PhenixID Verify User Identity for PAS 4.6 or later
Following the steps below creates a service to verify the identity of a user who is calling in to Help-desk or other functions in your organisation.
The users available verify methods will be displayed and the person handling the call can select one of the methods to verify the identity of the user.
Requirements
- A Keystore configured, used by the SAML function in this configuration
- Swedish BankID keystore should have been configured if Swedish BankID will be used
- Freja eID keystore should have been configured if Freja eID will be used
- All methods to be used shall be configure
Step 1 - Authentication - HTTP
Add the following configuration to “Authentication - HTTP”
{ "alias": "phxverify", "name": "Registration", "id": "phxverify", "configuration": { "stages": [ { "pipeid": "phxverify-username", "template": "phxverify", "sessionValues": [ "roles", "adminuser" ], "translation": [ "phxverify.messages.information.title", "phxverify.messages.information.searchuser", "phxverify.messages.username", "phxverify.messages.querybox", "phxverify.messages.or", "phxverify.messages.logout" ], "templateVariables": { "searchmethods": [ { "type": "username", "title": "phxverify.messages.username" }, { "type": "mail", "title": "phxverify.messages.mail" }, { "type": "mobile", "title": "phxverify.messages.mobile" } ], "settings": { "sp_url": "/phxverify/authenticate/phxverifysp/" } }, "errorTranslation": [ { "key": "User does not exist", "value": "phxverify.error.usernotexist" }, { "key": "Multiple users found", "value": "phxverify.error.multipleusersfound" }, { "key": "Login failed", "value": "phxverify.error.loginfailed" } ] }, { "pipeid": "phxverify-verifychoice", "template": "phxverify", "templateVariables": { "useBid": "true", "methods": [ { "type": "ot", "title": "phxverify.messages.ot" }, { "type": "token", "title": "phxverify.messages.pp" }, { "type": "sms", "title": "phxverify.messages.sms" }, { "type": "mail", "title": "phxverify.messages.mail" }, { "type": "bid", "title": "phxverify.messages.bid" },{ "type": "freja","title": "phxverify.messages.freja" }] }, "sessionValues": [ "phxverify-disabled-token", "phxverify-disabled-sms", "phxverify-disabled-ot", "phxverify-disabled-mail", "phxverify-disabled-bid","phxverify-disabled-freja","givenname", "sn", "mobile", "username", "mail", "roles", "adminuser", "pnrsub" ], "translation": [ "phxverify.messages.information.title", "phxverify.messages.username", "phxverify.messages.givenname", "phxverify.messages.snname", "phxverify.messages.mobile", "phxverify.messages.mail", "phxverify.messages.information.choose_method", "phxverify.messages.cancel", "phxverify.messages.logout", "phxverify.messages.bid","phxverify.messages.freja"], "errorTranslation": [ { "key": "Wrong verification code", "value": "phxverify.error.wrongotp" }, { "key": "User does not exist", "value": "phxverify.error.usernotexist" }, { "key": "Multiple users found", "value": "phxverify.error.multipleusersfound" }, { "key": "Login failed", "value": "phxverify.error.loginfailed" }, { "key": "alreadyInProgress", "value": "phxverify.error.bid_alreadyinprogress" } ] }, { "pipeid": "phxverify-verifyOTP", "template": "phxverify", "templateVariables": { "useBid": "true" }, "translation": [ "phxverify.messages.information.title", "phxverify.messages.username", "phxverify.messages.enterotp", "phxverify.messages.givenname", "phxverify.messages.snname", "phxverify.messages.mobile", "phxverify.messages.mail", "phxverify.messages.ot", "phxverify.messages.otstatus", "phxverify.messages.sms", "phxverify.messages.mail", "phxverify.messages.pp", "phxverify.messages.verify", "phxverify.messages.information.verifyotp", "phxverify.messages.information.otpending", "phxverify.messages.information.bidpending","phxverify.messages.information.frejapending", "phxverify.messages.information.ot_timedout", "phxverify.messages.information.bid_timedout", "phxverify.messages.cancel", "phxverify.messages.logout", "phxverify.messages.bid" ], "sessionValues": [ "phxverify-disabled-token", "phxverify-disabled-sms", "phxverify-disabled-ot", "phxverify-disabled-mail", "phxverify-disabled-bid","phxverify-disabled-freja","givenname", "sn", "mobile", "username", "mail", "roles", "phxverify-verifyotp", "phxverify-otpending", "phxverify-bidpending","phxverify-frejapending","adminuser", "pnrsub" ], "errorTranslation": [ { "key": "Wrong verification code", "value": "phxverify.error.wrongotp" }, { "key": "User does not exist", "value": "phxverify.error.usernotexist" }, { "key": "User rejected", "value": "ot_rejected" }, { "key": "Pending user confirmation", "value": "ot_pending" }, { "key": "User confirmation in progress", "value": "ot_inprogress" }, { "key": "bid-outstandingTransaction", "value": "bid_outstandingTransaction" }, { "key": "bid-noClient", "value": "bid_noClient" }, { "key": "phxverify.messages.bid_startbankid", "value": "bid_startbankid" },{ "key": "phxverify.messages.freja_startfreja", "value": "freja_startfreja" },{ "key": "bid-started", "value": "bid_started" },{ "key" : "freja-userCancel", "value" : "freja_userCancel" },{ "key": "freja-started", "value": "freja_started" },{ "key": "phxverify.messages.bid_usersign", "value": "bid_userSign" }, { "key": "bid-expiredTransaction", "value": "bid_expiredTransaction" }, { "key": "bid-certificateErr", "value": "bid_certificateErr" }, { "key": "bid-userCancel", "value": "bid_userCancel" }, { "key": "bid-cancelled", "value": "bid_cancelled" }, { "key": "bid-startFailed", "value": "bid_startFailed" }, { "key": "bid-unknown", "value": "bid_unknown" }, { "key": "Multiple users found", "value": "phxverify.error.multipleusersfound" }, { "key": "Login failed", "value": "phxverify.error.loginfailed" } ] }, { "pipeid": "phxverify-complete", "template": "phxverify", "templateVariables": { "useBid": "true" }, "translation": [ "phxverify.messages.information.title", "phxverify.messages.username", "phxverify.messages.enterotp", "phxverify.messages.givenname", "phxverify.messages.snname", "phxverify.messages.mobile", "phxverify.messages.mail", "phxverify.messages.ot", "phxverify.messages.otstatus", "phxverify.messages.sms", "phxverify.messages.mail", "phxverify.messages.pp", "phxverify.messages.cancel", "phxverify.messages.userverified", "phxverify.messages.logout", "phxverify.messages.bid","phxverify.messages.freja"], "sessionValues": [ "phxverify-disabled-token", "phxverify-disabled-sms", "phxverify-disabled-ot", "phxverify-disabled-mail", "givenname", "sn", "mobile", "username", "mail", "phxverify-newstatus", "roles", "adminuser", "pnrsub" ], "errorTranslation": [ { "key": "Wrong verification code", "value": "phxverify.error.wrongotp" }, { "key": "User does not exist", "value": "phxverify.error.usernotexist" }, { "key": "Multiple users found", "value": "phxverify.error.multipleusersfound" }, { "key": "Login failed", "value": "phxverify.error.loginfailed" } ] } ] } }, { "id": "phxverifysp", "alias": "phxverifysp", "name": "SAMLServiceProviderAuthN", "displayName": "PHXVerify IdP", "configuration": { "successURL": "/phxverify/authenticate/phxverify/", "sp": "https://replace_phxverify_address", "pipeID": "PHXVerifySPPipe", "targetIDP": "https://replace_phxverify_address/phxverify/authenticate/phxverifyidp", "acsUrl": "https://replace_phxverify_address/phxverify/authenticate/phxverifysp", "entityID": "https://replace_phxverify_address" } }, { "id": "e93a1158-b7b4-4491-9770-24901c3b0296", "alias": "phxverifyidp2", "name": "PostUidAndPasswordSAML", "displayName": "PHXVerifyiDP", "configuration": { "pipeID": "d449c9a9-0601-484f-ac62-a273f5a4ecc9", "idpID": "9602d813-76c5-4ab7-b1f8-4ff51b40c3ff", "translation": [ { "mapKeyTo": "phxverify.messages.information.title", "key": "login.messages.information.title" }, { "mapKeyTo": "phxverify.messages.information.header", "key": "login.messages.information.header" }, { "mapKeyTo": "phxverify.messages.information.body", "key": "login.messages.information.body" } ] } }, { "id": "002cd990-af32-4a27-9dc0-815eff7a717a", "alias": "phxverifysso", "name": "PostUidAndPasswordSAML", "displayName": "PHXVerifySSO", "configuration": { "pipeID": "951af7c4-0772-4030-b90a-c3f53c3332fb", "idpID": "1c650882-8e14-4bd6-9f6a-ef3553c5a43c" } }, { "name": "Dispatch", "id": "phxverifyidp", "alias": "phxverifyidp", "configuration": { "idpID": "9602d813-76c5-4ab7-b1f8-4ff51b40c3ff", "mapping": [ { "authenticator": "e93a1158-b7b4-4491-9770-24901c3b0296", "expression": "!request.getParameter('authenticatedrequest').equals('true')" }, { "authenticator": "002cd990-af32-4a27-9dc0-815eff7a717a", "expression": "request.getParameter('authenticatedrequest').equals('true')" } ] } }
Replace the following settings :
"replace_phxverify_address" with the address to your PhenixID Server and port to use, example "phxverify.phenixid.se:8443"
Disable Swedish BankID as an option to verify user :
- Change all "useBid": "true" to "useBid": "" in the configuration above
- Remove the following from "methods" sections in the configuration above
{
"type": "bid",
"title": "phxverify.messages.bid"
}
Disable Freja eID as an option to verify user :
- Remove the following from "methods" sections in the configuration above
{
"type": "freja",
"title": "phxverify.messages.freja"
}
Step 2 - Guide configuration
Add the following configuration to "Guide configuration”
{
"id" : "ba6e71aa-4e32-4a5c-88df-a2ed6ee1709e",
"name" : "PHXVerifyIdP",
"description" : "PHXVerifyIdP",
"type" : "guides.authentication.saml.samluidpwd2",
"config" : {
"pipeID" : "d449c9a9-0601-484f-ac62-a273f5a4ecc9",
"idp_ref" : "9602d813-76c5-4ab7-b1f8-4ff51b40c3ff",
"auth_ref" : "e93a1158-b7b4-4491-9770-24901c3b0296",
"ldap_connection_ref" : "replace_ldap_id"
}
},
{
"id": "51265e65-b112-4948-a285-4851d772ec5c",
"name": "PHXVerifySSO",
"description": "PHXVerifySSO",
"type": "guides.authentication.saml.samluidpwd2",
"config": {
"pipeID": "951af7c4-0772-4030-b90a-c3f53c3332fb",
"idp_ref": "1c650882-8e14-4bd6-9f6a-ef3553c5a43c",
"auth_ref": "002cd990-af32-4a27-9dc0-815eff7a717a",
"ldap_connection_ref": "replace_ldap_id"
}
}"replace_ldap_id" with the LDAP Scenario ID.
Step 3 - Pipes
Add the following configuration to “Pipes”
{
"id": "phxverify-username",
"valves": [
{
"name": "SessionLoadValve",
"config": {
"id": "{{request.session_id}}"
}
},
{
"name": "FlowFailValve",
"config": {
"message": "Login failed",
"skip_if_expr": "request.get('authenticatedrequest').equals('true')"
}
},
{
"name" : "SessionPropertyRemoveValve",
"config": {
"name":"username,generated_otp,phxverify-verifyotp,ot_verify,phxverify-otpending,phxverify-bidpending,phxverify-frejapending,phxverify-disabled-bid,phxverify-disabled-freja,phxverify-newstatus,phxverify-disabled-sms,phxverify-disabled-mail,phxverify-disabled-token,phxverify-disabled-ot,givenname,OATH,PKI,username,mobile,sn,mail,pnr,pnrsub"
}
},
{
"name": "LDAPSearchValve",
"config": {
"connection_ref": "replace_ldap_id",
"base_dn": "replace_ldap_base_dn",
"scope": "SUB",
"size_limit": "0",
"filter_template": "replace_phxverify_user_attrib={{request.username}}",
"attributes": "mobile,givenName,sn,mail,replace_phxverify_bankid_attrib",
"exec_if_expr": "request.get('username')!=null"
}
},
{
"name": "LDAPSearchValve",
"config": {
"connection_ref": "replace_ldap_id",
"base_dn": "replace_ldap_base_dn",
"scope": "SUB",
"size_limit": "0",
"filter_template": "mail={{request.mail}}",
"attributes": "mobile,givenName,sn,mail,replace_phxverify_user_attrib,replace_phxverify_bankid_attrib",
"exec_if_expr": "request.get('mail')!=null"
}
},
{
"name": "LDAPSearchValve",
"config": {
"connection_ref": "replace_ldap_id",
"base_dn": "replace_ldap_base_dn",
"scope": "SUB",
"size_limit": "0",
"filter_template": "mobile={{request.mobile}}",
"attributes": "mobile,givenName,sn,mail,replace_phxverify_user_attrib,replace_phxverify_bankid_attrib",
"exec_if_expr": "request.get('mobile')!=null"
}
},
{
"name": "FlowFailValve",
"config": {
"message": "User does not exist",
"exec_if_expr": "flow.items().isEmpty()"
}
},
{
"name": "FlowFailValve",
"config": {
"message": "Multiple users found",
"skip_if_expr": "flow.isSingle()"
}
},
{
"config": {
"name": "username",
"value": "{{request.username}}",
"exec_if_expr": "request.get('username')!=null"
},
"name": "SessionPropertyAddValve"
},
{
"config": {
"name": "username",
"value": "{{item.replace_phxverify_user_attrib}}",
"exec_if_expr": "request.get('mail')!=null || request.get('mobile')!=null"
},
"name": "SessionPropertyAddValve"
},
{
"name": "GetTokenExistsValve",
"config": {
"username_attribute": "{{session.username}}",
"token_type": "OATH",
"get_value_attribute_key": "OATH"
}
},
{
"name": "GetTokenExistsValve",
"config": {
"username_attribute": "{{session.username}}",
"token_type": "PKI",
"get_value_attribute_key": "PKI"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "OATH",
"value": "{{item.OATH}}"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "PKI",
"value": "{{item.PKI}}"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "mobile",
"value": "{{item.mobile}}"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"dest_id": "{{session.pki_user}}",
"name": "givenname",
"value": "{{item.givenName}}"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "sn",
"value": "{{item.sn}}"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "mail",
"value": "{{item.mail}}"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "pnr",
"value": "{{item.replace_phxverify_bankid_attrib}}"
}
},
{
"name": "PropertyAddValve",
"config": {
"name": "pnr2sub",
"value": "{{item.replace_phxverify_bankid_attrib}}"
}
},
{
"name": "PropertySubstringValve",
"config": {
"source": "pnr2sub",
"end_index": "8",
"begin_index": "0",
"exec_if_expr": "request.get('replace_phxverify_bankid_attrib')!=null"
}
},
{
"config": {
"name": "pnrsub",
"value": "{{item.pnr2sub}}xxxx"
},
"name": "SessionPropertyAddValve"
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "phxverify-disabled-bid",
"value": "disabled",
"exec_if_expr": "",
"skip_if_expr": "flow.items().get(0).containsProperty('replace_phxverify_bankid_attrib')"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "phxverify-disabled-freja",
"value": "disabled",
"exec_if_expr": "",
"skip_if_expr": "flow.items().get(0).containsProperty('replace_phxverify_bankid_attrib') || flow.items().get(0).containsProperty('mobile') || flow.items().get(0).containsProperty('mail')"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "phxverify-disabled-sms",
"value": "disabled",
"exec_if_expr": "",
"skip_if_expr": "flow.items().get(0).containsProperty('mobile')"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "phxverify-disabled-mail",
"value": "disabled",
"exec_if_expr": "",
"skip_if_expr": "flow.items().get(0).containsProperty('mail')"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "phxverify-disabled-token",
"value": "disabled",
"exec_if_expr": "flow.property('OATH').equals('false')"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "phxverify-disabled-ot",
"value": "disabled",
"exec_if_expr": "flow.property('PKI').equals('false')"
}
},
{
"name": "SessionPersistValve",
"config": {}
}
]
},
{
"id": "phxverify-verifychoice",
"valves": [
{
"name": "SessionLoadValve",
"config": {
"id": "{{request.session_id}}"
}
},
{
"name" : "SessionPropertyRemoveValve",
"config": {
"name":"ot_verify, phxverify-otpending,phxverify-bidpending,phxverify-verifyotp,generated_otp,transactionID,authRef"
}
},
{
"name": "ItemCreateValve",
"config": {
"dest_id": "{{request.session_id}}"
}
},
{
"name": "OTPGeneratorValve",
"config": {
"length": "6",
"alpha_numeric": "false",
"name": "generated_otp",
"valid_time_in_seconds": "300",
"exec_if_expr": "",
"skip_if_expr": ""
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "generated_otp",
"value": "{{item.generated_otp}}",
"skip_if_expr": ""
}
},
{
"name": "OTPBySMSValve",
"config": {
"message_gateway_settings" : "replace_gw_id",
"recipient_param_name": "{{session.mobile}}",
"generated_otp_name": "generated_otp",
"use_flash": "true",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('sms')",
"skip_if_expr": ""
}
},
{
"name": "OTPBySMTPValve",
"config": {
"smtp_settings": "replace_smtp_settings",
"start_tls_enabled": "true",
"userid_param_name": "{{session.username}}",
"mail_param_name": "{{session.mail}}",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('mail')"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "phxverify-verifyotp",
"value": "true",
"exec_if_expr": "request.get('type') != null && (request.get('type').contains('sms') || request.get('type').contains('token') || request.get('type').contains('mail'))"
}
},
{
"name": "IssueAssignmentValve",
"config": {
"userNameParameter": "{{session.username}}",
"serviceName": "Phenixid",
"authMessage": "Verify your user ID",
"serviceMessage": "",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('ot')"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "ot_verify",
"value": "{{item.assignmentid}}",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('ot')",
"skip_if_expr": ""
}
},
{
"name": "BankIDAuthenticateValve",
"config": {
"bankid_keystore": "replace_phxverify_bankid_keystore",
"mode": "test",
"pnr": "{{session.pnr}}",
"client_ip_request_param": "X-Forwarded-For",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('bid')"
}
},
{
"name" : "FrejaEIDCreateItemFromSessionValve",
"config" : { }
},{
"name" : "FrejaEIDAuthRequestValve",
"config" : {
"keystoreID" : "replace_freja_keystore",
"mode" : "test_personal_auth",
"propsFromItem" : "true",
"exec_if_expr" : "request.get('type') != null && request.get('type').contains('freja')" }
}, {
"name" : "SessionPropertyAddValve",
"config" : {
"name" : "authRef",
"value" : "{{item.authRef}}"
}
},
{
"name": "ItemMergeValve",
"config": {
"dest_id": "{{request.session_id}}"
}
},
{
"name": "FlowFailValve",
"config": {
"message": "alreadyInProgress",
"exec_if_expr": "flow.property('errorCode').equals('alreadyInProgress')",
"item_include_expr" : "item.containsProperty('errorCode')"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "transactionID",
"value": "{{item.transactionID}}"
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "phxverify-otpending",
"value": "true",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('ot')",
"skip_if_expr": ""
}
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "phxverify-bidpending",
"value": "true",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('bid')",
"skip_if_expr": ""
}
},
{
"name" : "SessionPropertyAddValve",
"config" : {
"name" : "phxverify-frejapending",
"value" : "true",
"exec_if_expr" : "request.get('type') != null && request.get('type').contains('freja')",
"skip_if_expr" : ""
}
},
{
"name": "SessionPersistValve",
"config": {}
}
]
},
{
"id": "phxverify-verifyOTP",
"valves": [
{
"name": "SessionLoadValve",
"config": {
"id": "{{request.session_id}}"
}
},
{
"name": "ItemCreateValve",
"config": {
"dest_id": "{{request.session_id}}"
}
},
{
"name": "PropertyAddValve",
"config": {
"name": "username",
"value": "{{session.username}}"
}
},
{
"name": "OTPValidationValve",
"config": {
"provided_otp_param_name": "{{request.otp}}",
"generated_otp_param_name": "generated_otp",
"proceed_on_error": "true",
"exec_if_expr": "request.get('type').contains('sms')"
}
},
{
"name": "OTPValidationValve",
"config": {
"provided_otp_param_name": "{{request.otp}}",
"generated_otp_param_name": "generated_otp",
"proceed_on_error": "true",
"exec_if_expr": "request.get('type').contains('mail')"
}
},
{
"name": "TokenValidationValve",
"config": {
"provided_otp_param_name": "{{request.otp}}",
"otp_length": "6",
"userid_param_name": "{{item.username}}",
"exec_if_expr": "request.get('type').contains('token')"
}
},
{
"name": "FlowFailValve",
"config": {
"message": "Wrong verification code",
"exec_if_expr": "attributes.user_authenticated === false"
}
},
{
"name": "AssignmentStatusValve",
"config": {
"id": "{{session.ot_verify}}",
"dest": "userverifiedot",
"exec_if_expr": "request.get('type').contains('ot')"
}
},
{
"name": "BankIDCollectAuthenticationStatusValve",
"config": {
"bankid_keystore": "replace_phxverify_bankid_keystore",
"mode": "test",
"transactionID": "{{session.transactionID}}",
"customerID": "{{session.tenant}}",
"exec_if_expr": "request.get('type').contains('bid')"
}
},
{
"name" : "PropertyAddValve",
"config" : {
"name" : "authRef",
"value" : "{{session.authRef}}"
}
}, {
"name" : "FrejaEIDAuthStatusValve",
"config" : {
"keystoreID" : "replace_freja_keystore",
"mode" : "test_personal_auth",
"propsFromItem" : "true",
"exec_if_expr" : "request.get('type').contains('freja')"
}
},{
"name": "ItemMergeValve",
"enabled": "true",
"config": {
"dest_id": "{{request.session_id}}"
}
},
{
"name": "FlowFailValve",
"config": {
"message": "User rejected",
"exec_if_expr": "flow.property('userverifiedot').equals('REJECTED') && request.get('type').contains('ot')"
}
},
{
"name": "FlowFailValve",
"config": {
"message": "Pending user confirmation",
"exec_if_expr": "flow.property('userverifiedot').equals('PENDING') && request.get('type').contains('ot')"
}
},
{
"name": "FlowFailValve",
"config": {
"message": "User confirmation in progress",
"exec_if_expr": "flow.property('userverifiedot').equals('IN_PROGRESS') && request.get('type').contains('ot')"
}
},
{
"config": {
"message": "bid-outstandingTransaction",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('bid') && flow.property('hintCode').equals('outstandingTransaction')"
},
"name": "FlowFailValve"
},
{
"config": {
"message": "bid-noClient",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('bid') && flow.property('hintCode').equals('noClient')"
},
"name": "FlowFailValve"
},
{
"config": {
"message": "bid-started",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('bid') && flow.property('hintCode').equals('started')"
},
"name": "FlowFailValve"
}, {
"config" : {
"message" : "freja-started",
"exec_if_expr" : "request.get('type') != null && request.get('type').contains('freja') && flow.property('status').contains('STARTED')"
},
"name" : "FlowFailValve"
}, {
"config" : {
"message" : "freja-started",
"exec_if_expr" : "request.get('type') != null && request.get('type').contains('freja') && flow.property('status').contains('DELIVERED_TO_MOBILE')"
},
"name" : "FlowFailValve"
}, {
"config" : {
"message" : "freja-expiredTransaction",
"exec_if_expr" : "request.get('type') != null && request.get('type').contains('freja') && flow.property('status').equals('EXPIRED')"
},
"name" : "FlowFailValve"
}, {
"config" : {
"message" : "freja-userCancel",
"exec_if_expr" : "request.get('type') != null && request.get('type').contains('freja') && flow.property('status').equals('CANCELED')"
},
"name" : "FlowFailValve"
}, {
"config": {
"message": "bid-userSign",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('bid') && flow.property('hintCode').equals('userSign')"
},
"name": "FlowFailValve"
},
{
"config": {
"message": "bid-expiredTransaction",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('bid') && flow.property('hintCode').equals('expiredTransaction')"
},
"name": "FlowFailValve"
},
{
"config": {
"message": "bid-certificateErr",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('bid') && flow.property('hintCode').equals('certificateErr')"
},
"name": "FlowFailValve"
},
{
"config": {
"message": "bid-userCancel",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('bid') && flow.property('hintCode').equals('userCancel')"
},
"name": "FlowFailValve"
},
{
"config": {
"message": "bid-cancelled",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('bid') && flow.property('hintCode').equals('cancelled')"
},
"name": "FlowFailValve"
},
{
"config": {
"message": "bid-startFailed",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('bid') && flow.property('hintCode').equals('startFailed')"
},
"name": "FlowFailValve"
},
{
"config": {
"message": "bid-unknown",
"exec_if_expr": "request.get('type') != null && request.get('type').contains('bid') && flow.property('hintCode').equals('unknown')"
},
"name": "FlowFailValve"
},
{
"name": "SessionPropertyAddValve",
"config": {
"name": "phxverify-newstatus",
"value": "ok"
}
},
{
"name": "SessionPersistValve",
"config": {}
}
]
},
{
"id": "phxverify-complete",
"valves": [
{
"name": "SessionLoadValve",
"config": {
"id": "{{request.session_id}}"
}
},
{
"name": "SessionRemoveValve",
"config": {}
}
]
},
{
"id" : "PHXVerifySPPipe",
"valves" : [
{
"name" : "AssertionConsumer",
"config" : {}
},
{
"name" : "FlowFailValve",
"config" : {
"message" : "User does not exist",
"exec_if_expr" : "flow.items().isEmpty()"
}
},
{
"name": "PropertyAddValve",
"config": {
"name": "roles",
"value": "auth:7313aa29-f399-4a5b-afd3-fb1d7a88ae93",
"enable_multi_value": "true"
}
}
]
},
{
"id" : "d449c9a9-0601-484f-ac62-a273f5a4ecc9",
"name" : "Find user and validate password",
"description" : "Pipe performing username and password authentication",
"enabled" : "true",
"config" : {
"valve_refs" : "a3d20fa0-b556-41aa-985d-aa30d4dc993c,1073e906-05ec-48ea-8888-1cde79e40219,28309e6a-b1cb-479e-8432-fb7e9ec28771,phxverifyadm1,phxverifyadm2,phxverifyadm3,cf0cbbde-597f-4ecd-85e3-72a46903d727"
}
},
{
"id": "951af7c4-0772-4030-b90a-c3f53c3332fb",
"name": "Find user and validate password",
"description": "Pipe performing username and password authentication",
"enabled": "true",
"config": {
"valve_refs": "a6920bf0-b1a3-473e-b669-20cbedf2e8af,878b91e8-a4c0-42ef-b963-9fd0c437b0e0,phxverifyadm1,phxverifyadm2,phxverifyadm3,88a8b3be-2e54-4294-92ad-8ba88c40e427"
},
"guide_ref": "4cd62bf9-a01d-4a3d-aa55-2dda957e26cc"
}Replace the following settings :
"replace_ldap_id" with your LDAP connection id, example “731c93fb-f123-403a-9b4f-45720eeed474”
"replace_ldap_base_dn" with your “base_dn”, example “DC=phenixid,DC=local”
"replace_phxverify_user_attrib" with either "sAMAccountName" if you have Active Directory or "uid" for other LDAP catalogs
"replace_phxverify_bankid_attrib" with the attribute used for Swedish BankID in the LDAP directory, example "employeeID"
"replace_gw_id" with the Scenario ID for the Message Gateway
"replace_phxverify_bankid_keystore" with the Swedish BankID keystore ID, example "22962990-a11a-4f3e-b6b4-2554b9b9072e"
"replace_freja_keystore" with the Freja eID keystore ID, example "1df275aa-d99f-40b0-874c-6f1f5d4f333d"
Step 4 - SAML 2 Identity providers
Add the following configuration to “SAML 2 Identity providers”
{
"id" : "9602d813-76c5-4ab7-b1f8-4ff51b40c3ff",
"name" : "SAML IDP",
"description" : "PHXVerifyIdP",
"keystore" : "replace_keystore_id",
"entityID" : "https://"replace_phxverify_idp"/phxverify/authenticate/phxverifyidp",
"requireSigned" : "true",
"postSSOURL" : "https://"replace_phxverify_idp"/phxverify/authenticate/phxverifyidp"
},
{
"id": "1c650882-8e14-4bd6-9f6a-ef3553c5a43c",
"name": "SAML IDP",
"description": "PHXVerifySSO",
"keystore": "replace_keystore_id",
"entityID": "https://"replace_phxverify_idp"/phxverify/authenticate/phxverifysso",
"requireSigned": "true",
"postSSOURL": "https://"replace_phxverify_idp"/phxverifysaml/authenticate/phxverifysso"
}Replace the following settings :
"replace_phxverify_idp" with the address to your PhenixID Server and port to use, example "phxverify.phenixid.se:8443"
"replace_keystore_id" with the id for the keystore to use.
Step 5 - SAML 2 Service providers
Add the following configuration to “SAML 2 Service providers”
{
"id" : "replace_phxverify_sp",
"keystoreSign" : "replace_sp_keystore",
"keystoreEncrypt" : "replace_sp_keystore",
"entityID" : "replace_phxverify_sp"
}Replace the following settings :
"replace_phxverify_sp" with the address to your PhenixID Server and port to use, example "https://phxverify.phenixid.se:8443"
"replace_sp_keystore" with the keystore ID to be used by the Service Provider (SP), example "44962990-a11a-4f3e-b6b4-2554b9b9072f"
Step 6 - Pipe valves
Add the following configuration to “Pipe valves"
{
"id" : "a3d20fa0-b556-41aa-985d-aa30d4dc993c",
"name" : "InputParameterExistValidatorValve",
"enabled" : "true",
"config" : {
"param_name" : "password",
"skip_if_expr" : "request.authenticatedrequest === 'true'"
}
},
{
"id" : "1073e906-05ec-48ea-8888-1cde79e40219",
"name" : "LDAPSearchValve",
"enabled" : "true",
"config" : {
"connection_ref" : "replace_ldap_id",
"base_dn" : "replace_ldap_base_dn",
"scope" : "SUB",
"size_limit" : "0",
"_filter_template" : "replace_phxverify_user_attrib={{request.username}}",
"filter_template": "(&(replace_phxverify_user_attrib={{request.username}})(replace_phxverify_group_member))",
"guide_ref" : "4a3714f3-99dd-49fe-8154-8beded40d0d0"
}
},
{
"id" : "28309e6a-b1cb-479e-8432-fb7e9ec28771",
"name" : "LDAPBindValve",
"enabled" : "true",
"config" : {
"connection_ref" : "replace_ldap_id",
"password_param_name" : "password",
"lockout_enabled" : "false",
"lockout_login_attempts" : "3",
"lockout_login_window" : "30",
"lockout_time" : "60",
"guide_ref" : "4a3714f3-99dd-49fe-8154-8beded40d0d0"
}
},
{
"id" : "cf0cbbde-597f-4ecd-85e3-72a46903d727",
"name" : "AssertionProvider",
"enabled" : "true",
"config" : {
"targetEntityID" : "9602d813-76c5-4ab7-b1f8-4ff51b40c3ff",
"sourceID" : "replace_phxverify_sp",
"nameIDAttribute" : "replace_phxverify_user_attrib",
"guide_ref" : "4a3714f3-99dd-49fe-8154-8beded40d0d0"
}
},
{
"id": "a6920bf0-b1a3-473e-b669-20cbedf2e8af",
"name": "FlowFailValve",
"enabled": "true",
"config": {
"skip_if_expr": "request.get('authenticatedrequest').equals('true')",
"proceed_on_error": "false",
"message": "common.messages.failure"
},
"pipe_ref": "951af7c4-0772-4030-b90a-c3f53c3332fb"
},
{
"id": "878b91e8-a4c0-42ef-b963-9fd0c437b0e0",
"name": "LDAPSearchValve",
"enabled": "true",
"config": {
"connection_ref": "replace_ldap_id",
"base_dn": "replace_ldap_base_dn",
"scope": "SUB",
"size_limit": "0",
"filter_template": "replace_phxverify_user_attrib={{request.username}}",
"guide_ref": "4cd62bf9-a01d-4a3d-aa55-2dda957e26cc"
}
},
{
"id": "phxverifyadm1",
"name": "SessionLoadValve",
"config": {
"id": "{{request.session_id}}"
}
},
{
"id": "phxverifyadm2",
"name": "SessionPropertyAddValve",
"config": {
"name": "adminuser",
"value": "{{item.givenName}} {{item.sn}}"
}
},
{
"id": "phxverifyadm3",
"name": "SessionPersistValve",
"config": {}
},
{
"id": "88a8b3be-2e54-4294-92ad-8ba88c40e427",
"name": "AssertionProvider",
"enabled": "true",
"config": {
"targetEntityID": "9602d813-76c5-4ab7-b1f8-4ff51b40c3ff",
"sourceID": "replace_phxverify_sp",
"nameIDAttribute": "replace_phxverify_user_attrib",
"guide_ref": "4cd62bf9-a01d-4a3d-aa55-2dda957e26cc"
}
}Replace the following settings :
"replace_ldap_id" with your LDAP connection id, example “731c93fb-f123-403a-9b4f-45720eeed474”
"replace_ldap_base_dn" with your “base_dn”, example “DC=phenixid,DC=local”
"replace_phxverify_user_attrib" with either "sAMAccountName" if you have Active Directory or "uid" for other LDAP catalogs
"replace_phxverify_group_member" with the security group used to control who can use this service, example "memberOf=CN=PhenixID-PhxVerifyAdmin,OU=Groups,DC=phenixid,DC=se"
"replace_phxverify_sp" with the address to your PhenixID Server and port to use, example "https://phxverify.phenixid.se:8443"