Swedish BankID

Scenario

In this scenario, we will use FortifiedID Portal to act as a SAML (SP). The use case is created for a Windows installation but can easily be used for Docker or Linux installations. Authentication will be done with Swedish BankID test environment. (how to use this in a BankID Production environment will be explained in the bottom of this use case).

Prerequisite

There are some prerequisite for this use case. You will need the following:

• A Swedish BankID test account created either on a computer or mobile device. See the following link to setup a test BankID account for yourself: https://www.bankid.com/utvecklare/test/skaffa-testbankid/test-bankid-get

• Make sure you have both Fortified ID WEB and Fortified ID PORTAL installed. You will download a zip-file with WEB and PORTAL pre-configured data and add and replace it to your installation. To install Integrity Web and Integrity Portal, see the installation documentation.

Note. All configuration and testing is done on the scenario server.

Configuration

Download and update WEB and PORTAL configuration files

In this section you will update your WEB and PORTAL installations with the pre-configured data.

1. Open the folder where you have installed Web and Portal

   1. For Web and Portal, rename the customer folders to customer_OLD. Result should look like below: \..\FortifiedID\web\customer_OLD \..\FortifiedID\portal\customer_OLD

2. Download the following ZIP-file, use_case_web_portal_saml_bankid.zip

   1. Unzip the file

   2. Open the folder \..\WEB_PORTAL\ in the unzipped file

   3. For PORTAL

      1. Copy the customer_PORTAL folder to \..\FortifiedID\portal\customer_OLD

      2. Rename customer_PORTAL to customer, result should look like: \..\FortifiedID\portal\customer

   4. For WEB

      1. Copy the customer_WEB folder to \..\FortifiedID\web\customer_OLD

      2. Rename customer_WEB to customer, result should look like: \..\FortifiedID\web\customer

Add BankID test certificates to the Web configuration

You need certificates from BankID to communicate with BankID test environment. Note. The certificates referenced below are for the BankID test environment. If you have production certificates see bottom of this use case for instructions.

1. Download the certificates using this link https://download.fortifiedid.se/BankIDTest_certificates.zip

2. Unzip the downloaded file BankIDTest_certificates.zip

3. Copy the file FPTestcert4_20220818.p12 to folder \..\FortifiedID\web\customer\config\resources_internal\certificates\BankID

4. Copy the file trust.jks to folder \..\FortifiedID\web\customer\config\resources_internal\certificates\trust_jks

5. If you open global.json in the \..\FortifiedID\web\customer\config\ folder you can the see the file referenced. No changes are needed in global.json.

Test your configuration

Fortified ID Portal will act as SAML SP and redirect you to Fortified ID WEB who will act as SAML IdP. You login using your test Swedish BankID test account and then be redirected to Portal again.

Login to Portal through Web using Swedish BankID test account

1. Open a browser on the Integrity Web/Portal server

3. Click Test BankID, depending on whether you have installed the Swedish BankID test client on a mobile device or a desktop you will either scan a QR code or you need to click "Log in using BankID on this device".

4. If successfully authenticated you should be redirected back to Fortified Portal.

Use BankID in a production environment

Overview

This use case can also be used with Swedish BankID production environment with some minor changes. You need to change a parameter in the web configuration and change the client certificate to authenticate to BankID production.

Update configuration for to access Swedish BankID production

1. Open config.json for Fortified ID Web \..\FortifiedID\web\customer\config

3. Change the client certificate to BankID production certificate.

   1. You need to purchase a production certificate, Fortified ID can help you if you do not how.

   2. Add the production certificate to \..\FortifiedID\web\customer\config\resources_internal\certificates\BankID

4. Update global.json with production certificate information

   2. Update filename and password.

   3. Save global.json

5. Restart Fortified ID Web service

Some info about trust.jks

The trust.jks contains the public keys for both the test and production environment to create HTTPS communication to BankID environment. Since both keys are present no action is needed.