Summary

This document will guide you through the steps to configure PhenixID Authentication Services and/or PhenixID Signing Services to consume user authentication from Norwegian BankID.

PhenixID Authentication Services (PAS) will act as a OpenID Connect Provider Relying Party against Norwegian BankID OpenID Connect Provider.

Background

With PhenixID, you can:

• Sign documents and transactions electronically using your Norwegian BankID account
• Protect web- and cloud apps (SAML SPs, OIDC RPs) with Norwegian BankID Authentication and PhenixID MFA
• Protect internal PhenixID web apps, such as the MyApps portal, on-boarding and other, with Norwegian BankID authentication

System requirements

• PhenixID Authentication Services 4.0 or higher
• Agreement with Norwegian BankID
• Norwegian BankID technical contact
• Norwegian BankID OIDC info:
  • OIDC Discovery URL
  • client_id
  • client_secret

Instruction

Configure PhenixID Authentication Services

Add OIDC RP

Add an OIDC RP using this instruction.

• Use the provided OIDC Discovery URL, client_id and client_secret
• Fetch the specified redirectUri

Send the redirectUri value to the Norwegian BankID technical contact (for whitelisting).

Configure Norwegian BankID

The Norwegian BankID technical contact will handle this step.

Test

• Trigger the authentication flow where the Norwegian BankID authentication is involved (for example https://x.phenixid.net/activateonetouch/)
• Your browser should be redirected to the Norwegian BankID
• Authenticate
• You should now be logged in to the service protected by Norwegian BankID authentication

Debugging

• Verify the front end flow using a browser plugin, such as SAML tracer.
• Verify the back end flow by checking the PAS server.log file (in debug mode).