FrejaAuthenticator
Note
Used when authenticating or signing against Freja eID.
Only QR-code is available when using other device. No user input required by the user. On same device (mobile client) the pattern of "app switching" is used.On same device (mobile client) the pattern of "app switching" is used.
Read more about Freja eID and integration here:
https://frejaeid.com/rest-api/Authentication%20Service.html
and here regarding authentication:
https://frejaeid.com/rest-api/Authentication%20Service.html#AuthenticationService-Methods.
Authentication mode is always the default. To use signature mode, the authentication must be for SAML and the AuthnRequest must contain a SignMessage. The "signText" for this Freja eID transaction will be set to the value of the SignMessage. You can disable signatures completely by setting the configuration parameter "allowSignTransactions" to "false".
Warning
The authenticator only handles Swedish and English localisation.
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| pipeID | Pipe to be executed after a successful authentication using Freja eID. | Yes | |
| keystoreId | Id of the keystore to use when communicating with Freja eID backend server. | Yes | |
| mode | Should communication be done to test or production Freja eID backend. Allowed values are 'test_personal','test_organisation','production_organisation' or 'production_personal'. | production | No |
| attributesToGet | The list of attributes to return from Freja eID ie the user data. Allowed values are BASIC_USER_INFO,EMAIL_ADDRESS,DATE_OF_BIRTH,ADDRESSES,SSN,ORGANISATION_ID_IDENTIFIER,DOCUMENT,PHOTO,REGISTRATION_LEVEL. When adding/changing data must be entered as a string seperated by comma. | SSN | No |
| requiredRegistrationLevel | Allowed values are BASIC, EXTENDED or PLUS. This is a single value string | PLUS | No |
| allowSignTransactions | Whether or not to allow Freja eID sign transactions to be started if an incoming request contains a SignMessage. | true | No |
| signTitle | The title of the sign transaction as it appears in the app. Only relevant when a sign transaction has been triggered. | ||
| customReturnUrls | Custom return urls to be used, read more here. | No | |
| relyingPartyId | Identifier of the relying party | No |
Example configuration
{
"id": "freja",
"alias": "freja",
"name": "FrejaAuthenticator",
"displayName": "Freja",
"configuration": {
"pipeID": "64452300-d25d-45ae-bd7a-a6cfb7f0e5e0",
"keystoreId": "c5e0b707-a297-420e-a741-08d3e25df1be",
"mode": "test_personal",
"attributesToGet": "EMAIL_ADDRESS,SSN,ORG_ID"
}
}
Additional information
Only some of the information returned from Freja eID is available to the pipe when executing.
If returned from Freja eID, the attributes are:
- userPersonalNumber
- userGivenName
- userSurName
- primaryMail
- relyingPartyUserId
- integratorSpecificUserId
- documentType
- documentExpirationDate
- documentCountry
- documentSerialNumber
- registrationLevel
The executing PIPE MUST return an item property named userName. It will be used as user identifier for the current session.
It may NOT be empty.
Requirements
A keystore with a valid certificate is uploaded to the PAS server.
User enrolled for freja e-id.
Trusting the Freja backend HTTPS/TLS. This is not done by default.
Add new certificates to the trust store