Consume Norwegian BankID user authentication with PhenixID Authentication and Signing Services
Summary
This document will guide you through the steps to configure PhenixID Authentication Services and/or PhenixID Signing Services to consume user authentication from Norwegian BankID.
PhenixID Authentication Services (PAS) will act as a OpenID Connect Provider Relying Party against Norwegian BankID OpenID Connect Provider.
Background
With PhenixID, you can:
- Sign documents and transactions electronically using your Norwegian BankID account
- Protect web- and cloud apps (SAML SPs, OIDC RPs) with Norwegian BankID Authentication and PhenixID MFA
- Protect internal PhenixID web apps, such as the MyApps portal, on-boarding and other, with Norwegian BankID authentication
System requirements
- PhenixID Authentication Services 4.0 or higher
- Agreement with Norwegian BankID
- Norwegian BankID technical contact
- Norwegian BankID OIDC info:
- OIDC Discovery URL
- client_id
- client_secret
Instruction
Configure PhenixID Authentication Services
Add OIDC RP
Add an OIDC RP using the article How to configure PhenixID Authentication Services as an OpenIDConnect Relying Party (RP) consuming an external authentication (OP)
- Use the provided OIDC Discovery URL, client_id and client_secret
- Fetch the specified redirectUri
Send the redirectUri value to the Norwegian BankID technical contact (for whitelisting).
Configure Norwegian BankID
The Norwegian BankID technical contact will handle this step.
Test
- Trigger the authentication flow where the Norwegian BankID authentication is involved (for example
https://x.phenixid.net/activateonetouch) - Your browser should be redirected to the Norwegian BankID
- Authenticate
- You should now be logged in to the service protected by Norwegian BankID authentication
Debugging
- Verify the front end flow using a browser plugin, such as SAML tracer.
- Verify the back end flow by checking the PAS server.log file (in debug mode).