• The Personal Mobile and Personal Desktop authentication methods are set and enabled in Digital Access. Read more here: Set up Smart ID authentication.
• A json is defined including the necessary information for the filtering. See examples in this article.

1. Log in to Digital Access Admin with an administrator account.

1. In Digital Access Admin, go to Manage System.
   
2. Click Authentication Methods.
3. Select the Personal Mobile or the Personal Desktop method in the list of Registered Authentication Methods.
4. Go to the Extended Properties tab.
5. Click Add Extended Property... 
6. Select Certificate Filter. The value of this filter shall be a valid json constructed based on the type of filtering you want to achieve. More details about how to create the filter json can be found in the examples in this page.
7. Click Save.
8. Click Publish.

Each filter object shall have an op parameter (operation), whose value signifies what type of filter operation it represents. If no operation is specified, the default operation and will be used. 

Logical filter

The logical filter contains a list of operations. The value (value) in a logic filter is a list of more filters.

The logical filter operations are:

• and
• or
• not

Value filter

The value filter contains one parameter (param) (which depends on the operation) and a value (value).

The value filter operations are:

• eq (Equals)

• nq (Not Equals)

• co (Contains)

• sw (Starts with)

• ew (Ends with)

• lt (Less than)

• gt (Greater than)

• lte (Less than or equal to)
  'le' is implemented in the mobile apps
• gte (Greater than or equal to)
  'ge' is implemented in the mobile apps

A simple filter json:

{
  "op": "eq",
  "param": "cert.issuer.o",
  "value": "Example company"
}

A complex filter json:

{
  "op":"and",
  "value":[
    {
      "param": "key.id",
      "op":"eq", 
      "value": "signing" 
    },
    {
      "param": "cert.subject.cn", 
      "op":"eq", 
      "value": "Samuel" 
    },
    {
     "op":"or",
     "value":[
       {
        "op":"and",
        "value":[
          {
            "param": "key.type",
            "op":"eq", 
            "value": "RSA" 
                                 },
          {
            "param": "key.size",
            "op":"gte",
            "value":2048
          }
        ]
      },
      {
       "op":"and",
       "value":[
         {
           "param": "key.type",
           "op":"eq",
           "value": "ECC"
         },
         {
           "param": "key.size",
           "op":"gte",
           "value":192
         }
       ]
      }
     ]
    }
  ]
}

These are the supported request filters in Smart ID Mobile App, Smart ID Desktop App and Personal Desktop Client.

Name:	acronym:	Android:	iOS:	Desktop App:	Desktop Client:	Note
Constructed Filters:						"value" is a list of other filters, "param" is null
AND	and
OR	or
NOT (implemented as NOR)	not					No filter is allowed to be true if the evaluation of this filter is true
Value Filters:						"value" is string or number, "param" is one of the strings in the list below
CONTAINS	co					only string param value
STARTS WITH	sw					only string param value
ENDS WITH	ew					only string param value
EQUALS	eq					string or number supported
NOT EQUALS	nq					string or number supported
LESS THAN	lt					string or number supported
GREATER THAN	gt					string or number supported
LESS OR EQUAL	le					string or number supported
GREATER OR EQUAL	ge					string or number supported
Filter Param 'keys':
ISSUER COUNTRY	cert.issuer.c
ISSUER COMMON NAME	cert.issuer.cn
ISSUER LOCALITY	cert.issuer.l
ISSUER ORGANISATION	cert.issuer.o
ISSUER ORGANISATIONAL UNIT	cert.issuer.ou					fixed in android now
ISSUER STATE	cert.issuer.st
ISSUER STATE variant	cert.issuer.s
ISSUER STREET	cert.issuer.street
ISSUER EMAIL	cert.issuer.email
ISSUER UID	cert.issuer.uid
KEY USAGE	cert.keyusage					Use primarily with contains. We are concatenating all of them into one string
SERIAL	cert.serial
SUBJECT COUNTRY	cert.subject.c
SUBJECT COMMON NAME	cert.subject.cn
SUBJECT LOCALITY	cert.subject.l
SUBJECT ORGANISATION	cert.subject.o
SUBJECT ORG UNIT	cert.subject.ou
SUBJECT STATE	cert.subject.st
SUBJECT STATE variant	cert.issuer.s
SUBJECT STREET	cert.subject.street
SUBJECT EMAIL	cert.subject.email
SUBEJCT UID	cert.subject.uid
KEY ID	key.id
KEY PUBLIC KEY	key.publickey					BASE64 encoded DER (no PEM headers or newlines)
KEY SIZE	key.size
KEY TYPE	key.type					always 'RSA' so far
TOKEN ID	token.id					Profile ID for Hermod profiles
TOKEN TYPE	token.type					'DIGITAL' and 'NFC' used in mobile. PDA version values: 'Microsoft Platform Crypto Provider', 'MICROSOFT BASE SMART CARD CRYPTO PROVIDER', 'MICROSOFT ENHANCED CRYPTOGRAPHIC PROVIDER V1.0', 'MICROSOFT SOFTWARE KEY STORAGE PROVIDER', 'MICROSOFT PASSPORT KEY STORAGE PROVIDER'
TOKEN USER ID	token.userid					username tied to the token
TOKEN PROFILE TYPE	token.profiletype					VSC, SW, PLATFORMTPM, YUBI, HYBRID, FILEP12SW, FILEP12TPM, FILETPMYUBI, LOCALID06, FILEP12VSC