Implement bankid in prod, SC-2563

eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/idpdisco.properties

@@ -35,16 +35,18 @@ idp.freja.index=0
 #idp.mobIdp.deriveDob=true
 #idp.mobIdp.index=1
 
-#idp.ccBankid.entityid=https://eid.identityhub.se/demo/bankid/
+idp.bankid.entityid=https://oidc.bankid.com
-#idp.ccBankid.name.sv=BankID
+idp.bankid.name.sv=BankID
-#idp.ccBankid.name.en=BankID
+idp.bankid.name.en=BankID
-#idp.ccBankid.logo.uri=img/disco/bankid_logo.png
+idp.bankid.logo.uri=https://www.bankid.com/assets/bankid/img/logo-bank-id.svg
-#idp.ccBankid.logo.height=94
+idp.bankid.logo.height=150
-#idp.ccBankid.logo.width=100
+idp.bankid.logo.width=159
-#idp.ccBankid.loapolicy=natToEidasNotifiedMapping
+idp.bankid.loapolicy=natToEidasNotifiedMapping
-#idp.ccBankid.consent=true
+idp.bankid.consent=false
-#idp.ccBankid.deriveDob=true
+idp.bankid.deriveDob=false
-#idp.ccBankid.index=2
+idp.bankid.privateSpSupport=false
+idp.bankid.index=2
+idp.bankid.protocol=oidc
 
 #idp.ccTelia.entityid=https://eid.identityhub.se/demo/teliabrowserplugin/
 #idp.ccTelia.name.sv=Telia

eidas-proxy-common/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties

@@ -1 +1,22 @@
-oidc-enabled=false
+oidc-enabled=true
+
+# OIDC client metadata
+client-metadata.client-key[0].alias=oidc-rp
+client-metadata.client-key[0].key-store-location=file://${proxy-service.path.prefix}/keystore/oidc-rp.jks
+client-metadata.client-key[0].password=S3cr3t
+client-metadata.client-key[0].supported-jws-algos=PS256, RS256
+client-metadata.preferred-userinfo-signed-response-algs=ES256,PS256,RS256
+client-metadata.redirect-uris[0]=${proxy-service.domain.prefix}/oidc/return
+client-metadata.redirect-uris[1]=https://proxy.eidas.swedenconnect.se/oidc/return
+client-metadata.subject-type=pairwise
+client-metadata.default-acr-values=http://id.elegnamnden.se/loa/1.0/loa3
+
+# OIDC config
+oidc-config.op.bid-op.client-id=swedenconnectprod
+oidc-config.op.bid-op.op-metadata-location=file://${proxy-service.path.prefix}/metadata/oidc/bid-op-metadata.json
+oidc-config.op.bid-op.op-jwks-metadata-location=file://${proxy-service.path.prefix}/metadata/oidc/bid-op-jwks.json
+oidc-config.return-url=${proxy-service.domain.prefix}/oidc/return
+
+# User messages
+user-message.default.sv=Sveriges internationella nod för e-legitimering
+user-message.default.en=Sweden Connect - Cross-border Digital Identification

eidas-proxy-common/overlay/etc/eidas-proxy/se/metadata/oidc/bid-op-jwks.json

@@ -0,0 +1,18 @@
+{
+    "keys": [
+        {
+            "e": "AQAB",
+            "kid": "QjvwPyTk-Kw4DbFRI182_A8eE2FLiAvZ7-ToPVedjiU",
+            "kty": "RSA",
+            "n": "wfmqxHaOfkQ0FSkK0fvygcDwdk_HxS5YUPSQmzVdm7Cv2MZo2gt6XHhava318rNYb6IJMFsKdMzOb9IHIaUlFwqBebHnApshOXGm5q-tL8TXZQL4g8Dwn5aSlZmbQaCisCfOn1hA4CuYWhGFKHTNSsdN71hmlENis4_TGd4kKTOmGKSKhqC4A6gc09d0qawEnxqzrkmRvpD2y12I_2RKXsWpZ98vg6X2EZ1Ve-GcQYOK6IPNTa-AlLrBnO_u_UsvqupgCByspwchFqnYOPHc4lcP7Lo1aoSqeKoRXdya08VJBeTWhKMRY_OlPbwlatOyUILBY4ikeEg5D_CyqX67yPCVLUpYy07JXZgoBqeBuZcqjMmZCabcdkOYx-D1Uqqp9B5WwRgtRQNfocp99-kIbe5VZ_iilGgm1yqT3nzgg1ce2uubIlDyIuUW0p2KZImL15SyZI0BxJaKexful885BfL59dWSyxeK1Ek84NN-rZc7xEfyuRZ-j6v5fstMRxgOEhIaSmQzblKXa5Zzaiqr-Xf4HSGvH1jLcQVK1Z-4qFT9G3ij7fbrj4C8-QhBkFHcE0vhGegxhyNKxRUcgMT1oOmJcBppWeGdhI2rHa8jMd3FBQjEJeGLQf9DB1wTnyok-I-UDVMcap1CQwpeU6ys1gnEfDL1gCfh1DCPBWJYnoM",
+            "use": "sig"
+        },
+        {
+            "e": "AQAB",
+            "kid": "weSK9f5lBbyg9wRcX4MWcA2SOYfw8CKzBrnqqg57Tug",
+            "kty": "RSA",
+            "n": "pmPyVw5nbez_EPfVKWszpTw5DlZjN09hF0_2xSTT0hlTc3mMGRLXmu-X7nfUF_vnWRncjKQd5u4EHBNUm9mmSPywvzRebTEfRHYzuoylk91CqXYKK68yqY7vBkAGCA3P8YYZ_vBSlvv7jcuUyeIN_mvRCJqzB6AWZ2IQiBpq-HGUsrS6_qqKDG0-ru9oXf9xEQxXQe8cEbN3959fbfckRYDo5dR4DFfrZ3bCSLc3MuZIZYsKIiH_PEAWSqncffPkvFTn1tuCJa2gp7UK1VZ_nIEjqgsn7gTcJ2jQ6gTBfO_OTedZCshrk7elZQrKIVmi8QKea4ghJwpF5-4qvzlerXHnlZ6pqxiqamNqIC_WNqvoJzwsU6_ofOCh1cwf7_o6tFpyURFuknm7T4YzHrE_Dv7LCI6yBMImM-7waLm83bpXfSwVk1h3tF4CtVJ9W9CgJB_0O_z5u7Ri7HpQuBtjbORyJymolmds5AwH_kMkOAWc9-_YqcdyyjW7A8GFy2kGFPaW3R3yJbkKUScgld-_zKInL-N94ivi-YifoCO-K8iiw8n8ChnMTH_YnVIcDJ7n6f4HEEulLfSLh2yRX21pMmyLZLqhr7l9MuOx0FhH87fBies1bj6G_BDLb41HdoxUQhijOGwg2kw814OH_RPYFoSY0rydLxDALmRQJ44svhM",
+            "use": "enc"
+        }
+    ]
+}

eidas-proxy-common/overlay/etc/eidas-proxy/se/metadata/oidc/bid-op-metadata.json

@@ -0,0 +1,121 @@
+{
+    "request_parameter_supported": true,
+    "request_object_signing_alg_values_supported": [
+        "none",
+        "RS256",
+        "ES256",
+        "PS256"
+    ],
+    "request_object_encryption_alg_values_supported": [
+        "RSA1_5",
+        "RSA-OAEP"
+    ],
+    "request_object_encryption_enc_values_supported": [
+        "A128CBC-HS256",
+        "A128GCM",
+        "A192CBC-HS384",
+        "A192GCM",
+        "A256CBC-HS512",
+        "A256GCM"
+    ],
+    "token_endpoint": "https://oidc.bankid.com/token",
+    "request_uri_parameter_supported": false,
+    "token_endpoint_auth_methods_supported": [
+        "client_secret_post",
+        "client_secret_basic",
+        "private_key_jwt"
+    ],
+    "token_endpoint_auth_signing_alg_values_supported": [
+        "RS256",
+        "ES256",
+        "PS256"
+    ],
+    "subject_types_supported": [
+        "public",
+        "pairwise"
+    ],
+    "claims_parameter_supported": true,
+    "jwks_uri": "https://oidc.bankid.com/jwks",
+    "id_token_signing_alg_values_supported": [
+        "RS256",
+        "RS384",
+        "RS512",
+        "PS256",
+        "PS384",
+        "PS512"
+    ],
+    "authorization_endpoint": "https://oidc.bankid.com/authorize",
+    "require_request_uri_registration": false,
+    "introspection_endpoint": "https://oidc.bankid.com/introspect",
+    "service_documentation": "https://oidc.bankid.com/about",
+    "response_types_supported": [
+        "code"
+    ],
+    "response_modes_supported": [
+        "query"
+    ],
+    "grant_types_supported": [
+        "authorization_code"
+    ],
+    "scopes_supported": [
+        "openid",
+        "profile",
+        "https://id.oidc.se/scope/naturalPersonNumber",
+        "https://id.oidc.se/scope/naturalPersonInfo",
+        "https://id.oidc.se/scope/sign",
+        "https://id.oidc.bankid.com/scope/authnInfo"
+    ],
+    "acr_values_supported": [
+        "http://id.elegnamnden.se/loa/1.0/loa3"
+    ],
+    "userinfo_endpoint": "https://oidc.bankid.com/userinfo",
+    "userinfo_signing_alg_values_supported": [
+        "RS256",
+        "RS384",
+        "RS512",
+        "PS256",
+        "PS384",
+        "PS512"
+    ],
+    "op_tos_uri": "https://oidc.bankid.com/about",
+    "issuer": "https://oidc.bankid.com",
+    "op_policy_uri": "https://oidc.bankid.com/about",
+    "claim_types_supported": [
+        "normal"
+    ],
+    "claims_supported": [
+        "sub",
+        "name",
+        "given_name",
+        "family_name",
+        "txn",
+        "auth_time",
+        "https://id.oidc.se/claim/personalIdentityNumber",
+        "https://id.oidc.se/claim/userCertificate",
+        "https://id.oidc.se/claim/userSignature",
+        "https://id.oidc.se/claim/credentialValidFrom",
+        "https://id.oidc.se/claim/credentialValidTo",
+        "https://id.oidc.se/claim/deviceIp",
+        "https://id.oidc.se/claim/authnEvidence",
+        "https://id.oidc.bankid.com/claim/age"
+    ],
+    "display_values_supported": [
+        "page",
+        "popup",
+        "touch",
+        "wap"
+    ],
+    "code_challenge_methods_supported": [
+        "S256"
+    ],
+    "ui_locales_supported": [
+        "sv",
+        "en"
+    ],
+    "https://id.oidc.se/disco/userMessageSupported": true,
+    "https://id.oidc.se/disco/userMessageSupportedMimeTypes": [
+        "text/plain",
+        "text/markdown"
+    ],
+    "https://id.oidc.se/disco/authnProviderSupported": false
+}