Integrating Bank-ID into Neuron®-based services

You can now use Bank-ID in Neuron®-based services, by installing the TAG.BankID.package, available in the Packages page in the Admin menu, and use the examples provided in your own services. You will need to provide a key when installing. Use the following public key:

Some more information
Package TAG.BankID.package
Installation key tvjLEuUaYW6EO5ai+Qx1TyamLSuR23msafFzso/K33BrTLu9kCETCHGPDKP2x0bR4R8S4NMpYdcA5ab459763b18c39e8715f6a54dff1f86
Configuring Service /BankID/Settings.md on the Neuron® on which the service is installed.
More information https://github.com/Trust-Anchor-Group/NeuronBankID

Settings

Go to the /BankID/Settings.md page, once the package is installed. It provides the following configuration settings:

  • If you want to run in Production mode or Test mode.
  • Certificate to use to identify the service with the Bank-ID-backend.
  • Password for the certificate.
  • Polling time, in seconds, to check for updates on current authentication and signature sessions.
  • Timeout, in minutes, after which authentication and signature sessions are considered abandoned, if no response is returned.
Bank-ID Settings
Bank-ID Settings

Test Mode

If you want to test the service, in a test environment, without using real certificates and identities, you can run the service in test mode. This is the default state, if the production mode checkbox in the settings is not checked. You will still need a test certificate, a test password, and a test bank ID application, either on a phone, or on a desktop PC.

Read more about Bank-ID testing, and how to obtain a test certificate, password and app, here:
https://www.bankid.com/en/utvecklare/test

You will also need a Bank-ID application for test. More information is available here:
https://www.bankid.com/utvecklare/test/skaffa-testbankid/test-bankid-get

Test Pages

Once the service is configured, it’s ready to be used. The settings page contains 2 sets of three test pages, that you can use to test different aspects of Bank-ID integration. They also demonstrate how information is pushed to the web client, and what information is made available from the Bank-ID API back-end. Following test pages are available:

  • User authentication
    • Using animated QR-codes, for example published on a web page, and the user using a mobile-phone app to authenticate itself with the page.
    • Opening the page on a mobile phone, where the page opens the Bank-ID app on the same phone.
    • Opening the page on a desktop computer, where the page opens the Bank-ID application on the same computer.
  • Document signature
    • Using animated QR-codes, for example published on a web page, and the user using a mobile-phone app to authenticate itself with the page.
    • Opening the page on a mobile phone, where the page opens the Bank-ID app on the same phone.
    • Opening the page on a desktop computer, where the page opens the Bank-ID application on the same computer.

These pages do not require login on the neuron, to test them. You access them using the following resources, on the neuron you’ve installed the service on:

  • User authentication
    • /BankID//Test/AuthAnimatedQR.md
    • /BankID/Test/AuthMobileApp.md
    • /BankID/Test/AuthDesktopApp.md
  • Document signature
    • /BankID//Test/SignAnimatedQR.md
    • /BankID/Test/SignMobileApp.md
    • /BankID/Test/SignDesktopApp.md

You can access the test pages from the settings-page, but remember that the settings page requires the user to login and to have sufficient privileges.

Bank-ID Test Pages
Bank-ID Test Pages

Review how the pages are implemented, to learn how to integrate Bank-ID in your own pages hosted on the Neuron®.

Trouble-shooting

In case you need to trouble-shoot problems in the Bank-ID integration, there’s a Sniffer available on the settings page. Open the sniffer to view the communication between the Neuron® and the Bank-ID API back-end. This can give relevant information about communication-related problems, or configuration-related problems.

Sniffer Example
Sniffer Example

Installing Bank-ID Issuer Certificate on Neuron®

If you’ve tried the above instructions and tested the Bank ID, you would get an error similar to the one above. The reason for this, is that the Root CA certificate for Bank-ID is not trusted by default, in the server operating system. To fix this, you need to install the issuer certificate on the server. Do as follows:

  • You get the issuer cerver certificate from the Bank-ID documentation site: https://www.bankid.com/en/utvecklare/guider/teknisk-integrationsguide/miljoer
  • The certificate will be in text form. Copy the text (including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, and place it in a text file, with file extension .cer. Make sure line-breaks are included. If line-breaks are missing, they will be replaced by space characters. Replace those with proper line-breaks. (See below).
  • Once the file is saved, double-click the file. In the dialog that opens, select to install the certificate. You should install it on the Local Machine, in the Trusted Root Certificate Authorities certificate store.
Example of contents of a certificate file.png
Example of contents of a certificate file.png

Once the certificate has been installed, communication should work properly, which can be seen by using the sniffer. Test pages will also work properly.

Example of communication working
Example of communication working

Community Test

You can view the Bank-ID test pages on this community neuron. Follow any of the following links:

Note: If trying to open the Bank ID application does not work when clicking the above links, try to permit popups or refresh the page. You can also manually click on the link provided on the page.

Note 2: You might need a Bank-ID for test, when using the above links, depending on the current configuration of the Neuron®. You can get a Bank ID for test here:
https://www.bankid.com/utvecklare/test/skaffa-testbankid/test-bankid-get

Coming Soon

Soon to be available in the service, is a mechanism where the service can be used for automatic peer-review during onboarding of clients. Bank-ID cannot be used to approve an Identity-application, but it can be used to authenticate some of the claims: Personal Number, First Name, Surname and complete name. If enabling this feature, this will cound as one peer-review.

#new, #features, #payments, #bankid, #api, #neuron, #repository

Peter Waher
Peter Waher
4/26/2023 3:22:15 PM 5/15/2023 2:25:54 PM
394 0 2 0

Posts tagged #bankid

No more posts with the given tag could be found. You can go back to the main view by selecting Home in the menu above.