Skip to content

Latest commit

 

History

History
91 lines (53 loc) · 3.23 KB

README.md

File metadata and controls

91 lines (53 loc) · 3.23 KB
Raw

Mobiil-ID module for SimpleSAMLphp

This module implements Estonian Mobiil-ID authentication for SimpleSAMLphp AAI framework.

Refer to the DigiDocService documentation for details on the underlying architecture.

This code is considered production-ready.

USAGE

This module handles all Mobiil-ID traffic, starting by asking for the phone number and ending in one of the two results:

  • successful authentication - the user's personal ID code is placed into Attributes array as isikukood

  • authentication failure for any number of reasons - the user will be presented with appropriate message and the session stops there.

    It is possible to further customize the status.php page and include links to some troubleshooter or help center etc via normal SSP theming.

NB! SECURITY BREACH might result unless the ID code is further processed and authorization aplied. If this is not done, all Estonian Mobiil-ID users will be passed as valid users of the SSP site.

Installation

Dependencies

This module depends on a few PEAR modules. To get the latest versions, first instruct PEAR to prefer beta versions (older stables might not work):

pear config-set preferred_state beta

And then install modules:

pear install -a SOAP
pear install -a XML_Serializer

pear channel-discover phpseclib.sourceforge.net
pear install phpseclib/Crypt_RSA

Clone the module

Clone the module from GitHub into SSP modules folder:

cd modules
git clone https://github.com/borgand/sspmod_MobiilID MobiilID

Note: the resulting folder name must be MobiilID or SimpleSAMLphp won't find the source files and the module won't work (see: SSP autoloader).

Enable the module

The module is disabled by default. Enable it by:

touch MobiilID/enable

Authsource

Configure Mobiil-ID as an authsource in the config/authsources.php file, e.g using the test DigiDocService:

'mobiilid' => array(
  'MobiilID:MobiilID',
  'endpoint' => 'https://www.openxades.org:8443/?wsdl',
  'endpoint_certificate' => '/path/to/endpoint.cert',
  'service_name' => 'Testimine',
  'message_to_display' => 'Verify that codes match!',
  'status_refresh' => 5,
),

This configures the authsource, but to actually use it, you must configure this as the default authsource in metadata/saml20-idp-hosted.php or alternatively use SSP's MultiAuth module to use multiple authsources simultaneously.

Credit

It is based on the demo auth application published by AS Sertifitseerimiskeskus:

Authors & Contributors

This module was developed at University of Tartu by:

  • Laas Toom