Swedish BankID

Scenario

In this scenario, we will append the default installation with Swedish BankID.

Authentication will be done with Swedish BankID test environment. (how to use this in a BankID Production environment will be explained in the bottom of this use case).

Prerequisite

• This use case assumes that you have good knowledge of the product in question.

• Fortified ID Access installed and configured with the default configuration

• The server is able to reach the BankIDs backend server APIs (internet access)

• A Swedish BankID test account created either on a computer or mobile device. See the following link to setup a test BankID account for yourself:

Install and prepare configuration

1. Download

2. Add files and folders from ZIP-file to the config-folder, ex: C:\Program Files\FortifiedID\mgmt-center\data\customer\access

3. Append you globals with the following parameters and adjust them according to you needs

{
  "bid_ssl_keystore_path": "${system.customer_home}/resources/FPTestcert5_20240610.p12",
  "bid_ssl_keystore_password": "qwerty123",
  "bid_ssl_key_alias": "1",
  "bid_ssl_key_password": "qwerty123",
  "bid_ssl_truststore_path": "${system.customer_home}/resources/bankid_trust.jks",
  "bid_ssl_truststore_password": "password",
  "bid_mode": "test"
}

1. Append the translations file with the following translation

{
    "bidomd_label": "BankID"
}

1. Append the selector with at reference to the new authenticator by appending this block to the default selector

{
    "id": "6",
    "target": "bidomd",
    "label": "bidomd_label"
}

1. Restart the Access service

Test the configuration

2. The selector should now be displayed, including the new option for "BankID".

3. Select "BankID" and authenticate by scanning the QR-code or selecting "Log in using BankID on this device".

4. You should now be redirected to the selected application or the Fortified ID test application.

5. Note: Authentication with production BankIDs will fail, if not configuration is adjusted.

Adjust configuration for production

This use case can also be used with Swedish BankID production environment with some minor changes. You need to change a parameter in the web configuration and change the client certificate to authenticate to BankID production.

1. Add your BankID p12 keystore as a resource to the Fortified ID Access server

2. Replace the value of the global parameter bid_mode with production

{
  "bid_mode": "production"
}

1. Replace the global parameter bid_ssl_keystore_path, bid_ssl_keystore_password and bid_ssl_key_password to refer to your uploaded keystore, ex:

{
  "bid_ssl_keystore_path": "${system.customer_home}/resources/YOUR KEYSTORE FILE.p12",
  "bid_ssl_keystore_password": "YOUR KEYSTORE PASSWORD",
  "bid_ssl_key_password": "YOUR KEYSTORE PASSWORD",
}

1. Restart the Access service

Some info about bankid_trust.jks

The bankid_trust.jks contains the public keys for both the test and production environment to create HTTPS communication to BankID environment. Since both keys are present no action is needed.