bankid-saml-idp
Development Guidelines for the SAML IdP for BankID
Note: All contributors to this project are expected to follow the guidelines stated in the Contributing to the BankID SAML IdP document.
The BankID IdP backend is a Spring Boot application and the frontend is a Vue-application. It is expected that you are familiar with these frameworks before starting development activities.
Obtaining the BankID IdP Source
The source for the project is located at https://github.com/swedenconnect/bankid-saml-idp and you are free to clone the repository or create a fork.
Building the Source
If you want to deploy a BankID IdP and don’t have to make any changes apart from configuration customizations of the UI (see Customizing the BankID IdP UI), you don’t have to build the BankID source. Instead, you can just download the BankID jar from Maven Central.
Note: Before you build you must ensure that you have Java, Maven and npm installed on your machine.
To build the BankID IdP with a built-in frontend application:
cd my-install-dir
mvn clean package
To build the BankID IdP without a built-in frontend application:
cd my-install-dir
mvn clean package -Dbackend-only
Running the Service Locally
To develop the service we recommend the use of the “local” profile.
In this mode the service will require two dependencies:
- a configured service provider (SP), and,
- a local test instance of Redis.
When the Redis instance has been started you should be able to start the BankID IdP-application with the “local” profile active. Next, start the Test-SP and send authentication requests.
To start the BankID IdP-application with the “local” profile the following environment variables should be set to load the relevant properties.
BANKID_INSTALL_DIR=<root directory where you checked out the BankID repository>
SPRING_CONFIG_IMPORT=${BANKID_INSTALL_DIR}/bankid-idp/env/local/developer.yml
SPRING_PROFILES_ACTIVE=local
Don’t you have a test-BankID installed on your device? See BankID and Sweden Connect Resources.
SAML Service Provider for Local Test and Development
A pre-configured SAML Service Provider that can be used to send requests to the BankID IdP when running under the “local” profile can be found at https://github.com/swedenconnect/test-my-eid.
Clone or fork this repository and start the “Test my eID”-application with the “local” profile active.
Point your browser to https://localhost:9445/testmyeid/ and you should see something like:
Click the “BankID (local)” option and a SAML request should be sent to the IdP.
Not working? Well, you need to start the IdP application …
Local Redis Instance
When running with the local profile, there is a docker-compose file for Redis that works out of the box under the following path bankid-idp/env/local/redis/docker-compose.yml.
To start Redis, simply run:
> docker compose -f ${CODE_ROOT}/bankid-idp/env/local/redis/docker-compose.yml up
Local Redis Cluster Instance
There is an additional docker compose file that can be used if you wish to develop with a Redis cluster:
> docker compose -f ${CODE_ROOT}/bankid-idp/env/local/redis-cluster/docker-compose.yml up
Note: When running with this setup there is an additional profile cluster that should be used
which configures the cluster. You need both profiles to be active SPRING_PROFILES_ACTIVE=local,cluster.
Using Docker
Building Docker image and pushing to registry:
export DOCKER_REPO=yourdockerrepo:port
mvn clean install
mvn -f bankid-idp/bankid-idp jib:build
Building, local Docker image only: Since MultiArch build is not supported locally, we need to limit the execution to a specific execution-id
export DOCKER_REPO=local
mvn clean install
mvn -f bankid-idp/bankid-idp jib:dockerBuild@local
Copyright © 2023, Myndigheten för digital förvaltning - Swedish Agency for Digital Government (DIGG). Licensed under version 2.0 of the Apache License.