Plugout web browser integration
This article describes the Plugout web browser integration for Nexus Personal Desktop Client and Smart ID Desktop App.
Personal Plugout allows for integrated web browser signing/authentication and works with all browsers. Personal Desktop registers a protocol handler that is invoked from the web page and then the signing transaction is finalized via the Personal Plugout user interface. The Hermod messaging server exposes an easy to use REST API to perform these operations and manage the server to client communication. For more information, see Hermod.
This is an example flow for a signing transaction:
The backend web server (Authentication service) calls the Hermod messaging server and sends a signing request. A temporary URI including Personal protocol handler is returned to the Authentication service.
The temporary URI is inserted in the web page either as a script or as a link and the web page is presented to the user in the web browser.
Personal plugout is invoked when user clicks the URI link com.nexusgroup.plugout?...... (or when the script is run).
The signing transaction is finished using interaction between the Hermod messaging server and the Personal plugout service.
A callback is sent to the web server with the response from the signing transaction.
Meanwhile the web browser is polling the web server and redirects once the signing transaction is finished.
When configuring a certificate for Hermod Messaging Server, make sure that it is a valid and trusted certificate and that the corresponding CA certificate has a certificate revocation list (CRL) defined. Otherwise, Personal Plugout will not be able to establish a trusted connection.