URI's used by PhenixID apps
This document describes the URI's used by PhenixID apps.
Description
When publishing the different web applications in PhenixID Server, best practise is to only allow as little as possible regarding the service. So communication is only allowed to the very specific services needed for the specific configuration. This document will describe what needs to be allowed depending on service, web application and PhenixID app used. Example of the communication is available in the end of the document.
URL's for the different web applications
Example of URI's for reverse proxy rules
Self Service:
http://127.0.0.1:8080/selfservice/
Pocket Pass enrollment:
http://127.0.0.1:8080/mfaadmin/otpadmin/api/
http://127.0.0.1:8080/mfaadmin/otpadmin/provision/otpauth
One Touch enrollment:
http://127.0.0.1:8080/mfaadmin/otpadmin/onetouch/enroll
http://127.0.0.1:8080/mfaadmin/otpadmin/onetouch/provision
http://127.0.0.1:8080/mfaadmin/otpadmin/api/
http://127.0.0.1:8080/pki/token
http://127.0.0.1:8080/pki/tokens
http://127.0.0.1:8080/selfservice/selfservice/js
http://127.0.0.1:8080/selfservice/selfservice/pki/enroll
http://127.0.0.1:8080/pki/token
http://127.0.0.1:8080/selfservice/selfservice/api
http://127.0.0.1:8080/pki/tokens
One Touch auth:
http://127.0.0.1:8080/pki/tokens/
http://127.0.0.1:8080/pki/assignment/
One Touch revoke:
http://127.0.0.1:8080/pki/tokens/
Example of complete communication
Pocket Pass enrollment:
/mfaadmin/otpadmin/api/?tokens/prepare/d67793ed1c4c1dddd7c61cc0982b6917
/mfaadmin/otpadmin/provision/otpauth/?5c73a048-f35a-4872-bc67-4bb28ba02fca
One Touch enrollment:
/mfaadmin/otpadmin/onetouch/enroll/status/5ee705a9-340b-408a-a97b-88fd56f83748
/mfaadmin/otpadmin/onetouch/enroll/start/JTdCJTIydXNlcm5hbWUlMjIlM0ElMjJkNjc3OTNlZDFjNGMxZGRkZDdjNjFjYzA5ODJiNjkxNyUyMiUyQyUyMmRpc3BsYXlfbmFtZSUyMiUzQSUyMm5yNCUyMiUyQyUyMnRpbWVzdGFtcCUyMiUzQSUyMjE1MTYxODg0OTM5OTglMjIlN0Q=
/mfaadmin/otpadmin/onetouch/enroll/status/42e1471b-62c4-4704-b801-dfa389e12734
/mfaadmin/otpadmin/onetouch/provision/start/42e1471b-62c4-4704-b801-dfa389e12734
/mfaadmin/otpadmin/onetouch/provision/chain/42e1471b-62c4-4704-b801-dfa389e12734
/mfaadmin/otpadmin/onetouch/enroll/status/42e1471b-62c4-4704-b801-dfa389e12734
/mfaadmin/otpadmin/api/?d67793ed1c4c1dddd7c61cc0982b6917
/pki/token/register/dd813370-87c3-479e-9ce4-da2a5e4f6fb3
/mfaadmin/otpadmin/onetouch/provision/chain/42e1471b-62c4-4704-b801-dfa389e12734
/pki/tokens/dd813370-87c3-479e-9ce4-da2a5e4f6fb3
/mfaadmin/otpadmin/api/?d67793ed1c4c1dddd7c61cc0982b6917
/pki/tokens/dd813370-87c3-479e-9ce4-da2a5e4f6fb3
/selfservice/selfservice/js/extensions/pki.js
/selfservice/selfservice/pki/enroll/start/JTdCJTIyZGlzcGxheV9uYW1lJTIyJTNBJTIycyUyMiUyQyUyMnRpbWVzdGFtcCUyMiUzQSUyMjE1MTYxODg3ODcxNjclMjIlN0Q=
/selfservice/selfservice/pki/enroll/status/
/selfservice/selfservice/pki/enroll/status/cacfa81f-5d84-428b-a767-8bc6275d88fc
/pki/token/start/12953c01-43e7-4b87-a039-95991ee2d945
/selfservice/selfservice/pki/enroll/status/aeccdc94-ff69-41ca-81e3-3e6f413b09c1
/selfservice/selfservice/api/entity
/pki/token/register/12953c01-43e7-4b87-a039-95991ee2d945
/pki/tokens/12953c01-43e7-4b87-a039-95991ee2d945
One Touch auth:
/pki/tokens/12953c01-43e7-4b87-a039-95991ee2d945
/pki/assignment/confirm/eb2dffbb-3960-43e0-a2a0-aebed7476156
/pki/tokens/12953c01-43e7-4b87-a039-95991ee2d945
One Touch revoke:
/pki/tokens/7b3b2dc3-2b4b-4753-a9ff-d470c71f9190