bankid-saml-idp

Logo

Development Guidelines for the SAML IdP for BankID

License


Note: All contributors to this project are expected to follow the guidelines stated in the Contributing to the BankID SAML IdP document.

The BankID IdP backend is a Spring Boot application and the frontend is a Vue-application. It is expected that you are familiar with these frameworks before starting development activities.

Obtaining the BankID IdP Source

The source for the project is located at https://github.com/swedenconnect/bankid-saml-idp and you are free to clone the repository or create a fork.

Building the Source

If you want to deploy a BankID IdP and don’t have to make any changes apart from configuration customizations of the UI (see Customizing the BankID IdP UI), you don’t have to build the BankID source. Instead, you can just download the BankID jar from Maven Central.

Note: Before you build you must ensure that you have Java, Maven and npm installed on your machine.

To build the BankID IdP with a built-in frontend application:

cd my-install-dir
mvn clean package

To build the BankID IdP without a built-in frontend application:

cd my-install-dir
mvn clean package -Dbackend-only

Running the Service Locally

To develop the service we recommend the use of the “local” profile.

In this mode the service will require two dependencies:

When the Redis instance has been started you should be able to start the BankID IdP-application with the “local” profile active. Next, start the Test-SP and send authentication requests.

To start the BankID IdP-application with the “local” profile the following environment variables should be set to load the relevant properties.

BANKID_INSTALL_DIR=<root directory where you checked out the BankID repository>
SPRING_CONFIG_IMPORT=${BANKID_INSTALL_DIR}/bankid-idp/env/local/developer.yml
SPRING_PROFILES_ACTIVE=local

Don’t you have a test-BankID installed on your device? See BankID and Sweden Connect Resources.

SAML Service Provider for Local Test and Development

A pre-configured SAML Service Provider that can be used to send requests to the BankID IdP when running under the “local” profile can be found at https://github.com/swedenconnect/test-my-eid.

Clone or fork this repository and start the “Test my eID”-application with the “local” profile active.

Point your browser to https://localhost:9445/testmyeid/ and you should see something like:

Test-my-eid

Click the “BankID (local)” option and a SAML request should be sent to the IdP.

Not working? Well, you need to start the IdP application …

Local Redis Instance

When running with the local profile, there is a docker-compose file for Redis that works out of the box under the following path bankid-idp/env/local/redis/docker-compose.yml.

To start Redis, simply run:

> docker compose -f ${CODE_ROOT}/bankid-idp/env/local/redis/docker-compose.yml up

Local Redis Cluster Instance

There is an additional docker compose file that can be used if you wish to develop with a Redis cluster:

> docker compose -f ${CODE_ROOT}/bankid-idp/env/local/redis-cluster/docker-compose.yml up

Note: When running with this setup there is an additional profile cluster that should be used which configures the cluster. You need both profiles to be active SPRING_PROFILES_ACTIVE=local,cluster.

Using Docker

Building Docker image and pushing to registry:

export DOCKER_REPO=yourdockerrepo:port
mvn clean install
mvn -f bankid-idp/bankid-idp jib:build

Building, local Docker image only: Since MultiArch build is not supported locally, we need to limit the execution to a specific execution-id

export DOCKER_REPO=local
mvn clean install
mvn -f bankid-idp/bankid-idp jib:dockerBuild@local

Copyright © 2023, Myndigheten för digital förvaltning - Swedish Agency for Digital Government (DIGG). Licensed under version 2.0 of the Apache License.