IDP (OAuth Wrapper) Installation Guide
IDConnect Configuration
Configuration is done on https://esaw-ts-demo.namirial.com/
Login: Namirial account (but user has to be added to the idconnect backend by an admin first)
Identity Provider Configuration in eSignAnyWhere
IDP hosted by Namirial SpA (TEST environment deployed by Alten)
Prototype version hostet by Namirial SpA, deployed by Alten is working with DEMO environment, therefore on the prototype following redirect URI is configured: https://demo.esignanywhere.net/SawViewer/HttpHandlers/AuthHandler.ashx
Example of a Simple Mapping that returns just the Document Number:
| Parameter | Value | Field Mapping Configuration | Comment | |||
|---|---|---|---|---|---|---|
| Field Property Path | Mode | Data Field | ||||
| Provider Name | Netheos Trust&Sign | |||||
| Client Id | 09c11f68-2212-4a91-8070-105ba414fc71 | TEST ClientID for Christoph | ||||
| Client Secret | TEST Client Sectet for Christoph: Slack message LR to CB, Tue 26/04/2022 in combination with above's Client ID | |||||
| Scope | openid profile email trustsign | |||||
| Authorization URI | https://esaw-ts-api-demo.namirial.com/identityserver/connect/authorize | |||||
| Token URI | https://esaw-ts-api-demo.namirial.com/identityserver/connect/token | |||||
| Logout URI | ||||||
| JSON Web Token (JWT) Configuration | ||||||
| JWKS URI | https://esaw-ts-api-demo.namirial.com/identityserver/.well-known/openid-configuration/jwks | |||||
| Issuer | https://esaw-ts-api-demo.namirial.com/identityserver | |||||
| Add 'nonce' parameter | Off | |||||
| Validate audience | Off | |||||
| Validate issuer | On | |||||
| Validate lifetime | On | |||||
| Field Mapping | given_name | Update | Recipient First Name | |||
| Field Mapping | family_name | Update | Recipient Last Name | |||
| Field Mapping | identification_type | Update | Disposable Certificate Identification Type | |||
| Field Mapping | document_type | Update | Disposable Certificate Document Type | |||
| Field Mapping | identification_number | Update | Disposable Certificate Identification Number | |||
| Field Mapping | issuing_country | Update | Disposable Certificate Document Issuing Country | |||
| Field Mapping | Update | Disposable Certificate Issued By | ||||
| Field Mapping | document_number | Update | Disposable Certificate Document Number | |||
| Field Mapping | identification_country | Update | Disposable Certificate Identification Country | |||
| Field Mapping | Update | Disposable Certificate Document issued On | ||||
| Field Mapping | expiry_date | Update | Disposable Certificate Document Expiration | |||
Attention:
- Trust&Sign (in this configuration) does NOT offer a phone number. Therefore, the phone number must not be set as UPDATE rule in e.g. another identification configuration which is used as backup option.
- Trust&Sign (in this configuration) does NOT offer a document issuing date.
- Trust&Sign (in this configuration) does NOT offer an issuing authority name ("issued by").
Usage
- Create a new envelope
- Select the document(s) to be signed
- Open the Authentication/Identification section
- Add the OAuth Identification method "Netheos Trust&Sign"
- If indicated, place in the Designer page a signature field and select the signature method "Disposable Certificate".
Screenshots
(passport picture taking)
Backoffice Approval
In case the process is one with backoffice approval step, an operator has to log in at https://demo-center.ekeynox.net/ and approve the transaction:
Technical Appendix
Sample JWT returned by the wrapper
{
"iss": "https://esaw-ts-api-demo.namirial.com/identityserver",
"nbf": 1653930619,
"iat": 1653930619,
"exp": 1653930919,
"aud": "09c11f68-2212-4a91-8070-105ba414fc71",
"amr": [
"pwd"
],
"at_hash": "tHwwAcNywwPHqyOX9xzC2A",
"sid": "44874189B9D8A26F1740F37849B0CFC4",
"sub": "91a73a82-341e-4cb7-a3a6-0a7fe9530bdc",
"auth_time": 1653930454,
"idp": "local",
"name": "Simon Seller",
"given_name": "Simon",
"family_name": "Seller",
"email": "christoph.bimminger@xyzmo.com",
"email_verified": [
"true",
true
],
"document_number": "",
"document_type": "PASSPORT",
"identification_number": "",
"identification_type": "PASSPORT",
"identification_country": "",
"issuing_country": "",
"expiry_date": "",
"first_name": "Simon",
"last_name": "Seller",
"preferred_username": "01bd99be-c6cf-44d7-b082-10891c8083f8"
}