/
Certificate filtering for Smart ID authentication

Certificate filtering for Smart ID authentication

This article describes how to set up certificate filtering for the Personal Mobile and Personal Desktop authentication methods in Digital Access. To do this, you add an extended property in the authentication method.

  • The Personal Mobile and Personal Desktop authentication methods are set and enabled in Digital Access. Read more here: Set up Smart ID authentication.

  • A json is defined including the necessary information for the filtering. See examples in this article.

Step-by-step instruction to set up the filter

  1. Log in to Digital Access Admin with an administrator account.

  1. In Digital Access Admin, go to Manage System.

  2. Click Authentication Methods.

  3. Select the Personal Mobile or the Personal Desktop method in the list of Registered Authentication Methods.

  4. Go to the Extended Properties tab.

  5. Click Add Extended Property... 

  6. Select Certificate Filter. The value of this filter shall be a valid json constructed based on the type of filtering you want to achieve. More details about how to create the filter json can be found in the examples in this page.

  7. Click Save.

  8. Click Publish.

About the filter json with examples

Each filter object shall have an op parameter (operation), whose value signifies what type of filter operation it represents. If no operation is specified, the default operation and will be used. 

Logical filter

The logical filter contains a list of operations. The value (value) in a logic filter is a list of more filters.

The logical filter operations are:

  • and

  • or

  • not

Value filter

The value filter contains one parameter (param) (which depends on the operation) and a value (value).

The value filter operations are:

  • eq (Equals)

  • nq (Not Equals)

  • co (Contains)

  • sw (Starts with)

  • ew (Ends with)

  • lt (Less than)

  • gt (Greater than)

  • lte (Less than or equal to)
    'le' is implemented in the mobile apps

  • gte (Greater than or equal to)
    'ge' is implemented in the mobile apps



A simple filter json:

Example: A simple filter that requests a key with ID 'signer'
{ "op": "eq", "param": "cert.issuer.o", "value": "Example company" }

A complex filter json:

Example: A more complex filter
{ "op":"and", "value":[ { "param": "key.id", "op":"eq", "value": "signing" }, { "param": "cert.subject.cn", "op":"eq", "value": "Samuel" }, { "op":"or", "value":[ { "op":"and", "value":[ { "param": "key.type", "op":"eq", "value": "RSA" }, { "param": "key.size", "op":"gte", "value":2048 } ] }, { "op":"and", "value":[ { "param": "key.type", "op":"eq", "value": "ECC" }, { "param": "key.size", "op":"gte", "value":192 } ] } ] } ] }



Supported request filter parameters





Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions