Local signing - API - Transaction (text) signing using NetID Access
Prerequisites
- Access to NetID Access infrastructure from PhenixID Server
- Access to NetID Access infrastructure from Mobile device
- Access to NetID Access infrastructure from Client
- NetID Access wsdl endpoint location
- NetID Access client certificate (if required)
- NetID Access client certificate password (if required)
- Signing Service installed
- The reader of this document should have some basic knowledge about PhenixID Server.
- Changes will be made to the file phenix-store.json, so please make sure to have a backup of this file.
Authentication
It is recommended to add authentication to the API. These authentication methods are supported:
- Client certificate (recommended).
Use a reverse proxy to add client certificate authentication. Add valves to the pipe(s) to verify the certificate.
- Basic authentication
Add valves to the pipes to perform basic authentication verification.
- IP protection
Add valves to verify trusted caller IP.
Add local sign-api module
- Login to configuration manager
- Click the Advanced tab
- Open Modules (click on the pen)
- Add this module. (If module was added before, only add new operations to allowedPipe)
{
"module": "com.phenixidentity~phenix-signing-api",
"enabled": "true",
"config": {
"tenant": [
{
"id": "t1",
"displayName": "Tenant1",
"allowedPipe": [
"NIASStartSign",
"niascollect"
]
}
]
},
"id": "signapi_module"
}
- Click Stage Changes and Commit Changes
- Open System nodes (click on the pen)
- Add id of the newly added module to module_refs. Example below.
{
"name": "WIN-DHB3ICNDG4E",
"description": "Default node (created automatically)",
"config": {
"module_refs": "signapi_module,sealapp,signapp_1,......"
},
"created": "2017-07-03T11:38:03.135Z",
"id": "493afd0e-0fe8-40e4-b1a1-a24a5e2df6e2",
"modified": "2017-07-03T14:39:43.257Z"
}
- Click Stage Changes and Commit Changes
- Restart PhenixID Authentication Server
Add pipes to trigger NIAS signing and collect signature
- Click the Advanced tab
- Open Pipes (click on the pen)
- Add these pipes. Change these properties to suit your environment:
- bankid_keystore_path -> full file path to NIAS client certificate
- bankid_keystore_pass -> password for NIAS client certificate
{
"id": "NIASStartSign",
"description": "Sign with NetID Access Client",
"valves": [
{
"name": "NIASSignValve",
"config": {
"wsdlLocation": "https://example.company.org/nias/ServiceServer.asmx?WSDL",
"pnr": "{{request.userid}}",
"user_visible_data": "{{request.userVisibleData}}",
"user_non_visible_data": "{{request.userNonVisibleData}}"
}
}
]
},
{
"id": "niascollect",
"description": "Collect signature - NetID Access Client",
"valves": [
{
"name": "NIASCollectSignatureValve",
"config": {
"wsdlLocation": "https://example.company.org/nias/ServiceServer.asmx?WSDL",
"transactionID": "{{request.transactionID}}"
}
}
]
}
- Click Stage Changes and Commit Changes
Test
Use a HTTP rest client for testing and debugging. Follow this document to structure the HTTP requests properly.