Versions Compared

Old Version 35

changes.mady.by.user Manuel Gierlinger

Saved on

compared with

New Version 36

changes.mady.by.user Christoph Bimminger

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Client ID:your Linked Client ID
Client Secret:your LinkedIn Client Secret
Scope:r_basicprofile r_emailaddress
Authorization URI:https://www.linkedin.com/oauth/v2/authorization
Token URI:https://www.linkedin.com/oauth/v2/accessToken
Logout URI:https://www.linkedin.com
Ressource Parameter:oauth2_access_token
Ressource URI:https://api.linkedin.com/v1/people/~:(id,firstName,lastName,headline,email-address)?format=json

OAuth LinkedInImage RemovedOAuth LinkedInImage Added

Authenticate with Facebook

...

The configured Ressource URI returns a JSON object with the specified parameter. These parameters can be defined in the fields to force a specific LinkedIn user to authenticate (e.g. email address). HINT: to see what data is returned in the Ressource URI send yourself an envelope and have a look in the audit trail. It contains the returned object with its parameter. Note: Parameter in Ressource URI of LinkedIn is not the same in the result (email vs. emailAddress).


OAuth FacebookImage RemovedOAuth FacebookImage Added


The Ressource URI will return data of the profile. With the “Graph API Explorer” you can build and test your own profile requests. With the optional configuration of “Fields” you can define fields, which are checked for authentication. So you can force a specific user (e.g. identified via email, id or birthdate) to authenticate. Other users are not accepted.

...

Please see the following figure for more information about the configuration in eSAW:

OAuth ESignAnyWhereImage RemovedOAuth ESignAnyWhereImage Added

(Hint: in some older product versions, this settings had been located in Settings-Organization, section "OAuth Settings").

...

If authentication was successful, the signer will be logged in and SAW Viewer will grant access to the document.
After a successful login, the granted access for the OAuth Application is shown in Settings->Api Tokens and Apps in the section Apps and Connectors:
Apps And ConnectorsImage Removed Apps And ConnectorsImage Added  

For more information about the signing process in eSAW please also see the next video:

...

Provider NameThis name will be displayed in the Authentication dialog in SignAnyWhere Viewer, so make sure it identifies your organization.
e.g.: Video Ident with LiveId+
Redirect UrlThis is already set and has to be white listed on LIP OAuthWrapper. We already provided this URL in the request in Step 2.

Client Id

your "Application (client) ID" from Step 2
Client Secret:your secret's value from Step 2
Scope:
Authorization URI:https://<your-esaw-instance>/OAuthWrapperLiveIdPlus/api/authorize
Token URI:

https://<your-esaw-instance>/OAuthWrapperLiveIdPlus/api/getToken

Logout URI:can be blank
JWKS URI:
https://<your-esaw-instance>/OAuthWrapperLiveIdPlus/Jwk/getJwks
Issuer:

https://<your-esaw-instance>/OAuthWrapperLiveIdPlus

On-Off Sliders:

LiveId ValidationImage RemovedLiveId ValidationImage Added


And then configure the following field mappings:

...

Provider NameThis name will be displayed in the Authentication dialog in SignAnyWhere Viewer, so make sure it identifies your organization.
e.g.: SmartIdent
Redirect UrlThis is already set and has to be white listed on SignD side. We already provided this URL in the request in Step 1.

Client Id

your "Application (client) ID" from Step 1
Client Secret:your secret's value from Step 1
Scope:openid flat
Authorization URI:https://openid.signd.id/v1/oauth/authorize
Token URI:

https://openid.signd.id/v1/oauth/token

Logout URI:can be blank
JWKS URI:

https://openid.signd.id/.well-known/jwks.json

Issuer:

https://openid.signd.id

On-Off Sliders:

SmartIdent ValidationImage RemovedSmartIdent ValidationImage Added


And then configure the following field mappings:

...

Client ID:your Client ID
Client Secret:your Client Secret
Scope:openid profile
Authorization URI:https://eid2.oesterreich.gv.at/auth/idp/profile/oidc/authorize
Token URI:https://eid2.oesterreich.gv.at/auth/idp/profile/oidc/token
Logout URI:
JWKS URI:

https://eid2.oesterreich.gv.at/auth/idp/profile/oidc/keyset

Issuer:
https://eid2.oesterreich.gv.at
On-Off Sliders:

IDAustria ValidationImage RemovedIDAustria ValidationImage Added

The URIs are documented in https://eid.egiz.gv.at/anbindung/direkte-anbindung/anbindung-oidc/ - if above's URIs don't work, check if there was an update on this page.

...

After setting these values, the JWT and field mapping configuraiton should look similar to the following screenshot.

JWT ConfigurationImage RemovedJWT ConfigurationImage Added


Please note that the disposable certificate identification number will be updated with this configuration. If you want to override the identification number as it is shown in the configuration please also make sure to add a disposable certificate for the signer.

Overwrite Disposable InformationImage RemovedOverwrite Disposable InformationImage Added


Production Environment - USP Service "E-ID Serviceprovider"

...

Please also see the next figures for the OAuth2 configuration and the JWT configuration:

ID AustriaImage RemovedID AustriaImage AddedID Austria JWT ConfigurationImage Removed

ID Austria JWT ConfigurationImage Added

Add the following field mapping configurations:

...

Please note that the disposable certificate identification number will be updated with this configuration. If you want to override the identification number as it is shown in the configuration please also make sure to add a disposable certificate for the signer.

ID Austria DisposableImage RemovedID Austria DisposableImage Added


Czech BankID (Czech Republic)

...

Provider NameIf "Share on login page" is enabled, this name will be displayed on the login page, so make sure it identifies your organization.
e.g.: MyNamirial for <Organization name>
Direct access urlIf "Share on login page" is disabled, this link is needed to login to eSignAnyWhere with OAuth 2.0.
Make sure you bookmark this link.
Redirect UrlThis is already set and has to be white listed on MyNamirial. We already provided this URL in the request in Step 1.

Client Id

your "Application (client) ID" from Step 1
Client Secret:your secret's value from Step 1
Scope:openid email
Authorization URI:your authorization_endpoint from Step 2 or simply (for production instance of MyNamirial)
https://auth.namirial.app/realms/namirial/protocol/openid-connect/auth
Token URI:your token_endpoint from Step 2 or simply (for production instance of MyNamirial)
https://auth.namirial.app/realms/namirial/protocol/openid-connect/token
Logout URI:(Optional - can be blank)
your end_session from Step 2 or simply (for production instance of MyNamirial)
https://auth.namirial.app/realms/namirial/protocol/openid-connect/logout
Share on login pageDepending on the server settings this property might not be visible to you. If enabled your provider name will show up on the login page.
JWKS URI:
your jwks_uri from Step 2 or simply (for production instance of MyNamirial)
https://auth.namirial.app/realms/namirial/protocol/openid-connect/certs
Issuer:

your issuer from Step 2 or simply (for production instance of MyNamirial)

https://auth.namirial.app/realms/namirial
On-Off Sliders:

MyNamirial ValidationImage RemovedMyNamirial ValidationImage Added

Field Mappings:Click on "Add field" and enter "email". Select rule "Validate" and map it to "User Email Address"

...