eidas-connector
Building and Deploying the eIDAS Connector
Table of Contents
-
2.1. Prerequisites for Building
2.2. Getting the Source
-
4.1. Building using Jib
1. Overview
This document discusses how the eIDAS Connector is built and gives examples of how it can be deployed.
:grey_exclamation: Detailed knowledge of the role of the eIDAS Connector within both the domestic and the eIDAS-federation will be required, but this information is not provided here.
2. Building from Source
The eIDAS Connector can be built from source, but also downloaded from Maven Central.
2.1. Prerequisites for Building
- Java Development Kit (JDK) 21, or later.
- See Oracle Java Downloads, or OpenJDK.
-
Maven, version 3.8 or later.
-
Git - Needed to clone the eIDAS connector repository.
- And optionally, Docker which is needed to build a Docker image.
2.2. Getting the Source
The source can be downloaded as a zip-archive from https://github.com/swedenconnect/eidas-connector under the “Code”-button, and the “Download ZIP” archive.
A better choice is to clone or fork the eIDAS Connector repository.
To clone the repository, do:
$ git clone https://github.com/swedenconnect/eidas-connector.git
2.3. Building
In the directory where you cloned, or downloaded, the eIDAS Connector source code, do:
$ mvn clean compile
The resulting jar-file containing the eIDAS Connector Spring Boot-application (with a bundled Tomcat) is found under idp/target, and named eidas-connector-<version>.jar.
3. Maven Central
As an alternative to building the eIDAS Connector from source, it can be downloaded from Maven Central.
Go to https://repo1.maven.org/maven2/se/swedenconnect/eidas/eidas-connector and download the version you need.
4. Building a Docker Image
If your deployment uses Docker, an eIDAS Connector Docker image will be needed.
4.1. Building using Jib
If you have access to the source code, a Docker image can be built using the Jib Maven plugin.
Check the pom.xml under the idp-directory for the Jib-settings used.
To build an image do:
$ cd idp
$ mvn jib:dockerBuild
4.2. Building from Dockerfile
The more conventional way of building a Docker image is to have a Dockerfile and build the image using docker commands.
See an example Dockerfile under examples/Dockerfile.
Suppose that we have built the source as described above, then do the following:
$ cd idp
$ docker -f <your-path>/Dockerfile -t eidas-connector-image .
5. Example Deployment
This section illustrates how the eIDAS Connector is deployed to the Sweden Connect Sandbox-environment. We do not include keys and passwords, but all other settings used for the Sandbox-environment are present in the example.
The example assumes that a Docker image named swedenconnect/eidas-connector has been built.
5.1. Creating an Application Profile File
See Configuration of the Swedish eIDAS Connector for how to create a YML-configuration file. It is wise to use the base settings of the default application.yml and create a profile that extends and changes the default settings.
The examples/sandbox/application-sandbox.yml file illustrates how the profile sandbox is created and where we override default settings for the Sweden Connect Sandbox environment (passwords and credentials are not displayed).
5.2. Connector Start Script
#!/bin/bash
#
# Start and deploy script for the eIDAS Connector in the Sandbox environment
#
echo Pulling swedenconnect/eidas-connector docker image ...
docker pull ghcr.io/swedenconnect/eidas-connector
echo Undeploying eidas-connector container ...
docker rm eidas-connector --force
CONNECTOR_HOME=/opt/connector
CONNECTOR_HTTPS_PORT=8414
CONNECTOR_ACTUATOR_PORT=8415
CONNECTOR_AJP_PORT=8014
AJP_SECRET="TODO:insert-secret"
echo Redeploying docker container eidas-connector ...
docker run -d --name eidas-connector --restart=always \
-p ${CONNECTOR_AJP_PORT}:8009 \
-p ${CONNECTOR_HTTPS_PORT}:8443 \
-p ${CONNECTOR_ACTUATOR_PORT}:8444 \
-e SPRING_CONFIG_ADDITIONAL_LOCATION=${CONNECTOR_HOME}/ \
-e SPRING_PROFILES_ACTIVE=sandbox \
-e CONNECTOR_DIRECTORY=${CONNECTOR_HOME} \
-e TOMCAT_AJP_SECRET=${AJP_SECRET} \
-e CONNECTOR_IDM_ACTIVE=true \
-e "TZ=Europe/Stockholm" \
-v /etc/localtime:/etc/localtime:ro \
-v /opt/docker/eidas-connector:${CONNECTOR_HOME} \
ghcr.io/swedenconnect/eidas-connector
echo Done!
6. Post-deployment Steps
When the eIDAS Connector has successfully started*, it is time to perform some additional steps to connect it to the federations2.
[1]: Check the logs that everything looks good, and make a call to the Health-endpoint to ensure there are nothing that needs to be corrected.
[2]: If, the installation is an update to an already existing installation of the eIDAS Connector the SAML metadata may not have to be published.
6.1. Publishing Identity Provider Metadata
To obtain the SAML metadata for the IdP part of the eIDAS Connector, open the URL https://<domain>/idp/metadata/idp.xml in a browser and save the metadata in an XML-file.
Depending on which environment/federation the metadata is to be published, the steps are a bit different.
-
For Sweden Connect Production or QA, see https://www.swedenconnect.se/anslut.
-
For Sweden Connect Sandbox, see https://eid.svelegtest.se/mdreg/home.
6.2. Publishing Service Provider Metadata to eIDAS
To obtain the SAML metadata for the SP part of the eIDAS Connector, open the URL https://<domain>/idp/metadata/sp in a browser and save the metadata in an XML-file.
Next, Sweden Connect/Digg operations need to be involved to publish the metadata for the eIDAS federation. The distribution of metadata among the eIDAS countries is a manual process and requires many steps (outside of the scope for this document).
Copyright © 2017-2025, Myndigheten för digital förvaltning - Swedish Agency for Digital Government (DIGG). Licensed under version 2.0 of the Apache License.