SAML - NetID Access Server (NIAS) authentication
The purpose of this document is to describe how to configure PhenixID server for federation with SAML2 using NetID Access Server as an authentication method for PhenixID server.
NB! This authenticator IS NOT shipped with the product. Please contact PhenixID support for more information on how to download and install this authenticator.
Overview
https://www.secmaker.com/net-id/software/net-id-access/
NetID Access is a client/server solution with the exact same flow as BankID to serve use cases such as out-of-band SITHS/EFOS authentication and signing, based on a smartcard or a mobile certificate.
Prerequisites
- PhenixID Server configured according to this instruction: "Federation - Username and password"
- Commercial agreement with NetID Access Server
- Access to NetID Access Server infrastructure from the PhenixID Server
Convert the Federation - Username and Password scenario to SAMLNias
Open the Advanced tab and locate the Authentication - HTTP entry that was configured in the previous "Federation - Username and password" scenario.
Change the value of the name parameter from "PostUidAndPasswordSAML" to "SAMLNias"
Click the plus sign next to "configuration" to add new parameters
SAMLNias authenticator configuration reference.
Configuration example
Configure the execution flow used for the SAML assertion to suit your needs
- Open the Execution flow tab and expand the flow.
- Delete the valve #1 (InputParameterExistsValidatorValve) and valve #3 (LDAPBindValve)
- Expand (Show) the LDAPSearchValve and modify the search filter to fetch users where serialNumber=<PersonalIdentificationNumber From NetID Access Server>: filter_template = serialNumber={{request.username}}
- Add a parameter for attributes to fetch for the matched LDAP entry: attributes = serialNumber,sAMAccountName
- Expand (Show) the AssertionProvider and modify nameIDAttribute parameter: nameIDAttribute = serialNumber
- Click Save