Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Smart ID 23.10.10: New optional parameter added, “bioMetricsAllowed”, in section Mobile App: Create Key.
Info

This article includes updates for Smart ID 23.10.610.

Mobile App: Create Key

Description

...

Info

Smart ID Mobile App will sign the request data and Identity Manager will verify the mobile client's data signature using the attestation key. The attestation key is configured in the task's attestationKeySet parameter and in the Sign and encrypt engine in Identity Manager.

If the verification fails, the task will not accept the data but set two process variables instead:

  • The errorTypeField (see the parameters below) will be set to "HERMOD_ERROR_JWT_SIGNATURE". Use this in your process design to react to validation errors.

  • The errorMessageField (see the parameters below) will contain a more descriptive message

...

Parameter

Mandatory

Value

Description

messagingServer

(tick)

Example value:

  • MessagingServer

The name of the Smart ID Messaging configuration as defined in Identity Manager Admin. This configuration provides data (url, authentication token, lifespan and timeout) needed for the Smart ID Messaging connection.

messageName

(tick)

Example value:

  • p10PreparationCallback

The name of the intermediate message catching event that will be triggered by Smart ID Messaging.

userid

(tick)

Example value:

  • ${Person_Email}

ID representing the user on the messaging server. This will be displayed in the profile on the mobile app to verify the correct data is provided.

A common approach is to use the user's email address.

errorMessageField

(tick)

Example value:

  • ErrorMessage

Process variable to put the error message in case of failure.

errorTypeField

(tick)

Example value: 

  • ErrorType

Process variable to put the error type in case of failure.

signCertificateTemplate

-

Signature certificate template.

authCertificateTemplate

-

Authentication certificate template.

profileName

If new profile

Leave empty (when updating a profile)

Profile name for Smart ID Messaging. Will be displayed in the Smart ID Mobile App. Leave empty if you want to update an existing profile.

serverName

If new profile

Example value: 

  • Smart ID

Name of the server that issued the provisioning request. This is for the user to understand where the profile comes from. 

attestationKeySet

-

(If not set will default to "ATTESTATION")

Example value:

  • ATTESTATION (default value)

The name of the attestation key that will be used for signing (by the client) and validating (by Identity Manager) the mobile client's data. The available values are the names of the descriptors in the sign and encrypt engine that start with "att_", without this prefix. An attestation key with the same name must be defined in Smart ID Mobile App/MDM device.

Default value is "ATTESTATION" when no descriptor value is provided.

qrResultField

If new profile

Example value:

  • QR_CODE_VAR

Process variable to put the resulting url. This url may be converted to a QR-Code for the Smart ID Mobile App by using GenerateQRCodeParametrizedAction.

profileId

If update profile

Leave empty (for new profile)

Id of the Smart ID Mobile App profile that will be updated with new keys. Leave empty if you want to provision a new profile.

storagePriority

(tick)

Valid values:

  • APP (for Smart ID Mobile App, default)

  • EXT (for Mobile Iron device)

  • MDM (replaced by EXT, but still supported)

Storage priority of certificates. MDM is replaced by EXT, however MDM is still supported.

visualIdLayout

If using visual ID

Example value:

  • Default Layout

The layout to be used for creating the visual ID. If there is a juel expression configured for the front or backside image, this will take precedence over the statically configured image. If there is no image found for the juel expression, and there is no statically configured image, the task will fail.

cardDatapool

If using visual ID

Example value:

  • PcmDpPersonalMobile

 The datapool used for saving the mobile ID profile.

contentId

If using visual ID

Example value:

  • ${GeneratedContentId}

 A unique ID in UUID format, which will be associated with the personal mobile profile. Can be generated with the service task "MISC: Generate Random GUID into Data Map Field".

biometricsAllowed

-

(If not set will default to true, It can be only set to false explicitly.)

Example value:

  • True or false

Allow the biometrics authentication in the Smart ID Mobile App for this profile.

Mobile App: Install Certificates

...

  1. Set the confirmation flag to false.

    Note

    Even if the confirmation flag is set to false, you need to set the 'messageName' parameter to a dummy value to be able to delete the mailbox(es).

  2. Smart ID Messaging will delete either a specific mailbox when a profile id is provided or all mailboxes of the specified user id when the profile id is absent.
    The profiles themselves in their respective apps will be retained, as the deletion request will not be forwarded.

...

Info

Attestation Key

Smart ID Desktop App will sign the request data and Identity Manager will verify the client's data signature using the attestation key. The attestation key is configured in the task's attestationKeySet parameter and in the Sign and encrypt engine in Identity Manager.

If the verification fails, the task will not accept the data but set two process variables instead:

  • The errorTypeField (see the parameters below) will be set to "HERMOD_ERROR_JWT_SIGNATURE". Use this in your process design to react to validation errors.

  • The errorMessageField (see the parameters below) will contain a more descriptive message

...

Info

Smart ID Desktop App will sign the request data and Identity Manager will verify the client's data signature using the attestation key. The attestation key is configured in the task's attestationKeySet parameter and in the Sign and encrypt engine in Identity Manager.

If the verification fails, the task will not accept the data but set two process variables instead:

  • The errorTypeField (see the parameters below) will be set to "HERMOD_ERROR_JWT_SIGNATURE". Use this in your process design to react to validation errors.

  • The errorMessageField (see the parameters below) will contain a more descriptive message

...