CreateSignRequestValve
Note
Internal valve for PDF signatures (DSS federated signing service)
This valve can be used in a Remote signing flow.
Properties
| Name | Description | Default value | Mandatory | Supports property expansion |
|---|---|---|---|---|
| identity_provider_id | The URL to the IdP used to sign | Yes | No | |
| sign_requester_id | The ID of the sign requester | Yes | No | |
| sign_service_id | The URL of the FUT | Yes | No | |
| return_url | Callback URL after successful sign | Yes | No | |
| sign_message | The sign message displayed to the signer | Yes | No | |
| sign_message_content_type | The mime type of the sign message | text | No | No |
| sign_message_must_show | If the sign message must be shown | false | No | No |
| use_signature | Sign message with .p12 file | true | No | No |
| signer_keystore_path | Path to .p12 file that will sign the request | Yes | No | |
| signer_keystore_password | Password to the .p12 file used to sign the request | No | No | |
| signer_keystore_type | Algorithm used to sign the request | No | No | |
| signer_keystore_alias | Alias of keystore entry used to sign the request | No | No | |
| tbs_b64 | Base64 encoded version of data to be signed | Yes | No | |
| tbs_id | ID of the data to be signed | Yes | No | |
| dest | Name of property that will be added to the item | eidSignRequest | No | No |
| request_id | The ID of the request | No | No | |
| request_attr_name | Name of additional attribute to add to sign request | No | No | |
| request_attr_value | Value of additional attribute to add to sign request | Yes | No | |
| not_before_secs | Certificate validity start from now, expressed in seconds | 60 | No | No |
| not_on_or_after_secs | Certificate validity end from now, expressed in seconds | 60 | No | No |
| requested_cert_attributes_spec | Certificate attributes. See list below. | No | Yes | |
| authn_context_class_ref | Class reference to authentication context | No | Yes |
requested_cert_attributes_spec
The requested_cert_attributes_spec is expressed as an array of object where no fields are mandatory. Objects has the following structure:
| Name | Description | Default value |
|---|---|---|
| cert_attr_ref | Certificate attribute reference | |
| cert_name_type | Certificate name type | |
| friendly_name | Name of attribute | |
| default_value | Attribute default value | |
| required | Whether or not the attribute is required | false |
| saml_attr_names | SAML attribute names, expressed as an array |
Example Configuration
{
"name" : "CreateSignRequestValve",
"description" : "My request creator",
"config" : {
"identity_provider_id" : "http://localhost:8085/authentication/saml",
"sign_requester_id" : "stodtjanst",
"sign_service_id" : "https://localhost.mystodtjanst.se/signservice",
"use_signature" : "true",
"signer_keystore_path" : "/opt/phenixid/test/certs/phenixid-test.p12",
"signer_keystore_password" : "mySafeP4ssword!",
"signer_keystore_type" : "PKCS12",
"signer_keystore_alias" : "phenixid test",
"sign_message" : "Please sign this document",
"sign_message_content_type" : "text",
"sign_message_must_show" : "true",
"return_url" : "{{request.callback_url}}",
"tbs_b64" : "{{item.pdf_data_tbs}}",
"tbs_id" : "fileid",
"dest" : "sign_req",
"request_id" : "{{session.id}}",
"not_before_secs" : "120",
"not_on_or_after_secs" : "120",
"authn_context_class_ref" : "http://id.elegnamnden.se/loa/1.0/loa3",
"requested_cert_attributes_spec" : [
{
"cert_attr_ref" : "2.5.4.5",
"cert_name_type" : "rdn",
"friendly_name" : "serialNumber",
"required" : "true",
"saml_attr_names" : [ "urn:oid:1.2.752.29.4.13", "urn:oid:1.2.752.201.3.4" ]
},
{
"cert_attr_ref" : "2.5.4.6",
"cert_name_type" : "rdn",
"friendly_name" : "country",
"required" : "false",
"default_value" : "SE",
"saml_attr_names" : [ "urn:oid:2.5.4.6" ]
}
]
}
}