Local Signing - API - BankID

Prerequisites

- BankID test client certificate (FPTestcert2_20150818_102329.p12 for test environments)

- BankID customer client certificate (for production environments)

- Access to BankID infrastructure from PhenixID Server

- Access to BankID infrastructure from Mobile device

- Access to BankID infrastructure from Client

- PhenixID Authentication Services 2.2 installed

- Signing Service 1.2 installed

Authentication

It is recommended to add authentication to the API. These authentication methods are supported:

- Client certificate (recommended).
Use a reverse proxy to add client certificate authentication. Add valves to the pipe(s) to verify the certificate.

- Basic authentication
Add valves to the pipes to perform basic authentication verification.

Add local sign-api module

- Login to configuration manager

- Click the Advanced tab

- Open Modules (click on the pen)

- Add this module:

{
		"module": "com.phenixidentity~phenix-signing-api~2.2.0",
		"enabled": "true",
		"config": {
			"tenant": [
				{
					"id": "t1",
					"displayName": "Tenant1",
					"allowedPipe": [
						"bankidsign",
						"bankidcollect"
					]
				}
			]
		},
		"id": "signapi_module"
	}

- Click Stage Changes and Commit Changes

- Open System nodes (click on the pen)

- Add id of the newly added module to module_refs. Example below.

{
		"name": "WIN-DHB3ICNDG4E",
		"description": "Default node (created automatically)",
		"config": {
			"module_refs": "signapi_module,sealapp,signapp_1,......"
		},
		"created": "2017-07-03T11:38:03.135Z",
		"id": "493afd0e-0fe8-40e4-b1a1-a24a5e2df6e2",
		"modified": "2017-07-03T14:39:43.257Z"
	}

- Click Stage Changes and Commit Changes

- Restart PhenixID Authentication Server

 

Add pipes to trigger BankID signing and collect signature

- Click the Advanced tab

- Open Pipes (click on the pen)

- Add these pipes. Change these properties to suit your environment:

- bankid_keystore_path -> full file path to BankID client certificate

- bankid_keystore_pass -> password for BankID client certificate

{
		"id": "bankidsign",
		"description": "sign with bankid",
		"valves": [
			
			{
				"name": "BankIDSignValve",
				"config": {
					"bankid_keystore_path": "C:/Program Files/PhenixID/Server/22/resources/FPTestcert2_20150818_102329.p12",
					"bankid_keystore_password": "{enc}VlPk2lBTJ0/Yh57e/l+UXz+h+82rxye6IK+nhCZ/hCw=",
					"mode": "test",
					"pnr": "{{request.pnr}}",
					"user_visible_data": "{{request.userVisibleData}}",
					"user_non_visible_data": "{{request.userNonVisibleData}}"
				}
			}
		]
	},
	{
		"id": "bankidcollect",
		"description": "Collect",
		"valves": [
			
			{
				"name": "BankIDCollectSignatureValve",
				"config": {
					"bankid_keystore_path": "C:/Program Files/PhenixID/Server/22/resources/FPTestcert2_20150818_102329.p12",
					"bankid_keystore_password": "{enc}BrfHLDKyPVoiPHzly4QyILfDXs1EhWf1uMGTxiP4Oyk=",
					"mode": "test",
					"transactionID": "{{request.transactionID}}"
				}
			}
		]
	}

- Click Stage Changes and Commit Changes

Test

Use a HTTP rest client for testing and debugging. Follow this document to structure the HTTP requests properly.