PhenixID DocumentationPhenixID Signing ServicesPhenixID Signing ServiceConfigurationLocal signing - API - Transaction (text) signing using Freja eID

Local signing - API - Transaction (text) signing using Freja eID

Overview

This article describes how to setup PhenixID Signing Services for local (indirect) signing using Freja eID.

This setup includes the use of Freja OrgID.

Prerequisites

- Freja eID client certificate (for production environments)

- Access to Freja eID infrastructure from PhenixID Server

- Access to Freja eID infrastructure from Mobile device

- PhenixID Authentication Services 4.2 or higher

- For PAS version 4.2, apply this patch.

- The reader of this document should have some basic knowledge about PhenixID Server.

- Changes will be made to the file phenix-store.json, so please make sure to have a backup  of this file.

Authentication

It is recommended to add authentication to the API. These authentication methods are supported:

- Client certificate (recommended).
Use a reverse proxy to add client certificate authentication. Add valves to the pipe(s) to verify the certificate.

- Basic authentication
Add valves to the pipes to perform basic authentication verification.

Add local sign-api module

- (If this module was already deployed in your environment, just add FrejaStartSign and FrejaCollectSign to allowedPipe.)

- Login to configuration manager

- Click the Advanced tab

- Open Modules (click on the pen)

- Add this module:

{
		"module": "com.phenixidentity~phenix-signing-api",
		"enabled": "true",
		"config": {
			"tenant": [
				{
					"id": "t1",
					"displayName": "Tenant1",
					"allowedPipe": [
						"FrejaCollectSign",
						"FrejaStartSign"
					]
				}
			]
		},
		"id": "signapi_module"
	}

- Click Stage Changes and Commit Changes

- Open NODE_GROUPS (click on the pen)

- Add id of the newly added module to module_refs. Example below.

{
		    "name": "default",
        "description": "Default node group (created automatically) - all nodes belong to this group",
		"config": {
			"module_refs": "signapi_module,sealapp,signapp_1,......"
		},
		"created": "2017-07-03T11:38:03.135Z",
		"id": "493afd0e-0fe8-40e4-b1a1-a24a5e2df6e2",
		"modified": "2017-07-03T14:39:43.257Z"
	}

- Click Stage Changes and Commit Changes


 

Add Freja eID client certificate

- Add the Freja eID client certificate (to connect to Freja backend) using the scenario Federation->Keystore->Add keystore.

- Copy the ID of the keystore. This will be used in later step.

Add pipes to trigger Freja eID signing and collect signature

- Click the Advanced tab

- Open Pipes (click on the pen)

- Add these pipes. Change these properties to suit your environment:

* FREJA_KEYSTORE -> The id value copied in previous step.
* For other parameter details, please view the valve documentation.

{
		"id": "FrejaStartSign",
		"description": "FrejaStartSign",
		"http_enabled": "true",
		"http_path_pattern": "PUT:/pipes/freja_sign",
		"valves": [
			{
				"name": "FrejaEIDSignRequestValve",
				"config": {
					"keystoreID": "FREJA_KEYSTORE",
					"mode": "production_organisation_sign"
				}
			}
		]
	},
	{
		"id": "FrejaCollectSign",
		"description": "FrejaCollectSign",
		"http_enabled": "true",
		"http_path_pattern": "PUT:/pipes/freja_collect",
		"valves": [
			{
				"name": "FrejaEIDSignStatusValve",
				"config": {
					"keystoreID": "FREJA_KEYSTORE",
					"mode": "production_organisation_sign"
				}
			}
		]
	}

- Click Stage Changes and Commit Changes

Test

Use a HTTP rest client for testing and debugging. Follow this document to structure the HTTP requests properly.

https://document.phenixid.net/m/signing_service/l/1455365-using-local-signing-api-transaction-text-signing-using-freja-eid