PhenixID DocumentationPhenixID Authentication ServicesSolutions Misc configuration solutionsURI's used by PhenixID Authentication Services, PhenixID Password Self Service and PhenixID Signing Services

URI's used by PhenixID Authentication Services, PhenixID Password Self Service and PhenixID Signing Services

This document describes the possible URI's used by PhenixID Authentication Services, PhenixID Password Self Service and PhenixID Signing Services. Behind every URI there is an application or a service listener.

Every URI is exposed through configuration, meaning that if an application/service hasn't been configured, the corresponding URI will not be exposed.

Description

When publishing the different web applications and services in PAS, PSS or Signing, best practise is to only allow as little as possible regarding the service. So communication is only allowed to the very specific services needed for the specific configuration. This document will describe what needs to be allowed depending on service and web application used. Example of the communication is available in the end of the document.

Please note that all URI values are configurable! If changed, please adjust your proxy configuration accordingly.

PAS and PPSS

URL's for the different web applications

Example of complete communication

Pocket Pass enrollment:

/mfaadmin/otpadmin/api/?tokens/prepare/d67793ed1c4c1dddd7c61cc0982b6917

/mfaadmin/otpadmin/provision/otpauth/?5c73a048-f35a-4872-bc67-4bb28ba02fca

One Touch enrollment:

/mfaadmin/otpadmin/onetouch/enroll/status/5ee705a9-340b-408a-a97b-88fd56f83748

/mfaadmin/otpadmin/onetouch/enroll/start/JTdCJTIydXNlcm5hbWUlMjIlM0ElMjJkNjc3OTNlZDFjNGMxZGRkZDdjNjFjYzA5ODJiNjkxNyUyMiUyQyUyMmRpc3BsYXlfbmFtZSUyMiUzQSUyMm5yNCUyMiUyQyUyMnRpbWVzdGFtcCUyMiUzQSUyMjE1MTYxODg0OTM5OTglMjIlN0Q=

/mfaadmin/otpadmin/onetouch/enroll/status/42e1471b-62c4-4704-b801-dfa389e12734

/mfaadmin/otpadmin/onetouch/provision/start/42e1471b-62c4-4704-b801-dfa389e12734

/mfaadmin/otpadmin/onetouch/provision/chain/42e1471b-62c4-4704-b801-dfa389e12734

/mfaadmin/otpadmin/onetouch/enroll/status/42e1471b-62c4-4704-b801-dfa389e12734

/mfaadmin/otpadmin/api/?d67793ed1c4c1dddd7c61cc0982b6917

/pki/token/register/dd813370-87c3-479e-9ce4-da2a5e4f6fb3

/mfaadmin/otpadmin/onetouch/provision/chain/42e1471b-62c4-4704-b801-dfa389e12734

/pki/tokens/dd813370-87c3-479e-9ce4-da2a5e4f6fb3

/mfaadmin/otpadmin/api/?d67793ed1c4c1dddd7c61cc0982b6917

/pki/tokens/dd813370-87c3-479e-9ce4-da2a5e4f6fb3

 

/selfservice/selfservice/js/extensions/pki.js

/selfservice/selfservice/pki/enroll/start/JTdCJTIyZGlzcGxheV9uYW1lJTIyJTNBJTIycyUyMiUyQyUyMnRpbWVzdGFtcCUyMiUzQSUyMjE1MTYxODg3ODcxNjclMjIlN0Q=

/selfservice/selfservice/pki/enroll/status/

/selfservice/selfservice/pki/enroll/status/cacfa81f-5d84-428b-a767-8bc6275d88fc

/pki/token/start/12953c01-43e7-4b87-a039-95991ee2d945

/selfservice/selfservice/pki/enroll/status/aeccdc94-ff69-41ca-81e3-3e6f413b09c1

/selfservice/selfservice/api/entity

/pki/token/register/12953c01-43e7-4b87-a039-95991ee2d945

/pki/tokens/12953c01-43e7-4b87-a039-95991ee2d945

One Touch auth:

/pki/tokens/12953c01-43e7-4b87-a039-95991ee2d945

/pki/assignment/confirm/eb2dffbb-3960-43e0-a2a0-aebed7476156

/pki/tokens/12953c01-43e7-4b87-a039-95991ee2d945

One Touch revoke:

/pki/tokens/7b3b2dc3-2b4b-4753-a9ff-d470c71f9190