With QR or "app-switch"
This authenticator expects users either scan a QR code or "app-switch". If executed on a mobile device Freja application is opened automatically.
3.2.0 - Access
This authenticator expects users either scan a QR code or "app-switch". If executed on a mobile device Freja application is opened automatically.
Based on the Freja e-ID documentation found here:
Common Authenticator configuration can be found .
internal_http_destination
ID of the internal http client used to talk with backend.
N/A
mode
Four modes are possible: "prod_personal", "test_personal" , "prod_org" & "test_org". Depending on the mode, the URL used to talk to Freja backen differs.
"prod_personal"
attributesToReturn
Array of attributes to return to the server after completed authentication. See allowed values in Freja documentation.
N/A
minRegistrationLevel
Required registration level. Allowed values are "BASIC", "EXTENDED" or "PLUS"
"PLUS"
relyingPartyId
Value of the relying party ID to be used
N/A
custom_identifier
When logging events, the custom_identifier lets you tag the event.
N/A
webroot_dir
See common authenticator configuration
web/authenticator/freja/freja_qr_or_appswitch
Property base_path should not contain the full path when used in conjunction with the , instead, the full URI will be handled by the selector. The full path will be base_path + / + id.
Apart from system logging, event logging is done when starting, completing, and failing a transaction.
Event ids are:
WEB_100005("Freja authentication started")
IDENTIFIER (user trace id)
SOURCE_ADDRESS (ip address of device starting transaction)
CUSTOMER_IDENTIFIER (if configured)
WEB_100006("Freja authentication completed")
IDENTIFIER (user trace id)
SOURCE_ADDRESS (ip address of the device used)
CUSTOMER_IDENTIFIER (if configured)
WEB_100008("Freja authentication canceled or expired")
IDENTIFIER (user trace id)
SOURCE_ADDRESS (ip address of the device used)
CUSTOMER_IDENTIFIER (if configured)
After a user completes a transaction, the authenticator is marked as done. Data from the authentication response is then put into the global state, replacing existing values:
details
givenName
surName
ssn
co
organisationIdIdentifier
integratorSpecificUserId
relyingPartyUserId
registrationLevel
loaLevel
uniquePersonalIdentifier
Note that it is not guaranteed that all parameters hold value. The result varies depending on the configuration
When communicating with the backend this describes the
Backend communications are made using AJAX and the HTTP PUT method. Every request need a Content-Type with the value of application/json.
Body must conform to the example below.
To start authentication send AJAX request containing the user's identifier, 12 digits.
A request can be canceled at any time. This is done by sending a cancel request.
In general, you should expect a server response with http status code 200. Anything else is to be considered an error.
Response body will be in the form of a JSON object. Typically the response looks like:
The property "status" will contain status.
One of the following status codes is returned based on the current state.
ABOUT_TO_START
PENDING
COMPLETED
FREJA_ERROR
ERROR
One of the following frejaStatus codes is returned based on the current state.
STARTED
DELIVERED_TO_MOBILE
CANCELED
RP_CANCELED
EXPIRED
APPROVED
REJECTED
UNKNOWN
Once the authentication process has started the identifier generated by the Freja-backed server is sent back to the client in parameter authRef.