BankIDSignValve

Trigger BankID signing. Used for local signing.

On successful execution, a new item will be added and the bankID transaction id value will be added to the property transactionID. The properties qrStartToken and  qrStartSecret from bankID api will be added to the item. The qrStartSecret must not be sent to the client, it is meant to be a secret shared only between the BankID api and the relying party.

Properties

Name Description Default value Mandatory Supports property expansion
bankid_keystore ID of the keystore to use setting up client authentication Yes No
mode Switch to communicate with bankid test or production environment. Set to test to target bankid test environment. production No No
version Sets the version of the bankID API to access v5.1 No No
pnr Personnummer, removed in v6.0 of the BankID api no Yes
user_visible_data Data to be signed that will be displayed in the bankid client. Yes Yes
user_non_visible_data Data to be signed that will not be displayed in the bankid client. No Yes
requirement Includes one or more requirements on how the auth or sign order must be performed, see below for more information. Format json No No
client_ip_request_param Parameter containing the client ip. remoteAddress No Yes
certificatePolicy Comma separated string of bankid certificate policies No No

Example Configuration 

{
    "name" : "BankIDSignValve",
    "config" : {
       "bankid_keystore":"1111-2222-3333-4444",
        "pnr" : "{{request.pnr}}",
        "user_visible_data" : "{{request.userVisibleData}}",
        "user_non_visible_data" : "{{request.userNonVisibleData}}",
        "client_ip_request_param": "{{request.X-Forwarded-For}}",
        "requirement": "{\"certificatePolicies\":[\"1.2.752.78.1.5\"],\"pinCode\":true}"
    }
}

Requirements

- PhenixID Signing Service installed.

- Keystore (p12 format) file used to authenticate to BankID service stored on PhenixID Authentication Server.

- BankID client (for testing).