PhenixID web apps authentication - Freja eID

This document describes how to configure FrejaEIDAuthenticator.

A keystore should have been received from Freja eID and imported into PhenixID Server before configuration of the authenticator.

Please follow this document to import the keystore.

In the example below Freja eID is used to login to myapps.

Configuration Properties

Name Description Default value Mandatory
pipeID Id of pipe used by Freja eID Authenticator.   Yes
successURL The URL to redirect the browser to after successful authentication.   Yes
keyStore ID of the keyStore created in PhenixID Server.   Yes

Example Freja eID Authenticator

Login to PhenixID configuration portal, go to advanced and click on the pencil next to "Authentication - HTTP".
Add the authenticator configuration:

{
        "id": "0c18a73e-612a-4ce2-a353-40f60dd4bbf9",
        "alias": "freja",
        "name": "FrejaEIDAuthenticator",
        "displayName": "Freja",
        "configuration": {
            "pipeID": "pipeUn",
            "successURL": "/myapps/",
            "keyStore": "b3d10a11-e325-4c6b-89e9-66bc2b240b81"
        }
    }

Change the different parameters according to the requirements in the environment.

The value for keyStore can be found in PhenixID configuration portal, under Scenarios and then Federation, Keystore. Use the ID of the keystore created/imported earlier.

When done click Stage changes and Commit changes.

Pipes

    {
        "id": "pipeUn",
        "valves": [
            {
                "name": "LDAPSearchValve",
                "enabled": "true",
                "config": {
                    "connection_ref": "replacewithyourconnectionid",
                    "base_dn": "dc=example,dc=org",
                    "scope": "SUB",
                    "size_limit": "0",
                    "filter_template": "mail={{request.username}}"
                }
            }
        ]
    }

 Change the values according to environment.

Example Database Connection

If the user database has already been created, the id can be found in PhenixID configuration portal, under Scenarios and then Connections.
Use the Scenario ID of the desired connection.

Example of LDAP connection below.

{
  "id" : "d5c9fd4f-0e51-43d4-b1c5-b3e34b6edd4b",
  "type" : "ldap",
  "description" : "Connection to local OpenDJ",
  "config" : {
    "host" : "localhost",
    "port" : "389",
    "bind_dn" : "cn=Directory Manager",
    "password" : "{enc}D5rVvfE+HpfoHagoMv1r1oy91oDYX44eObCS6qCLh9I=",
    "use_ssl" : "true",
    "ssl_trust_all" : "true",
    "follow_referrals" : "false",
    "auto_reconnect" : "true",
    "use_keep_alive" : "true",
    "response_timeout_ms" : "30000",
    "pool_initial_size" : "1",
    "pool_max_size" : "2"
  }
}

Using Freja eID as login method for Myapps

Freja eID can now be used as login method for Myapps by using this URL:

https://ipordnsofphenixidserver:8443/myapps/authenticate/freja

 

To set Freja eID as default login method for Myapps, locate the Myapps module under the tab Advanced in the configuration portal.
Change the login method to "freja" according to the example below.