
				"bankid.messages.error_bad_personal_number",
				"bankid.messages.error_cancellation",
				"bankid.messages.error_request",
				"bankid.messages.changeLanguage"
			],
			"templateVariables": {
				"cancel_href": "/bid/authenticate/logout/bid/?nextTarget=/bid/authenticate/bid/",
				"methods": [
					{
						"title": "bankid.messages.option_label_od",
						"image": "/authenticate/res/images/bankid/bankid.png",
						"data-toggle-action": "OD"
					},
					{
						"title": "bankid.messages.option_label_sd",
						"image": "/authenticate/res/images/bankid/bankid.png",
						"data-toggle-action": "SD"
					},
					{
						"title": "bankid.messages.option_label_qr",
						"image": "/authenticate/res/images/bankid/bankid-qrc.png",
						"data-toggle-action": "QR"
					}
				]
			}
		}
	}

 

Pipes

{
  "id" : "pipeBID",
  "valves" : [  {
    "name" : "LDAPSearchValve",
    "config" : {
      "connection_ref" : "local_ldap",
      "base_dn" : "o=IAMService",
      "scope" : "SUB",
      "size_limit" : "0",
      "filter_template" : "(&(objectclass=*)(serialNumber={{request.userPersonalNumber}}))",
      "attributes" : "uid"
    }
  },{
		"name": "PropertyAddValve",
		"config": {
			"name": "roles",
			"value": "auth:7313aa29-f399-4a5b-afd3-fb1d7a88ae93",
			"enable_multi_value": "true"
		}
	}
	]
}

Read this article to get the correct value for the roles property.

Keystore

{
    "id" : "bankidkeystore",
    "type" : "pkcs12",
    "password" : "qwerty123",
    "certificateAlias" : "{557681f5-fdf4-4aa2-ac94-e4591dcb02d5}",
    "privateKeyPassword" : "qwerty123",
    "resource" : "FPTestcert2_20150818_102329.p12"
}