Skip to content
/ sspmod_MobiilID Public
forked from borgand/sspmod_MobiilID

A module for SimpleSAMLphp that implements (Estonian) Mobiil-ID authenticaton source.

License

View license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SvHu/sspmod_MobiilID

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
dictionaries
dictionaries
 
 
lib
lib
 
 
templates
templates
 
 
www
www
 
 
COPYING
COPYING
 
 
README.md
README.md
 
 
default-disable
default-disable
 
 

Repository files navigation

Mobiil-ID module for SimpleSAMLphp

This module implements Estonian Mobiil-ID authentication for SimpleSAMLphp AAI framework.

Refer to the DigiDocService documentation for details on the underlying architecture.

This code is considered production-ready.

USAGE

This module handles all Mobiil-ID traffic, starting by asking for the phone number and ending in one of the two results:

  • successful authentication - the user's personal ID code is placed into Attributes array as isikukood

  • authentication failure for any number of reasons - the user will be presented with appropriate message and the session stops there.

    It is possible to further customize the status.php page and include links to some troubleshooter or help center etc via normal SSP theming.

NB! SECURITY BREACH might result unless the ID code is further processed and authorization aplied. If this is not done, all Estonian Mobiil-ID users will be passed as valid users of the SSP site.

Installation

Dependencies

This module depends on a few PEAR modules. To get the latest versions, first instruct PEAR to prefer beta versions (older stables might not work):

pear config-set preferred_state beta

And then install modules:

pear install -a SOAP
pear install -a XML_Serializer

pear channel-discover phpseclib.sourceforge.net
pear install phpseclib/Crypt_RSA

Clone the module

Clone the module from GitHub into SSP modules folder:

cd modules
git clone https://github.com/borgand/sspmod_MobiilID MobiilID

Note: the resulting folder name must be MobiilID or SimpleSAMLphp won't find the source files and the module won't work (see: SSP autoloader).

Enable the module

The module is disabled by default. Enable it by:

touch MobiilID/enable

Authsource

Configure Mobiil-ID as an authsource in the config/authsources.php file, e.g using the test DigiDocService:

'mobiilid' => array(
  'MobiilID:MobiilID',
  'endpoint' => 'https://www.openxades.org:8443/?wsdl',
  'endpoint_certificate' => '/path/to/endpoint.cert',
  'service_name' => 'Testimine',
  'message_to_display' => 'Verify that codes match!',
  'status_refresh' => 5,
),

This configures the authsource, but to actually use it, you must configure this as the default authsource in metadata/saml20-idp-hosted.php or alternatively use SSP's MultiAuth module to use multiple authsources simultaneously.

Credit

It is based on the demo auth application published by AS Sertifitseerimiskeskus:

Authors & Contributors

This module was developed at University of Tartu by:

  • Laas Toom

About

A module for SimpleSAMLphp that implements (Estonian) Mobiil-ID authenticaton source.

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PHP 100.0%