FrejaEIDAuthenticatorSAML
This document describes how to configure FrejaEIDAuthenticatorSAML.
A keystore should have been received from Freja eID and imported into PhenixID Server before configuration of the authenticator. The keystore contains a certificate that allows the Freja eID server to verify requests from the PAS authenticator.
Please follow this document to import the keystore.
Properties
General description
When a SAML SP sends an authentication request to this authenticator, the authenticator will in turn send an authentication request to the Freja eID server for the specified username. If the user has enrolled a device at the Freja eID server, that device will receive a request from the Freja eID server to allow or deny the authentication. The authenticator will regularly check the server for a response from the user, until a response is received or a timeout limit is reached. If the authentication request is allowed by the user, the user will be allowed to the requested resource.
The keystore
In order for the authenticator to act as a client to the Freja eID server, triggering authentication requests and polling the server for user responses, a keystore with a certificate is necessary. The certificate is provided by Freja eID and must be kept secure. For instructions of how to upload the keystore to the PAS server, see here. The resulting configuration, as seen in the Advanced view, can be seen below.
{
"id" : "a9bdfe2c-9a0b-4165-8d6d-0ae3f2ec7d9e",
"type" : "pkcs12",
"password" : "keystore password",
"certificateAlias" : "xxxx",
"privateKeyPassword" : "keystore password",
"resource" : "c9be2a3b-f3c0-471a-9f87-15ede5d55498",
"name" : "freja"
}
The truststore
In order for the PAS server to ensure that it is connecting to the correct Freja eID server, it is necessary to provide a truststore with public certificates
You have to add the add the certificate chain that the above client cert is created from.
This part has to be added manually in the Advanced view.
Open the Keystores part with the pen and add following code at the end.
{
"id": "frejaeid-truststore",
"resource": "frejaeid-resource",
"name": "Verisec Certificate Chain",
"certificateAlias": "0",
"type": "pkcs12"
}
Stage and Commit and then open the Resources part with it´s pen.
Add the following code, Stage and Commit.
{
"description": "Verisec Certificate Chain",
"id": "frejaeid-resource",
"content_type": "application/x-pkcs12",
"content_encoding": "base64",
"content": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVjVENDQTFtZ0F3SUJBZ0lVQy90NG0zcXM3YU4yWHdlMTlzSUVLSDE4ZXd3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZTXhDekFKQmdOVkJBWVRBbE5GTVJJd0VBWURWUVFIRXdsVGRHOWphMmh2YkcweEZEQVNCZ05WQkdFVApDelUxT1RFeE1DMDBPREEyTVIwd0d3WURWUVFLRXhSV1pYSnBjMlZqSUVaeVpXcGhJR1ZKUkNCQlFqRU5NQXNHCkExVUVDeE1FVkdWemRERWNNQm9HQTFVRUF4TVRVbE5CSUZSRlUxUWdTWE56ZFdsdVp5QkRRVEFlRncweE9EQXgKTVRFeE1URTFNakphRncweU16QXhNVEV4TVRFMU1qSmFNSUdLTVFzd0NRWURWUVFHRXdKVFJURVNNQkFHQTFVRQpCeE1KVTNSdlkydG9iMnh0TVJRd0VnWURWUVJoRXdzMU5Ua3hNVEF0TkRnd05qRWRNQnNHQTFVRUNoTVVWbVZ5CmFYTmxZeUJHY21WcVlTQmxTVVFnUVVJeERUQUxCZ05WQkFzVEJGUmxjM1F4SXpBaEJnTlZCQU1UR25ObGNuWnAKWTJWekxuUmxjM1F1Wm5KbGFtRmxhV1F1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQgpDZ0tDQVFFQWc4RTVDaUZlb3QxTUpQYjZ0RHdTT2dmdWRGMjlTZUNsQkdESzB4UG9ueDRXczh1VVFrRlpCeHh6CnJpbGVtNUhQZjF2ZytlamVjTUd0dFgybXpRK2pXY3dEVXpmSjYvM0tONWtBaWF0U04xVFdiWU1NTEt2cGZxTW0KWWNsTEd5NFBFcDJZdkx6YjN3OUY4VTAyU1dSS2ZOTjFXQk1vRnlsNUhEYURkVnhveTV5UWNlUG15QjFMTW52bwptNXhPVHR1QjBIZ283ZWpFeFNNUnlVSzhtRTJmMGszVDZ2N2RRMWJzS09mTW14U25GKzFJNWJwY2JFdGJCVDRpCkFrc2dxVWtPcWN6V21MZlFKczVZRkUvYk1jQklwRGNmU0xtU2VWRU9UbFBiTmY3ZTk4TnhVVmIzVHk3YitCbmQKZS96ZkIrRi9UQUlmVlpzM3YwR3p0b2t0Z25oR1NRSURBUUFCbzRIVE1JSFFNQTRHQTFVZER3RUIvd1FFQXdJRgo0REFNQmdOVkhSTUJBZjhFQWpBQU1COEdBMVVkSXdRWU1CYUFGR3A4aWcrZGNBNGMybDh0b0R3bVg0am9GYitjCk1CSUdBMVVkSUFRTE1Ba3dCd1lGS2dNRUJRZ3dQUVlEVlIwUkJEWXdOSUlhYzJWeWRtbGpaWE11ZEdWemRDNW0KY21WcVlXVnBaQzVqYjIyQ0ZtRjFkR2d1ZEdWemRDNW1jbVZxWVdWcFpDNWpiMjB3SFFZRFZSME9CQllFRkVkNwpoNXlra3dyblV1ekp5bk9JbkN2M0dVenlNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNECkFUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUF3cFJhSUM3c2k1MzNZWU5MM3dPZnV0SjR0d0YxcjhPajVwakgKUkpUTjhKcXdDeUl0d3NnZ2ZGYjk5YklJMEpMYzFDNWh6ZEQrVlNja3ltamY1bVNCQVBLNHV3cWxzWmdtblhvNApxbTJGUkdiZThDRnU1d3ZDWk1xTU43YTJOZytIeStZUWNEVmNueGs0UWZCNSszYTZ0R253OTFrMzYvVldDNGZ5Ck5ZSFJYbWhXWXJxNFNrUFZpc2c2dE8wRHpTRnNleVNQQWc4aTY5TmduMU54V2pWVU9uSkduZUZnNy9WV3RkMXMKYWU5Mlg0eDdoY2UyYmRJYm81MHlSSGZxeVVuU3hpdlRIL216VXVpT2daSFlDbzh4c3V2cDlCWTdPVVI5bzJKagpMbjlSWnpaOVVmRVBmQWI0amJWblR3MG83L1E0dFBvU1ZscGJId1E1ZWVlSUxyR0hYQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdNekNDQkJ1Z0F3SUJBZ0lVUEI0clVxRkZpRzZnNjdhK2NMQ0JDdVRreEdRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VURUxNQWtHQTFVRUJoTUNVMFV4RXpBUkJnTlZCQW9UQ2xabGNtbHpaV01nUVVJeEVqQVFCZ05WQkFzVApDVVp5WldwaElHVkpSREVaTUJjR0ExVUVBeE1RVWxOQklGUmxjM1FnVW05dmRDQkRRVEFlRncweE56QTFNVEF4Ck5ESTJNREJhRncwME56QTFNVEF4TkRJMk1EQmFNRkV4Q3pBSkJnTlZCQVlUQWxORk1STXdFUVlEVlFRS0V3cFcKWlhKcGMyVmpJRUZDTVJJd0VBWURWUVFMRXdsR2NtVnFZU0JsU1VReEdUQVhCZ05WQkFNVEVGSlRRU0JVWlhOMApJRkp2YjNRZ1EwRXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDNm42SXZKY09JCnk5eTR4NFlabGNEWVdHQU5abi81OGFRcS8rcS8ySU9oZXFIN3BmcWYwMEZyWm1URnpYUVRJNGtvUFVPcGFnWU0KRVNHNk1MbGdXN2FrQ25BM1Y1ZHVFdkdCSmdBUjZGbGRhaXdkSE1xV0JLTGI1cHZvQzIvdWN6U05pZStwRWlkUQp1aitPaDVNd1VDSld4NG4yZkxvSk1UUDRMYjFueEZRWHpDalJNV0oxdzNwTSszbURZSnp2TEZoVjJVcjdRQkFkCkpqR0dQQ3ByRGRSRWZ6YW5tN0pnNW1GdGR0Yk1QUG9iTVZES1JpQ3ZmWExhdkU0VWV1cEpGMlJkZzUzMHRwYUoKTWI2bSsrT3NGTU40c0hxMEhVWWlZSXdldGRteFkzVzJkcEtKam1MN3BQUHByY3BuSHFjaTlhM04zMmFqY2xwVgpaN2MwamZ1d0N3ays2RUZZUk5tQ2tLRWtNclNlOHdyOHR1SDRGWXdoVFFDc0ZRZUFXVWFXelNsMjlJZWxteDM4Ck90K2czYVV3OExabHRaek1ZaGFrMjU3Yng0THFmcjIzZWRqejJnNDUvREVrNUgyL3pzdkVHbndxNzN4dHBBSloKclpIU3FndWd3UHFMaEN4S3M5M2FidVNoTWFzOTJDTDdqdUFwNEZqWXpqQlM4NXFRbkhoeFZGemlHb3l2dFVVMwpZUzZaTmFlOTZLYmdXN0tqZDcyaS93ZlVOSktkRjJRQUtXSUpZTDgwYlE5bTJ3K3NMNlROZC90UkczT1hXSkhECnByS1JUWUtpVzJuWnhEb1g0Q2xzTk1XajJpS1BhR3RibDZ0bVpwUkxadGpzOHM5bEFpTkJRZDBYcXRUc3l5ci8KMys4QWZuaHMrREc1NUE0LzkxRGRhWGxEQTRVYnBqWnBEUUlEQVFBQm80SUJBVENCL2pBT0JnTlZIUThCQWY4RQpCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkF6Q0J1QVlEVlIwZ0JJR3dNSUd0TUlHcUJnVXFBd1FGCkJqQ0JvREE0QmdnckJnRUZCUWNDQVJZc2FIUjBjSE02THk5amNITXVkR1Z6ZEM1bWNtVnFZV1ZwWkM1amIyMHYKWTNCekwybHVaR1Y0TG1oMGJXd3daQVlJS3dZQkJRVUhBZ0l3V0F4V1ZHaHBjeUJqWlhKMGFXWnBZMkYwWlNCbwpZWE1nWW1WbGJpQnBjM04xWldRZ0lHbHVJR0ZqWTI5eVpHRnVZMlVnZDJsMGFDQjBhR1VnUm5KbGFtRWdaVWxFCklGUkZVMVFnVUc5c2FXTjVJRU52Ym5SeWIyd3dIUVlEVlIwT0JCWUVGTXF3N0xsWHc1dzlyVG1LRS9yd05icnMKREhlS01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQk9HSTJZNHVYUWVBTVNzd0VTc0lzYkY0UmxrdklRaUdDZAprd3Q3T3pwZmlSY09Rbmt4bTlybHBkUHRDN01halZJNm93dFp3VDZCU0cwam15VUZMaWhwNFZCMDJWTTAyeGtjCllzU0QvNThWK0dmLzFpRWpnUWduTmp6OVo1YlVSR1VpUEs5VFdyY2hpN0UyTUxseVNlSEFFSlVVMXU1aHdVMFYKKzBoUTRTK0VFWkJZZk9WNVdhb0ZtYTJZWEZUU1NDSHR6bUcrT01oSXRnZXZKRnQrT0x5bU9UZXd1Rjd2NHZjUApQVnlVQjlpRWdhd0V3cGpKRUJ0YXhrbUlhSnY0Si9jOTJLS0hjVEt4cjhFYVBmT2w0dDNVQ0htUUxnbkNFRy8zCkhuNktnTnNINlJDT21ab2pkVGY1dndRWjJCN0FjYlZvelUvbm9KWjFvNkM0b1J0NVBrVEVkU25BbVg4cGY0TW4KTlhZbXhQcFhFN0tsRWF6THg5cG9CR1ZvYkNuMFgzRisxQTVwRUhmWThPeS9FT0tjMytac3dXMjk0QXVXQ3MvbgpIbGFtV1BTK2pxTktXM3Fqak5LNkZaczcySUVDdWY5T1NONUJ2RHJVc1c0NGIwWTZvR0lVZXZPdGV4QVhpQldWClNLVDlHc29qcmxZMzZYME8zK2xra3F0VzRhZWExMXFpM29Heis5aVhjUFFlZUQ3a2dma3N6U1lLa245V0IxWVQKai9scFpUbGY5RGx4QTUrK3V1M0dycHg3cVJkQ2xFYkRmNVEySExJU1dWd2lyb2N5U0d6aDR3QUNGSGk2aVFqbgpzcm56SHU5NjhNdE9uTjZGUXQ5elBaeGFSWXJ6THBWLzl5eWFoOWpZWXVMRklHamUreXpBbjVNOE9SVjVwMUF0CkZ2alRSZkg1b0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlHT0RDQ0JDQ2dBd0lCQWdJVWR4T0NNMFNoWUdTUkg2dUhSTVhqOWJLa2dWNHdEUVlKS29aSWh2Y05BUUVMCkJRQXdVVEVMTUFrR0ExVUVCaE1DVTBVeEV6QVJCZ05WQkFvVENsWmxjbWx6WldNZ1FVSXhFakFRQmdOVkJBc1QKQ1VaeVpXcGhJR1ZKUkRFWk1CY0dBMVVFQXhNUVVsTkJJRlJsYzNRZ1VtOXZkQ0JEUVRBZUZ3MHhOekExTVRjeApORFF5TlRKYUZ3MHlOekExTVRjeE5EUXlOVEphTUlHRE1Rc3dDUVlEVlFRR0V3SlRSVEVTTUJBR0ExVUVCeE1KClUzUnZZMnRvYjJ4dE1SUXdFZ1lEVlFSaEV3czFOVGt4TVRBdE5EZ3dOakVkTUJzR0ExVUVDaE1VVm1WeWFYTmwKWXlCR2NtVnFZU0JsU1VRZ1FVSXhEVEFMQmdOVkJBc1RCRlJsYzNReEhEQWFCZ05WQkFNVEUxSlRRU0JVUlZOVQpJRWx6YzNWcGJtY2dRMEV3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFNVaEdECkhIcHFocDlPbUEyZjhIaktIZCtKSkR0ZXhyVlFldHladWpaZmlnOFVWNnk4NW5FY0F3N0ZoMWtFRzlJM0pIZS8KUE5tQkwveTlOYVJicXl3Z1I4ZXZVMGw1d1NCbGV2R2VsejlIK25lR1ZFRnZLa0htRk92cjdmN2M1YlZXYS9VUgp6VG1DZldBb2xLdlkrQXdLbElrZFRFMWVwdG44TTk0MFlGdlVVTEJoTGFEU1pYTmh2djZFWlQ5dzJ4VFQ0WnlICndkOGZhTGZFdnRHcysxM0tyQWh1dGFKSllZNlhxMEZuOVE3MXNYL3g1VDdkRzVJblNpRVBZTmdnVzlwUlZreDYKMW1kYnBpejZ3YUdzTnJNbzB3T3lYOC93ZnB0Z1E4MUI0QlVuS1Q4OUYzTk9oOU03WkpOOStzUnRYMGtXTExSWgpTTitSZzFZeTczRDY4QjB4QWdNQkFBR2pnZ0hUTUlJQnp6QU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUCkFRSC9CQWd3QmdFQi93SUJBREJQQmdnckJnRUZCUWNCQVFSRE1FRXdQd1lJS3dZQkJRVUhNQUdHTTJoMGRIQTYKTHk5eWIyOTBZMkZzWVdJek1TNTBaWE4wTG1aeVpXcGhaV2xrTG1OdmJUbzROemMzTDJGa2MzTXZiMk56Y0RBZgpCZ05WSFNNRUdEQVdnQlRLc095NVY4T2NQYTA1aWhQNjhEVzY3QXgzaWpDQnVBWURWUjBnQklHd01JR3RNSUdxCkJnVXFBd1FGQmpDQm9EQTRCZ2dyQmdFRkJRY0NBUllzYUhSMGNITTZMeTlqY0hNdWRHVnpkQzVtY21WcVlXVnAKWkM1amIyMHZZM0J6TDJsdVpHVjRMbWgwYld3d1pBWUlLd1lCQlFVSEFnSXdXQXhXVkdocGN5QmpaWEowYVdacApZMkYwWlNCb1lYTWdZbVZsYmlCcGMzTjFaV1FnSUdsdUlHRmpZMjl5WkdGdVkyVWdkMmwwYUNCMGFHVWdSbkpsCmFtRWdaVWxFSUZSRlUxUWdVRzlzYVdONUlFTnZiblJ5YjJ3d1hRWURWUjBmQkZZd1ZEQlNvRkNnVG9aTWFIUjAKY0RvdkwzSnZiM1JqWVd4aFlqTXhMblJsYzNRdVpuSmxhbUZsYVdRdVkyOXRPamczTnpjdllXUnpjeTlqY214egpMMlp5WldwaFpXbGtYM0p6WVY5eWIyOTBYMk5oTG1OeWJEQWRCZ05WSFE0RUZnUVVhbnlLRDUxd0RoemFYeTJnClBDWmZpT2dWdjV3d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFHekhrRWtWRE1xY0ErR1JUQXZXMk9XMXREWm8KRmxqTSt3MUF1UXozODBrbU1hbUFsNGYrSW13M1VzVDNKaFhQWmFKTlZvZnFQQk8vRmlvb085bVBJZjhqTXhyeApMZm0vcC8ybjlLNDlSWXdnUk5Ed1Z5VzU5YzFIMGp2SGVQcGZhUnRQUzJvdjBlSStRU012azE0L3BoSXYvYmtOCmQrME9WcDBxZ1RWVFR3d0F2VVFKMlA5Y0RLM09JajdIMHZKaGh3N3V4NjZnTk1IZitJbkVScmJ1MFNpNXJRZW0KU2FmYVFUUzZOMFFOdEpWQWFmUllETS9GVE9kUHVsYnhrYmt0eWJqTWlEVHVKM012aHFLdjV6Q1I4bm9Zd0VCUApWcmVQQXZnNmJ3YjBLMWFDQVFtNElzV0JDS0Y0dDZzcWpydmFxLzNqVW8rTTY1VHAwQUtUS240QjhubVR2R3Y5CmxUNFBnc0NUd3dYYklVY1c1cmZzbUU5d1ZwUmZpZUc3R3g2MnlkSFBsSVBrVENoVXpzL2pvanU4c3lrVm5zc0YKMVlEcVFsZ01hMlNwK2t4NWk3ZWlqWDFlamNKaCtwbXVRVFFuWGo2c0RKcnk4MU90cURPN0Q3RGhhVUhmR0xpbAptWHVyQW9sdWptbGw1TWFiZEJFcTNFNFRUZWJ2djZXU05wRVl3UTFTKzhlRSs5c2xMbm1oUjJSU05wV0dEUS9sCld3Rm9Bc1RDakcrZTlmNTdtR1VsbVNlVTZ6RVJJeGllRVI3d01NN0VhcVdhWW82SmJlT2h1c2JkVFUvTG1zeUEKOGZaWXArZ24vRk04V2w4ZWgxcWovR0ljQWREQUlPM2s4bXFBOThzV1I3TXg1dmdkUk5jbXBDdE9ReHhpaWpDNwpNUmJZS2VCazRIT3RYdzllCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUdNekNDQkJ1Z0F3SUJBZ0lVUEI0clVxRkZpRzZnNjdhK2NMQ0JDdVRreEdRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1VURUxNQWtHQTFVRUJoTUNVMFV4RXpBUkJnTlZCQW9UQ2xabGNtbHpaV01nUVVJeEVqQVFCZ05WQkFzVApDVVp5WldwaElHVkpSREVaTUJjR0ExVUVBeE1RVWxOQklGUmxjM1FnVW05dmRDQkRRVEFlRncweE56QTFNVEF4Ck5ESTJNREJhRncwME56QTFNVEF4TkRJMk1EQmFNRkV4Q3pBSkJnTlZCQVlUQWxORk1STXdFUVlEVlFRS0V3cFcKWlhKcGMyVmpJRUZDTVJJd0VBWURWUVFMRXdsR2NtVnFZU0JsU1VReEdUQVhCZ05WQkFNVEVGSlRRU0JVWlhOMApJRkp2YjNRZ1EwRXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDNm42SXZKY09JCnk5eTR4NFlabGNEWVdHQU5abi81OGFRcS8rcS8ySU9oZXFIN3BmcWYwMEZyWm1URnpYUVRJNGtvUFVPcGFnWU0KRVNHNk1MbGdXN2FrQ25BM1Y1ZHVFdkdCSmdBUjZGbGRhaXdkSE1xV0JLTGI1cHZvQzIvdWN6U05pZStwRWlkUQp1aitPaDVNd1VDSld4NG4yZkxvSk1UUDRMYjFueEZRWHpDalJNV0oxdzNwTSszbURZSnp2TEZoVjJVcjdRQkFkCkpqR0dQQ3ByRGRSRWZ6YW5tN0pnNW1GdGR0Yk1QUG9iTVZES1JpQ3ZmWExhdkU0VWV1cEpGMlJkZzUzMHRwYUoKTWI2bSsrT3NGTU40c0hxMEhVWWlZSXdldGRteFkzVzJkcEtKam1MN3BQUHByY3BuSHFjaTlhM04zMmFqY2xwVgpaN2MwamZ1d0N3ays2RUZZUk5tQ2tLRWtNclNlOHdyOHR1SDRGWXdoVFFDc0ZRZUFXVWFXelNsMjlJZWxteDM4Ck90K2czYVV3OExabHRaek1ZaGFrMjU3Yng0THFmcjIzZWRqejJnNDUvREVrNUgyL3pzdkVHbndxNzN4dHBBSloKclpIU3FndWd3UHFMaEN4S3M5M2FidVNoTWFzOTJDTDdqdUFwNEZqWXpqQlM4NXFRbkhoeFZGemlHb3l2dFVVMwpZUzZaTmFlOTZLYmdXN0tqZDcyaS93ZlVOSktkRjJRQUtXSUpZTDgwYlE5bTJ3K3NMNlROZC90UkczT1hXSkhECnByS1JUWUtpVzJuWnhEb1g0Q2xzTk1XajJpS1BhR3RibDZ0bVpwUkxadGpzOHM5bEFpTkJRZDBYcXRUc3l5ci8KMys4QWZuaHMrREc1NUE0LzkxRGRhWGxEQTRVYnBqWnBEUUlEQVFBQm80SUJBVENCL2pBT0JnTlZIUThCQWY4RQpCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkF6Q0J1QVlEVlIwZ0JJR3dNSUd0TUlHcUJnVXFBd1FGCkJqQ0JvREE0QmdnckJnRUZCUWNDQVJZc2FIUjBjSE02THk5amNITXVkR1Z6ZEM1bWNtVnFZV1ZwWkM1amIyMHYKWTNCekwybHVaR1Y0TG1oMGJXd3daQVlJS3dZQkJRVUhBZ0l3V0F4V1ZHaHBjeUJqWlhKMGFXWnBZMkYwWlNCbwpZWE1nWW1WbGJpQnBjM04xWldRZ0lHbHVJR0ZqWTI5eVpHRnVZMlVnZDJsMGFDQjBhR1VnUm5KbGFtRWdaVWxFCklGUkZVMVFnVUc5c2FXTjVJRU52Ym5SeWIyd3dIUVlEVlIwT0JCWUVGTXF3N0xsWHc1dzlyVG1LRS9yd05icnMKREhlS01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQk9HSTJZNHVYUWVBTVNzd0VTc0lzYkY0UmxrdklRaUdDZAprd3Q3T3pwZmlSY09Rbmt4bTlybHBkUHRDN01halZJNm93dFp3VDZCU0cwam15VUZMaWhwNFZCMDJWTTAyeGtjCllzU0QvNThWK0dmLzFpRWpnUWduTmp6OVo1YlVSR1VpUEs5VFdyY2hpN0UyTUxseVNlSEFFSlVVMXU1aHdVMFYKKzBoUTRTK0VFWkJZZk9WNVdhb0ZtYTJZWEZUU1NDSHR6bUcrT01oSXRnZXZKRnQrT0x5bU9UZXd1Rjd2NHZjUApQVnlVQjlpRWdhd0V3cGpKRUJ0YXhrbUlhSnY0Si9jOTJLS0hjVEt4cjhFYVBmT2w0dDNVQ0htUUxnbkNFRy8zCkhuNktnTnNINlJDT21ab2pkVGY1dndRWjJCN0FjYlZvelUvbm9KWjFvNkM0b1J0NVBrVEVkU25BbVg4cGY0TW4KTlhZbXhQcFhFN0tsRWF6THg5cG9CR1ZvYkNuMFgzRisxQTVwRUhmWThPeS9FT0tjMytac3dXMjk0QXVXQ3MvbgpIbGFtV1BTK2pxTktXM3Fqak5LNkZaczcySUVDdWY5T1NONUJ2RHJVc1c0NGIwWTZvR0lVZXZPdGV4QVhpQldWClNLVDlHc29qcmxZMzZYME8zK2xra3F0VzRhZWExMXFpM29Heis5aVhjUFFlZUQ3a2dma3N6U1lLa245V0IxWVQKai9scFpUbGY5RGx4QTUrK3V1M0dycHg3cVJkQ2xFYkRmNVEySExJU1dWd2lyb2N5U0d6aDR3QUNGSGk2aVFqbgpzcm56SHU5NjhNdE9uTjZGUXQ5elBaeGFSWXJ6THBWLzl5eWFoOWpZWXVMRklHamUreXpBbjVNOE9SVjVwMUF0CkZ2alRSZkg1b0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t"
}
The information in the content property is the .cer version of the root and intermediate certificates "Freja eID Production Root", "Freja eID Production Issuing CA" and the corresponding test certificates concatenated into one file. That file has has then been base64 encoded to fit in the content property above
Configuring the authenticator
Start by configuring the scenario, Federation - Username and password, according to this instruction.
See information about values for the scenario below.
When done, go to the Advanced tab and locate the Authentication - HTTP entry, that was configured in the previous "Federation - Username and password" scenario.
Change the value of the name parameter from "PostUidAndPasswordSAML" to "FrejaEIDAuthenticatorSAML".
Example Freja eID SAMLAuthenticator
In PhenixID configuration portal, go to advanced and click on the pencil next to "Authentication - HTTP".
Authenticator should look similar to this:
{
"id": "13d61f3d-3b41-49d9-ba7c-24a3b3b8911e",
"alias": "Freja2018",
"name": "FrejaEIDAuthenticatorSAML",
"displayName": "SAMLUidPwd",
"configuration": {
"success_template": "samlconsent",
"pipeID": "ff6cb2b4-101c-4734-b1bf-eb61526257c9",
"idpID": "459256d5-fb72-4bf6-8628-229a2f091c2f",
"keyStore": "b3d10a11-e325-4c6b-89e9-66bc2b240b81",
"trustStore": "frejaeid-truststore"
}
}
Add the keyStore parameter and value to the configuration. The value for keyStore can be found in PhenixID configuration portal, under Scenarios and then Federation, Keystore. Use the ID of the keystore created/imported earlier.
When done click Stage changes and Commit changes.
Configure the execution flow
Open the Execution flow tab and expand the flow.
Delete valve #1 (InputParameterExistValidatorValve), valve #2 (LDAPSearchValve) and valve #3 (LDAPBindValve).
On the valve AssertionProvider, make sure that the value for "NAME ID ATTRIBUTE" is set to "userIdentifier" and values for "ADDITIONAL ATTRIBUTES" is set to "userGivenName,userSurName".
Add valve ItemCreateFromRequestValve with the value {{request.uid}} for parameter "DESTINATION ITEM ID".
Place this valve before AssertionProvider in the valve list.
When done, press Save.
Example Pipes (from the section "Pipe valves")
{
"id": "85808f6d-8228-41b4-a8b5-afb2a1cebc16",
"name": "ItemCreateFromRequestValve",
"enabled": "true",
"config": {
"proceed_on_error": "false",
"dest_id": "{{request.uid}}"
},
"pipe_ref": "ff6cb2b4-101c-4734-b1bf-eb61526257c9"
}
----
{
"id": "356c244c-daee-425e-9488-24f876d84751",
"name": "AssertionProvider",
"enabled": "true",
"config": {
"targetEntityID": "459256d5-fb72-4bf6-8628-229a2f091c2f",
"sourceID": "https://external_sp/sp",
"nameIDAttribute": "userIdentifier",
"guide_ref": "e691e6e8-f519-4458-b389-8ed3a6b14f3d",
"additionalAttributes": "userGivenName,userSurName"
}
}
Requirements
A keystore with a valid certificate is uploaded to the PAS server.
User enrolled for freja e-id.