Swedish BankID

Scenario
In this scenario, we will use FortifiedID Portal to act as a SAML (SP). The use case is created for a Windows installation but can easily be used for Docker or Linux installations. Authentication will be done with Swedish BankID test environment. (how to use this in a BankID Production environment will be explained in the bottom of this use case).
Prerequisite
There are some prerequisite for this use case. You will need the following:
A Swedish BankID test account created either on a computer or mobile device. See the following link to setup a test BankID account for yourself: https://www.bankid.com/utvecklare/test/skaffa-testbankid/test-bankid-get
Make sure you have both Fortified ID WEB and Fortified ID PORTAL installed. You will download a zip-file with WEB and PORTAL pre-configured data and add and replace it to your installation. To install Integrity Web and Integrity Portal, see the installation documentation.
Note. All configuration and testing is done on the scenario server.
Configuration
Download and update WEB and PORTAL configuration files
In this section you will update your WEB and PORTAL installations with the pre-configured data.
Open the folder where you have installed Web and Portal
For Web and Portal, rename the customer folders to customer_OLD. Result should look like below: \..\FortifiedID\web\customer_OLD \..\FortifiedID\portal\customer_OLD
Download the following ZIP-file, use_case_web_portal_saml_bankid.zip
Unzip the file
Open the folder \..\WEB_PORTAL\ in the unzipped file
For PORTAL
Copy the customer_PORTAL folder to \..\FortifiedID\portal\customer_OLD
Rename customer_PORTAL to customer, result should look like: \..\FortifiedID\portal\customer
For WEB
Copy the customer_WEB folder to \..\FortifiedID\web\customer_OLD
Rename customer_WEB to customer, result should look like: \..\FortifiedID\web\customer
Add BankID test certificates to the Web configuration
You need certificates from BankID to communicate with BankID test environment. Note. The certificates referenced below are for the BankID test environment. If you have production certificates see bottom of this use case for instructions.
Download the certificates using this link https://download.fortifiedid.se/BankIDTest_certificates.zip
Unzip the downloaded file BankIDTest_certificates.zip
Copy the file FPTestcert4_20220818.p12 to folder \..\FortifiedID\web\customer\config\resources_internal\certificates\BankID
Copy the file trust.jks to folder \..\FortifiedID\web\customer\config\resources_internal\certificates\trust_jks
If you open global.json in the \..\FortifiedID\web\customer\config\ folder you can the see the file referenced. No changes are needed in global.json.
Test your configuration
Fortified ID Portal will act as SAML SP and redirect you to Fortified ID WEB who will act as SAML IdP. You login using your test Swedish BankID test account and then be redirected to Portal again.
Login to Portal through Web using Swedish BankID test account
Open a browser on the Integrity Web/Portal server
Browse Integrity Portal at http://localhost:8090/portal You will be redirected to Integrity Web (http://localhost:8080/saml/authn/auth01/)
Click Test BankID, depending on whether you have installed the Swedish BankID test client on a mobile device or a desktop you will either scan a QR code or you need to click "Log in using BankID on this device".
If successfully authenticated you should be redirected back to Fortified Portal.
Use BankID in a production environment
Overview
This use case can also be used with Swedish BankID production environment with some minor changes. You need to change a parameter in the web configuration and change the client certificate to authenticate to BankID production.
Update configuration for to access Swedish BankID production
Open config.json for Fortified ID Web \..\FortifiedID\web\customer\config
Find following section in file and change value test to production
The result should be: "mode": "production"
Change the client certificate to BankID production certificate.
You need to purchase a production certificate, Fortified ID can help you if you do not how.
Add the production certificate to \..\FortifiedID\web\customer\config\resources_internal\certificates\BankID
Update global.json with production certificate information
see image below where to update.
Update filename and password.
Save global.json
Restart Fortified ID Web service
Some info about trust.jks
The trust.jks contains the public keys for both the test and production environment to create HTTPS communication to BankID environment. Since both keys are present no action is needed.
Last updated