Info |
By default PKIsigning uses OpenIDconnect or OAuth2.0 SSO integrations. Only if this type of integration is not possible, a fallback can be implemented using information below. |
Code Block |
<html> <head></head> <body> <form method="post" id="jwtSubmitForm" action=""> <input type="hidden" name="jwt" value="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczpcL1wvdGVzdC5waW5rd2ViLm5sIiwic3ViIjoiaW5pdGlhdGVHZXRVc2VySW5mb1JlcXVlc3QiLCJpYXQiOjE2MDY4MzcxNzYsImV4cCI6MTYwNjgzNzIwNiwiaGFuZHNoYWtlVG9rZW4iOiIwYmJlMTcyNDc4M2FmYjM5ZjE5NjcxZmE4MWNiOTg4NyJ9.0k3xUmzAYCcVT4HSYCaEj3gaVjeGqTeeiM4EhnhCbCo" /> </form> <script type="text/javascript"> document.getElementById('jwtSubmitForm').submit(); </script> </body> </html> |
Note |
Please check the returnurl you get in the queryparameter to match the domain. This to prevent against open redirect url attacks. |
Acquiring user information
Code Block |
{ "Id":"internal unique id of integrating party indicating the user parmanently", "Email":"emailaddress of the user", "Mobilephone":"mobile number of user in international format", "Surname":"Surname of user", "Firstname":"First name of the user", "Infix":"infix/prefix of lastname", "OrganisationId":"id of the organisation as can be provided by application administrator" } |
The content-type of the response should be text/json.
This backchannel call will be done immediately after the callback of step 3, so the used token doesn’t need to have a very long validity period.
Depending on the environment used, the user is directed to a specified PKIsigning IDP .by the integrating partner:…
Please add an extra parameter named acr_values to this url. This parameter will instruct the PKIsigning IDP to skip the loginpage altogether and directly use the specified SSO integration.…&acr_values=idp:SSO_ID
Please note the colon-sign ( : ) between idp and the SSO_ID. This should preferrably encoded as %3A.
The specified SSO_ID will be given to you by the PKIsigning development team.