In the previous part I showed how easy it is to start working with a simulated environment on a dev machine.
But later on in the development process with QA and UAT it is better to have a dedicated test environment. This in turn requires proper test users instead of the hard coded users we have in the simulated environment. Another issue is how we can verify the the whole flow including authentication. In this post I will show you how to create proper test users that can be used for verifying BankID functionality. Which can give us the real authentication flow through BankID test endpoints. My starting point in this blog post will be my previous demo. Where I created a demo application with a configured simulated environment. Building upon this application we can now do a few configurations to be able to use a dedicated test environment and test users.
A good place to start is the official documentation from BankID: https://www.bankid.com/utvecklare/testmiljoe.
First of all we need to configure the BankID application, it could be either on your phone or locally on your desktop. Here I will use the desktop app to show the functionality of “Denna enhet” button.
You can install it from https://install.bankid.com. After the first launch it will create all the necessary directories.
Following that link you can easily find all the necessary configuring instructions: https://demo.bankid.com/Konfigurera.aspx which are:
~/Library/Application Support/BankID/Configfor MAC or
Edit this file with only one word:
This will switch your app to the test mode so you will
NOTbe able to use it in your every day life since it will be pointed towards test BankID endpoints.
The BankId endpoint can only be accessed by a RelyingParty that has a valid SSL Client cert. The RelyingParty certificate is obtained from the bank that the RelyingParty has purchased the BankID service from. Then it is verified by the BankId server when the channel is established.
And the BankId server will then present its server certificate to your application, which is needed to be verified.
We will need two certificates:
Client Certificate. Can be downloaded from https://www.bankid.com/assets/bankid/rp/FPTestcert3_20200618.p12). This certificate comes in
.p12format, we just need to rename it to:
Root CA Certificate. Can be found in developers guideline document https://www.bankid.com/assets/bankid/rp/bankid-relying-party-guidelines-v3.4.pdf under section
8 Test Environment(Save certificate code as
BankIdRootCaCertificate-Test.crt, be careful with encoding and BOM!).
Both certificates (
BankIdRootCaCertificate-Test.crt) we can put into
Certificates folder in the root of our project.
Following https://demo.bankid.com we can create our test user. Instructions from BankID: https://www.bankid.com/assets/bankid/rp/how-to-get-bankid-for-test-v1.7.pdf
First we need to login with our real BankID into
Log in with a Production-BankID.
Then we can
Issue BankID for Test using a random testperson identity number from Skatteverket from https://swedish.identityinfo.net. I choose
on file to test desktop application.
Follow the instruction on how to add this file to the desktop application. Where on the final step you will be prompted to specify password.
Eventually you will have this new identity in the app:
Startup.cs we will need to remove
.UseSimulatedEnvironment(); and insert:
As you can see here we access the configuration to fetch path to certificates. Lets add it after line 9 in
Environment variable will require you to add one more argument to Startup class construct
IWebHostEnvironment env and instantiate a public property.
We will need to add each certificate from
Certificates folder to our project as content. Edit
ActiveLoginDemo.csproj file and add:
Now we can start our application and go through the whole flow:
The configuration was a bit tricky but we achieved communication with a real BankID test endpoint and verified it by using test user on the desktop app (which we re-configured to point to test endpoint).
Don’t forget to remove
CavaServerSelector.txtfile if you need to use BankID desktop application as a real one.
For more configuration alternatives you can navigate to https://github.com/ActiveLogin/ActiveLogin.Authentication/blob/master/docs/getting-started-bankid.md. Please leave me feedback if you experienced any problems with this example or with general questions you are welcome to our github page