| Note | ||
|---|---|---|
| ||
OIDC Clients must be configured |
...
according to the below instructions in order to gain access to the services supported by the OpenID Connect Provider from BankID. |
supported services. The provisioning process is separate for each supported environment and results in security credentials issued to the requesting party. The client must use these credentials to authenticate with with selected endpoints of the REST API of the OIDC Provider.
...
| icon | false |
|---|
...
Client configurations are maintained across releases of the OIDC Provider in each environment unless specified otherwise.
| Environment | Client provisioning requests | |
|---|---|---|
| PRE-PROD / CURRENT | Visit the OIDC preprod service desk to request provisioning of an OIDC Client for test in the for OIDC pre-production environment. and supply the information reuired in your request | |
| PROD | Contact salg@bankidnorge.no to request provisioning of an OIDC Client in production and supply the information reuired in your request. A valid contract with BankID Norge AS or one of its resellers is required for provisioning in production. | CURRENT | Visit the OIDC current service desk to request provisioning of an OIDC Client for test in the current environment.
| Warning | ||
|---|---|---|
| ||
The CURRENT environment is not yet available for provisioning of OIDC Clients. |
Anchor required-information required-information
Information required
| required-information | |
| required-information |
The following information must be supplied as part of the provisioning request:
| Item | What | |
|---|---|---|
| 1 | The requested environment (PRE-PROD, CURRENT, PROD) | |
| 2 | Description of the OIDC Client and its intended use. | |
| 3 | A display name for the OIDC Client that will be shown in the header of the (default) OIDC dialogues. | |
| 42 | Contact information for both technical and commercial issues. | |
| 35 | Requested OAuth2 flows | |
| 46 | Requested Identity Providers. If See section below on BankID merchant certificate if BankID is requested, optionally a BankID Merchant certificate to be used, thus replacing the default certificate of the OIDC Service itself.among the requested IDPs. | |
| 75 | Requested Value Added Services (VASs). | |
| 68 | One of more URLs where control will redirected back to the OIDC client (redirect URLs must be pre-registered for safety reasons). | |
| 7 | A display name for the OIDC Client that will be shown in the header of the (default) OIDC dialogues. | |
| 9 | 8 | Requested access to Norwegian National Identity Number. Note that such access will only be granted for eligible applications. |
Anchor bankid-merchantcert bankid-merchantcert
BankID merchant certificate
| bankid-merchantcert | |
| bankid-merchantcert |
OIDC Clients requesting access to the BankID service will by default use a shared BankID merchant certificate already hosted by the OIDC Provider unless a dedicated BankID merchant certificate is requested. See the below table for instructions on how to obtain dedicated certificates for each of the environments. BankID will be responsible for installation, hosting and management of the dedicated certificate on behalf of the requesting party.
| Environment | Dedicated BankID certificates |
|---|---|
| PRE-PROD / CURRENT | Please use the RA self-service tool for PRE-PROD to order a test certificate for your organization. After ordering is completed please use the tool to also active the certifiate in question. Then download the resulting certificate file (.bid file) and attach it to your provisioning request along with the pre-set password (qwer1234) for the certificate file. |
| PROD | Inform salg@bankidnorge.no about your request for a dedicated certificate and BankID Norge will take care of ordering, activation and installation of the certificate. BankID Norge will need your organization number, organization name and the desired common name of the certificate to fulfill the request. |