{"id":22268077,"url":"https://github.com/curityio/freja-eid-authenticator","last_synced_at":"2026-02-05T10:16:23.049Z","repository":{"id":30604618,"uuid":"125512590","full_name":"curityio/freja-eid-authenticator","owner":"curityio","description":" Verisec oauth authenticator that can be used with any Java-based Web API","archived":false,"fork":false,"pushed_at":"2026-01-29T15:18:15.000Z","size":735,"stargazers_count":2,"open_issues_count":0,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2026-01-30T04:26:41.178Z","etag":null,"topics":["authenticator","freja","plugin"],"latest_commit_sha":null,"homepage":"https://curity.io/resources/learn/freja-authenticator/","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/curityio.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-03-16T12:20:53.000Z","updated_at":"2026-01-29T15:16:52.000Z","dependencies_parsed_at":"2024-11-07T09:26:22.280Z","dependency_job_id":"cbc3495c-91a8-475d-841c-58e2e8c5676a","html_url":"https://github.com/curityio/freja-eid-authenticator","commit_stats":null,"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/curityio/freja-eid-authenticator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Ffreja-eid-authenticator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Ffreja-eid-authenticator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Ffreja-eid-authenticator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Ffreja-eid-authenticator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/curityio","download_url":"https://codeload.github.com/curityio/freja-eid-authenticator/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Ffreja-eid-authenticator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29119230,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T09:40:36.738Z","status":"ssl_error","status_checked_at":"2026-02-05T09:36:49.977Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authenticator","freja","plugin"],"created_at":"2024-12-03T11:11:00.967Z","updated_at":"2026-02-05T10:16:23.028Z","avatar_url":"https://github.com/curityio.png","language":"Kotlin","funding_links":[],"categories":[],"sub_categories":[],"readme":"Freja eID Authenticator Plugin\n==============================\n\n.. image:: https://img.shields.io/badge/quality-production-green\n :target: https://curity.io/resources/code-examples/status/\n\n.. image:: https://img.shields.io/badge/availability-binary-blue\n :target: https://curity.io/resources/code-examples/status/\n\n\nThis project provides an opens source Freja eID Authenticator plug-in for the Curity Identity Server. This allows an administrator to add functionality to Curity which will then enable end users to login using their Freja eID credentials.\n\nBuilding the Plugin\n~~~~~~~~~~~~~~~~~~~\n\nYou can build the plugin by issue the command ``mvn package``. This will produce a JAR file in the ``target`` directory, which can be installed.\n\nInstalling the Plugin\n~~~~~~~~~~~~~~~~~~~~~\n\nTo install the plugin, copy the compiled JAR (and all of its dependencies) into the ``${IDSVR_HOME}/usr/share/plugins/${pluginGroup}`` on each node, including the admin node. For more information about installing plugins, refer to the `curity.io/plugins`_.\n\nCreating a Freja eID Authenticator in Curity\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nConfiguration using the Admin GUI\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n\nTo configure a new Freja eID authenticator using the Curity admin UI, do the following after logging in:\n\n1. Go to the ``Authenticators`` page of the authentication profile wherein the authenticator instance should be created.\n2. Click the ``New Authenticator`` button.\n3. Enter a name (e.g., ``freja-eid1``).\n4. For the type, pick the ``Freja eID`` option.\n5. On the next page, you can define all of the standard authenticator configuration options like any previous authenticator that should run, the resulting ACR, transformers that should be executed, etc. At the bottom of the configuration page, the Freja eID-specific options can be found.\n\n .. figure:: docs/images/freja-eid-authenticator-type-in-curity.png\n :align: center\n :width: 600px\n\n .. note::\n\n The Freja eID-specific configuration is generated dynamically based on the `configuration model defined in the Java interface \u003chttps://github.com/curityio/freja-eid-authenticator/blob/master/src/main/java/io/curity/identityserver/plugin/freja-eid/config/FrejaEidAuthenticatorPluginConfig.java\u003e`_.\n\n\n6. Certain required configuration settings should be provided. One of these required settings is the ``HTTP Client`` setting. This is the HTTP client that will be used to communicate with the Freja eID OAuth server.\n You need to configure a ``Client SSL Keystore`` and a ``Server Trust Store`` before you create a Http Client.\n\nCreate Client SSL Keystore\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n A. Click the ``Facilities`` button at the top-right of the screen.\n B. Next to ``Client SSL Keys`` under ``Crypto``, click ``New``.\n C. Enter some name (e.g., ``freja-eid-clientSSLKeystore``).\n D. Select ``Upload Existing`` and click ``Next``.\n E. Upload the ``Keystore`` and enter its ``password`` with an optional ``alias``.\n F. Click ``Add \u0026 Commit``.\n\n .. figure:: docs/images/create-client-ssl-keystore1.png\n :align: center\n :width: 600px\n\n\n .. figure:: docs/images/create-client-ssl-keystore2.png\n :align: center\n :width: 600px\n\nCreate Server Trust Store\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n A. Click the ``Facilities`` button at the top-right of the screen.\n B. Next to ``Server Trust Stores`` under ``Crypto``, click ``New``.\n C. Enter some name (e.g., ``frejaEidTrustStore``).\n D. Upload ``Public key file``.\n E. Click ``Add``.\n\n .. figure:: docs/images/create-server-truststore.png\n :align: center\n :width: 600px\n\nCreate Http Client\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n A. Click the ``Facilities`` button at the top-right of the screen.\n B. Next to ``HTTP``, click ``New``.\n C. Enter some name (e.g., ``freja-eidClient``).\n D. Enable ``Use Truststore`` toggle button.\n E. Select the keystore that you just created in the steps above from the ``Client Keystore`` dropdown.\n F. Click ``Apply``.\n\n .. figure:: docs/images/create-http-client.png\n :align: center\n :width: 600px\n\n7. Back in the Freja eID authenticator instance that you started to define, select the new HTTP client from the dropdown.\n\n .. figure:: docs/images/configure-http-client.png\n :align: center\n :width: 400px\n\n\n8. Select the ``Environment`` to use, either ``Production`` or ``Pre Production``.\n9. Select the ``User Info Type`` from dropdown. It has ``Email`` or ``SSN`` as the allowed options. ``SSN`` corresponds to ``Username``.\n10. If applicable, you may also need to configure the ``Relying Party ID``.\n\nOnce all of these changes are made, they will be staged, but not committed (i.e., not running). To make them active, click the ``Commit`` menu option in the ``Changes`` menu. Optionally enter a comment in the ``Deploy Changes`` dialogue and click ``OK``.\n\nOnce the configuration is committed and running, the authenticator can be used like any other.\n\nEnabling QR Code Authentication\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n\nWhen QR Code Authentication is enabled, the authenticator will not present the user with a field to enter their identifier (email/ssn/phone).\nInstead, a QR code will be displayed that the user must scan in order to perform authentication.\nThe Freja API returns `N/A` as the `userInfo` in this case, so the `subject` of the authentication must be taken from the `attributesToReturn`.\nThe authenticator will select the subject based on which attributes where present in the response in the following order:\n\n1. Custom Identifier\n2. Integrator Specific User ID\n3. Relying Party User ID\n4. Social Security Number\n5. Email\n\nIf none of these attributes above are returned, the authentication will fail and the user will be redirected to the authentication endpoint so they may try a different authenticator (if configured) or try to login again.\n\nNote: When QR Code is enabled, the authenticator will try to autostart the Freja e-id mobile app.\nThis can be disabled by overriding the template `freja-eid/authenticate/wait.vm` and removing the parsing of `authentication-app-launcher` fragment.\nIn case the authenticator is to be used by a specific mobile app, it is possible to override `freja-eid/handle-auto-start-uri.vm`\nto pass an extra parameter to the url so the Freja e-id application can go back to the original application.\n\n\nTesting Instructions\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\nTo test the plugin in ``Pre Production`` environment, follow the below instructions.\n\n1. Download app from ``AppStore`` or ``PlayStore``.\n2. Start the app in ``Test Mode`` by following instructions from Verisec.\n3. Activate your ID by entering your email and confirming it.\n4. Now you can use this email for testing.\n5. In order to use ``SSN`` for testing, you need to vet your ID first\n6. Upgrade your account from mobile app\n7. Vet your ID by following the instructions from Verisec.\n8. After that you can use your ``SSN`` for testing.\n\nNote :: You can find detailed instructions from documentation provided by Verisec.\n\nRun Mock Node Server\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\nYou can also use mock node server for testing which will act as Freja e-id server.\n\nFollow the instructions below to run and use mock node server.\n\n1. Start the node server using docker compose. Docker and Docker compose should be installed on your machine.\n\n ``docker-compose up``\n\n2. Change the host value to ``localhost`` in ``FrejaEidAuthenticatorPluginConfig.kt`` like below.\n\n .. code-block:: kotlin\n fun getHost(): String\n {\n return when (this)\n {\n PRE_PRODUCTION -\u003e \"localhost\"\n PRODUCTION -\u003e \"localhost\"\n }\n }\n\n3. Rebuild the plugin and test the authentication flow using test mock server.\n\nMore Information\n~~~~~~~~~~~~~~~~\n\nPlease visit `curity.io`_ for more information about the Curity Identity Server.\n\n.. _curity.io/plugins: https://support.curity.io/docs/latest/developer-guide/plugins/index.html#plugin-installation\n.. _curity.io: https://curity.io/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Ffreja-eid-authenticator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcurityio%2Ffreja-eid-authenticator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Ffreja-eid-authenticator/lists"}