Local signing - API - Transaction (text) signing using NetID Access

Prerequisites

- Access to NetID Access infrastructure from PhenixID Server

- Access to NetID Access infrastructure from Mobile device

- Access to NetID Access infrastructure from Client

- NetID Access wsdl endpoint location

- NetID Access client certificate (if required)

- NetID Access client certificate password (if required)

- Signing Service installed

- The reader of this document should have some basic knowledge about PhenixID Server.

- Changes will be made to the file phenix-store.json, so please make sure to have a backup  of this file.

Authentication

It is recommended to add authentication to the API. These authentication methods are supported:

- Client certificate (recommended).
Use a reverse proxy to add client certificate authentication. Add valves to the pipe(s) to verify the certificate.

- Basic authentication
Add valves to the pipes to perform basic authentication verification.

- IP protection

Add valves to verify trusted caller IP.

Add local sign-api module

- Login to configuration manager

- Click the Advanced tab

- Open Modules (click on the pen)

- Add this module. (If module was added before, only add new operations to allowedPipe)

{
		"module": "com.phenixidentity~phenix-signing-api",
		"enabled": "true",
		"config": {
			"tenant": [
				{
					"id": "t1",
					"displayName": "Tenant1",
					"allowedPipe": [
						"NIASStartSign",
						"niascollect"
					]
				}
			]
		},
		"id": "signapi_module"
	}

- Click Stage Changes and Commit Changes

- Open System nodes (click on the pen)

- Add id of the newly added module to module_refs. Example below.

{
		"name": "WIN-DHB3ICNDG4E",
		"description": "Default node (created automatically)",
		"config": {
			"module_refs": "signapi_module,sealapp,signapp_1,......"
		},
		"created": "2017-07-03T11:38:03.135Z",
		"id": "493afd0e-0fe8-40e4-b1a1-a24a5e2df6e2",
		"modified": "2017-07-03T14:39:43.257Z"
	}

- Click Stage Changes and Commit Changes

- Restart PhenixID Authentication Server

 

Add pipes to trigger NIAS signing and collect signature

- Click the Advanced tab

- Open Pipes (click on the pen)

- Add these pipes. Change these properties to suit your environment:

- bankid_keystore_path -> full file path to NIAS client certificate

- bankid_keystore_pass -> password for NIAS client certificate

{
"id": "NIASStartSign",
"description": "Sign with NetID Access Client",
"valves": [
        {
          "name": "NIASSignValve",
          "config": {
              "wsdlLocation": "https://example.company.org/nias/ServiceServer.asmx?WSDL",
              "pnr": "{{request.userid}}",
              "user_visible_data": "{{request.userVisibleData}}",
              "user_non_visible_data": "{{request.userNonVisibleData}}"
        }
}
   ]
},
{
		"id": "niascollect",
		"description": "Collect signature - NetID Access Client",
		"valves": [
			{
				"name": "NIASCollectSignatureValve",
				"config": {
					"wsdlLocation": "https://example.company.org/nias/ServiceServer.asmx?WSDL",
					"transactionID": "{{request.transactionID}}"
				}
			}
		]
	}

- Click Stage Changes and Commit Changes

Test

Use a HTTP rest client for testing and debugging. Follow this document to structure the HTTP requests properly.