SAML - Freja eID

This document describes how to configure  FrejaEIDAuthenticatorSAML.

A keystore should have been received from Freja eID and imported into PhenixID Server before configuration of the authenticator.

Please follow this document to import the keystore.

Configure Authenticator

Start by configuring the scenario, Federation - Username and password, according to this instruction.
See information about values for the scenario below.

When done, go  to the Advanced tab and locate the Authentication - HTTP entry, that was configured in the previous "Federation - Username and password" scenario.

Change the value of the name parameter from "PostUidAndPasswordSAML" to "FrejaEIDAuthenticatorSAML".

Click Commit changes.

Configuration Properties and Example Freja eID SAMLAuthenticator

Configuration properties and example can be found here.

Settings are done in PhenixID configuration portal, on the  advanced tab, click the pencil next to "Authentication - HTTP".

The keyStore and trustStore  parameters needs to be added to the configuration. Value for keyStore can be found in PhenixID configuration portal, under Scenarios and then Federation, Keystore. Use the ID of the keystore created/imported earlier.
Instructions for trustStore can be found in the linked document.

When done click Stage changes and Commit changes.

Configure the execution flow

Open the Execution flow tab and expand the flow.

Delete valve #1 (InputParameterExistValidatorValve), valve #2 (LDAPSearchValve) and valve #3 (LDAPBindValve).

On the valve AssertionProvider, make sure that the value for "NAME ID ATTRIBUTE" is set to "userIdentifier" and values for "ADDITIONAL ATTRIBUTES" is set to "userGivenName,userSurName".

Add valve ItemCreateFromRequestValve with the value {{request.uid}} for parameter "DESTINATION ITEM ID".
Place this valve before AssertionProvider, like this:

When done, press Save.

Example Pipes (from the section "Pipe valves")

{
    "id": "85808f6d-8228-41b4-a8b5-afb2a1cebc16",
    "name": "ItemCreateFromRequestValve",
    "enabled": "true",
    "config": {
	"proceed_on_error": "false",
	"dest_id": "{{request.uid}}"
	},
	"pipe_ref": "ff6cb2b4-101c-4734-b1bf-eb61526257c9"
}

----

{
    "id": "356c244c-daee-425e-9488-24f876d84751",
    "name": "AssertionProvider",
    "enabled": "true",
    "config": {
	"targetEntityID": "459256d5-fb72-4bf6-8628-229a2f091c2f",
	"sourceID": "https://external_sp/sp",
	"nameIDAttribute": "userIdentifier",
	"guide_ref": "e691e6e8-f519-4458-b389-8ed3a6b14f3d",
	"additionalAttributes": "userGivenName,userSurName"
	}
}