SithsEidSignValve

Trigger SITHS eID signing. Used in the context of the HTTP API.

On successful execution, a new item will be added with the SITHS eID orderRef, autostarttoken, qrStartToken and qrStartSecret values as properties. Do not share the qrStartSecret to the client, it should remain a secret between the relying party and the authentication service. To collect status use the SithsEidCollectAuthenticationStatusValve.  

Properties

Name Description Default value Mandatory Supports property expansion
keyStore ID of the stored p12 keystore used to be able to communicate with SITHS eID backend. Yes No
sithseidURL SITHS eID service backend root URL. Yes No
rfc2253Issuers List of trusted SITHS eID issuers. [ "CN=TEST SITHS e-id Person HSA-id 3 CA v1,O=Inera AB,C=SE", "CN=TEST SITHS e-id Person ID 3 CA v1,O=Inera AB,C=SE", "CN=TEST SITHS e-id Person ID Mobile CA v1,O=Inera AB,C=SE", "CN=CGI Test Root CA,OU=Test,O=CGI,ST=Jamtland,C=SE", "CN=SITHS Type 1 CA v1,O=Inera AB,C=SE", "CN=SITHS Type 1 CA v1 PP,O=Inera AB,C=SE" ] No No
checkRevocation Check if certificate has been revoked (true/false). true No No
enhancedAuthentication Enhanced authentication enabled (true/false). true No No
personalIdentifier Value to bind authentication to a specific user (should resolve to a personal number in format yyyyMMddxxxx. No Yes
organizationName Organization name that will be displayed in SITHS eID client during authentication. Testportalen No No

Example Configuration

{
				"name": "SithsEidSignValve,
				"config": {
					"keyStore": "5ca8fb2f-bb98-48eb-a1fd-f1e89879fd50",
					"sithseidURL": "https://secure-authservice.idp.ineratest.org",
					"organizationName": "PhenixID",
					"personalIdentifier": "{{request.personalIdentifier}}"
				}
			}

Requirements

- Keystore (p12 format) file used to authenticate to the SITHS eID service. The keystore must have been uploaded to PhenixID Authentication Server.

- Add trust to HTTPS SSL certificates using this instruction.

- SITHS eID client (for testing).

Adding trust to production SITHS CAs

Configure the rfc2253Issuers parameter to trust production SITHS CAs:

<p>"rfc2253Issuers": [ 
"CN=SITHS e-id Person ID 3 CA v1,O=Inera AB,C=SE", 
"CN=SITHS e-id Person ID Mobile CA v1,O=Inera AB,C=SE" 
]</p>
Click to copy