Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.


Smart ID Digital Access component offers the following extension Programming Interfaces (XPIs):

Digital Access XPI REST API

See the full documentation in Digital Access XPI REST API.

Digital Access XPI Web Services

See the full documentation here.

Use XPI service via SOAP UI tool

Expand/Collapse All

Prerequisites

Integration through the Extension Programming Interface (XPI) must be enabled:

  1. In Digital Access Admin, go to Manage System.
  2. Click a registered Policy Service to edit it.
  3. Select Enable XPI: REST or Enable XPI: WS.
  4. Delegate the admin privileges to a User storage user or a Local user:
    1. Go to Manage system > Delegated Management > Super Administrator >Add Administrator, read more here: Create administrative roles in Digital Access.
  5. For XPI logging as a Local user:
    1. Add a user and enable auth mech.
  6. For XPI logging as a User storage user:
    1. Enable auto linking:
      1. Go to Manage Accounts and Storage > Global User Account Settings.
      2. On the User Linking tab:
        • under General Settings, select Enable PortWise Authentication when automatically linking the user.
        • under PortWise Password, select Use password from User storage.

Step-by-step instruction

Get WSDL in soap UI

  1. Get Web Service Description Language (WSDL) in soap UI from https://hagext.westeurope.cloudapp.azure.com:8443/api/xpiws/v4/index.html
  2. Choose the services from the navigation menu. Select and read the detailed information for each service.

Set up soap request

  1. Authentication is required before any usage of the XPI services - import authentication wsdl in request editor:

  2. Send a request with inputs in subject:

    <subject>
    <country>?</country>
    <credentials>
    <key>username</key>
    <value>YTE=</value> – username with base64 encoded value 
    </credentials>
    <credentials>
    <key>password</key>
    <value>bmV4dXNAMTIz</value> – Password with base64 encoded value 
    </credentials>
    </subject>

    See this example: Authenticate.xml

    1. A valid response has Session, use it in the following request:

      <principals>
      <key>session</key>
      <value>OXg5eWYyM2QxcHRz</value>
      </principals>
  3. Select an admin privileged task, such as a User Account operation.
    1. To get end point service, choose the service from https://hagext.westeurope.cloudapp.azure.com:4443/ws/v4/services/UserAccount?wsdl and import wsdl.
      1.  This is an example of adding a user account:

        <user:add>
        <subject>
        <principals>
        <key>session</key>
        <value>OXg5eWYyM2QxcHRz</value> -> provide session value from authentication response 
        </principals>
        </subject>
        <account>
        <enabled>true</enabled>
        <displayName>user1</displayName> 
        <emailAddress>user1@gmail.com</emailAddress>
        
        <globalAccess>
        <locked>false</locked>
        <maxRetries>10</maxRetries> - constants 
        <numRetries>0</numRetries> -constants 
        </globalAccess>
        <userName>user1</userName>
        <validFrom>1586975400000</validFrom> → date in this format
        <validTo>0</validTo>
        </account>
        <linkToDirectory>false</linkToDirectory> - true is want to link to AD
        </user:add>

        See this example: add user.xml