This article describes how to setup PhenixID Signing Services for local (indirect) signing using Freja eID.

This setup includes the use of Freja OrgID.

- Freja eID client certificate (for production environments)

- Access to Freja eID infrastructure from PhenixID Server

- Access to Freja eID infrastructure from Mobile device

- PhenixID Authentication Services 4.2 or higher

- For PAS version 4.2, apply this patch.

- The reader of this document should have some basic knowledge about PhenixID Server.

- Changes will be made to the file phenix-store.json, so please make sure to have a backup  of this file.

It is recommended to add authentication to the API. These authentication methods are supported:

- Client certificate (recommended).
Use a reverse proxy to add client certificate authentication. Add valves to the pipe(s) to verify the certificate.

- Basic authentication
Add valves to the pipes to perform basic authentication verification.

- (If this module was already deployed in your environment, just add FrejaStartSign and FrejaCollectSign to allowedPipe.)

- Login to configuration manager

- Click the Advanced tab

- Open Modules (click on the pen)

- Add this module:

{
		"module": "com.phenixidentity~phenix-signing-api",
		"enabled": "true",
		"config": {
			"tenant": [
				{
					"id": "t1",
					"displayName": "Tenant1",
					"allowedPipe": [
						"FrejaCollectSign",
						"FrejaStartSign"
					]
				}
			]
		},
		"id": "signapi_module"
	}

- Click Stage Changes and Commit Changes

- Open NODE_GROUPS (click on the pen)

- Add id of the newly added module to module_refs. Example below.

{
		    "name": "default",
        "description": "Default node group (created automatically) - all nodes belong to this group",
		"config": {
			"module_refs": "signapi_module,sealapp,signapp_1,......"
		},
		"created": "2017-07-03T11:38:03.135Z",
		"id": "493afd0e-0fe8-40e4-b1a1-a24a5e2df6e2",
		"modified": "2017-07-03T14:39:43.257Z"
	}

- Click Stage Changes and Commit Changes

- Add the Freja eID client certificate (to connect to Freja backend) using the scenario Federation->Keystore->Add keystore.

- Copy the ID of the keystore. This will be used in later step.

- Click the Advanced tab

- Open Pipes (click on the pen)

- Add these pipes. Change these properties to suit your environment:

* FREJA_KEYSTORE -> The id value copied in previous step.
* For other parameter details, please view the valve documentation.

{
		"id": "FrejaStartSign",
		"description": "FrejaStartSign",
		"http_enabled": "true",
		"http_path_pattern": "PUT:/pipes/freja_sign",
		"valves": [
			{
				"name": "FrejaEIDSignRequestValve",
				"config": {
					"keystoreID": "FREJA_KEYSTORE",
					"mode": "production_organisation_sign"
				}
			}
		]
	},
	{
		"id": "FrejaCollectSign",
		"description": "FrejaCollectSign",
		"http_enabled": "true",
		"http_path_pattern": "PUT:/pipes/freja_collect",
		"valves": [
			{
				"name": "FrejaEIDSignStatusValve",
				"config": {
					"keystoreID": "FREJA_KEYSTORE",
					"mode": "production_organisation_sign"
				}
			}
		]
	}

- Click Stage Changes and Commit Changes

Use a HTTP rest client for testing and debugging. Follow this document to structure the HTTP requests properly.

https://document.phenixid.net/m/signing_service/l/1455365-using-local-signing-api-transaction-text-signing-using-freja-eid