- This line was added.
- This line was removed.
- Formatting was changed.
Smart ID Digital Access component (Hybrid Access Gateway) supports sending signing messages over SAML. If the SAML request contains a sign message, Digital Access forwards it to the signing interface of the app or client for authentication, so that it can be shown to the user when they are asked to sign.
To be used for signing, the SAML request must contain an authentication context for signing and a SignMessage element. For more information on authentication contexts and how to set them up in Digital Access, see Set up SAML authentication context in Digital Access.Once this is present, supporting authentication methods will use signing instead of authentication. Authentication methods without a dedicated signing option will still use authentication but display the signing message within the browser.
Supported authentication methods
- Swedish BankID
- Nexus Personal Mobile
- Nexus Personal Desktop
Pre-defined authentication contexts
Digital Access has these pre-defined SAML authentication contexts that will trigger signing instead of authentication if a service provider asks for it:
You can define other authentication contexts than the pre-defined.
Define authentication context
|title||Define authentication context|
Stop the administration service, by executing the following command:
Open the remote configuration file of the Administration service. You find the file under /opt/nexus/administration-service/config/.
You need sudo privileges to change the file.
In the file, find the element
If you don’t see the element
mAdditionalLOAShowMessage. Specify each new authentication context as item element.
See this example:
<attribute name="mGlobalIdPConfiguration" type="container" value="globalidpconfiguration"> <attribute name="mAdditionalLOAShowMessage" type="list"> <item type="string" value="http://id.elegnamnden.se/loa/1.0/loa3"/> </attribute> </attribute>
Start the administration service, by executing the following command:
You will see a note: Configuration file has been manually modified.
The configuration in Digital Access is ready.
After adding a new authentication context, you can use it as SAML authentication context on the corresponding authentication method as Extended Property. For more information, see Set up SAML authentication context in Digital Access.
Use other authentication methods for signing
Even if an authentication method does not support a certain signing functionality, it can still be used to authenticate a signature. For the supported authentication methods mentioned above, there is a certain signing interface that shows the signing message directly in the software (app or desktop application used). For other methods this signing message can be shown to the user within the browser.
To do this:
- Change the branding of the following file:
Add the following HTML code wherever the message should be displayed:
Code Block language xml title Display signing message
This article is valid from Digital Access 6.0.2.