Switching to BankID v6.0

To enable version 6.0 of the bankID api PAS v4.7 or later will need to be installed. 

Switch version and mode

In 4.7 of PAS the new config parameter "version" lets you control which BankID api your integration uses. The default value is "v5.1" which means upgrading to version 4.7 will not affect your current integration. When you are ready to move to a newer version this attribute(set to "v6.0") together with the parameter called "mode", where you can toggle between production and test, lets you safely test your specific integration. 

Note: If your configuration uses mode: "custom" with a specific server url the version attribute will not affect your integration. To use version 6.0 of the bankID api, change your server_url or switch to mode : test/prod and add version "v6.0"

Integration using Authenticators: SAML2BankID or BankID

In the configuration of you authenticator the method for starting authentication with personalNumber will need to be removed from the list of methods. 

To enable authentication on other devices using animated qr-codes, make sure your list of methods contains QR-code . 

Code example:

{
  "id": "bidsaml",
  "alias": "bidsaml",
  "name": "SAML2BankID",
  "configuration": {
    "idpID":"samlidp",
    "pipeID": "pipeBID",
    "keyStore": "bankidkeystore",
    "version": "v6.0",
    "mode": "test",
    "userVisibleData": "A text that is displayed to the user during authentication with BankID",
    "enableHoneypot": "true",
    "loginTemplate": "bankid.template",
    "translation": [
      "bankid.messages.title_starting",
      "bankid.messages.title_current_device",
      "bankid.messages.title_mobile_device",
      "bankid.messages.title_qrcode",
      "bankid.messages.text_starting",
      "bankid.messages.text_current_device",
      "bankid.messages.text_mobile_device",
      "bankid.messages.text_qrcode",
      "bankid.messages.button_submit",
      "bankid.messages.button_start_over",
      "bankid.messages.button_start_manually",
      "bankid.messages.info_bankid_link_creation_app",
      "bankid.messages.info_bankid_url_link_redirection_success_app",
      "bankid.messages.info_open_app",
      "bankid.messages.info_rediection_app",
      "bankid.messages.info_verified_app",
      "bankid.messages.info_qrcode_scanned_app",
      "bankid.messages.error_bad_personal_number",
      "bankid.messages.error_cancellation",
      "bankid.messages.error_request",
      "bankid.messages.changeLanguage"
    ],
    "templateVariables": {
      "methods": [
        {
          "title": "bankid.messages.option_label_sd",
          "image": "/authenticate/res/images/icons/phenixid-bankid.png",
          "data-toggle-action": "SD"
        },
        {
          "title": "bankid.messages.option_label_qr",
          "image": "/authenticate/res/images/icons/phenixid-bankid-qr.png",
          "data-toggle-action": "QR"
        }
      ]
    }
  }
}

Integration using BankId proxy

The version is set in your module configuration, on each tenant. As the proxy mirrors the bankID api, make sure your request is compliant with BankID v6.0. For example personalNumber will result in a 400 response. The response from the startAuth/sign request contains autoStartToken for launching the bankid application on the same device, see BankID guide on launching. It also contains qrStartToken and qrStartSecret for authentication on other device see BankID guide on qr code animation on how to implement this.

 {
 	"name": "com.phenixidentity~phenix-api-bankid",
 	"enabled": "true",
   "id" : "bankid_proxy_api",
 	"config": {
 		"tenant": [{
 			"id": "<id of the calling tenant>",
            "password": "<password of the calling tenant>",
 			"bankidStore": "<id of the keystore>",
 			"mode": "test",
            "version": "v6.0",
            "onCompletePipeID":"<id of the pipe executed after an completed bankID request.>"
 		}],
 		"http_configuration_ref": "<id of the http configuration used. [OPTIONAL] If omitted, the default http configuration is used.>"
 	}
 }
Click to copy

Integration using Http api with valves

The version is set on each valve, This means that BankIDAuthenticateValve and BankIDCollectAuthenticationStatusValve both needs to have the same version, or BankIDSignValve and BankIDCollectSignatureValve. Disable the option to trigger authentication using personalNumber in your environment and remove the attribute "pnr" from your configuration. To enable remote activation of authentication BankID has added a new endpoint, see below. The response from the authenticateValve and signValve contains autostarttoken for launching on the same device, see BankID guide on launching. It also contains qrStartToken and qrStartSecret for authentication on other device see BankID guide on qr code animation on how to implement this.

{
    "name": "BankIDAuthenticateValve",
    "config": {
        "bankid_keystore": "11111-22222-33333-44444",
        "mode": "test",
        "version": "v6.0", 
        "user_visible_data": {{request.userVisibleData}}
        "user_visible_data_format": "simpleMarkdownV1",
        "client_ip_request_param": "{{request.X-Forwarded-For}}"
        }
}
Click to copy

Integration using phone/auth/

BankIDPhoneAuthenticateValve will let you access BankID API new endpoint for phone authentication and lets you send in a personalNumber to trigger an authentication on a remote BankID app. The required parameters in this request is personalNumber and callInitiator. The default value of version is v6.0, as this is not available in v5.1.

{
    "name": "BankIDPhoneAuthenticateValve",
    "config": {
        "bankid_keystore": "11111-22222-33333-44444",
        "mode": "test",
        "version": "v6.0",
        "pnr": {{request.personalNumber}},
        "callInitiator": "USER",
        "user_visible_data": {{request.userVisibleData}}
        "user_visible_data_format": "simpleMarkdownV1",
        "client_ip_request_param": "{{request.X-Forwarded-For}}"
        }
}
Click to copy