An OIO IDWS client sample for NemLog-in Lookup Services.
This code shows how to invoke NemLog-in Lookup Services using the OIO IDWS authorization model.
The samples are concrete implementations of OIO IDWS Web Service Client (WSC) "abstract" samples found in the public available github repository. If you are creating a new OIO IDWS Web Service Provider (WSP), then you should go here and find the more general OIO IDWS documentation.
The LookupService.WSC samples utilizes the public available Nugets which is also produced by the output of the general OIO IDWS repository.
The services are described in section 2 of [SS]. Please refer to [SS] for detailed documentation of available services.
Note especially, that services described in section 3 of [SS] (UUID match services) use a different authentication and authorization model and that this sample is not relevant if you need to use the UUID match services.
The solution consists of four projects:
Digst.Nemlogin.LookupService.Wsc.Rest
- a command line REST clientDigst.Nemlogin.LookupService.Wsc.Soap
- a command line SOAP clientDigst.Nemlogin.LookupService.Shared
- a library shared by both clientsDigst.Nemlogin.LookupService.Test
- a unittest project that invokes both clients
- Open solution in your preferred IDE.
- Build the solution
- Run the client of preference - we recommend using REST, see below.
The clients will:
- Install the required certificates (included in
Shared/certificates
folder) in CurrentUser certificate store. - Request a SAML token at the NemLog-in STS
- Exchange the SAML token for a JWT token (only for REST)
- Invoke the full set of business methods in the NemLog-in pre-production environment (domain
test-devtest4-nemlog-in.dk
)
See WscConfig
and WscCertificates
.
A number of certificates are included in the Shared/certificates
folder. These are
- OCES3 Root CA - CTI.cer
- The test OCES3 root CA certificate. Signer of intermediate CA certificates. Used for establishing trust to OCES3 test certificates.
- OCES3 Intermediate CA - CTI.cer
- The OCES3 issuing CA certificate. Signer of end user test certificates. Used for establishing trust to OCES3 test certificates.
- NemLog-in IdP - Test
-
Signing certificate for the NemLog-in pre-production STS.
Used for verifying authenticity of the SAML tokens issued by the STS.
Note that SOAP and REST clients must update this certificate in their environment when it is updated in NemLog-in. - NemLog-in LookupServices.TestWSC - Test.pfx
- Certificate used by SOAP and REST clients (WSC's) to sign the STS request. NOTE: It is very important, that you do not reuse this certificate for your own WSC! Follow the guide [UG] when you establish your own WSC.
- NemLog-in LookupService - Test.cer
- WS-Security signing certificate used by the Lookup Service SOAP webservice. Used for signing SOAP responses sent to the SOAP client. Note that this certificate is only required by SOAP clients and that SOAP clients must update this certificate in their environment when it is updated in NemLog-in.
The certificate installation is included in the code for convenience. When using the code in production you should install
certificates prior to executing the client, and in that case the WscCertificates constructor should merely
construct X509Certificate2
instances by looking up the certificates in the certificate store.
The client code may also be used to invoke NemLog-in Lookup Services in the Integrationtest and Production environments.
The changes described in this section describes configuration changes needed to enable integration.
Note that these changes on their own will not render the code production grade! To make it so you must at least implement changes to not include the sensitive certificate private keys in your application code.
To invoke services in other environments you must:
- Follow the guide [UG] to establish your own WSC ("systembruger") and your own client certificate (DO NOT reuse the certificate provided here)
- Change the
WscConfig.Domain
:- Integrationtest:
test-nemlog-in.dk
- Production:
nemlog-in.dk
- Integrationtest:
- Obtain the STS and - for SOAP use - the Lookup Service for the relevant environment. See [Inttest] and [Prod].
- [SS]
- NemLog-in Supporting Services documentation, available at https://tu.nemlog-in.dk/oprettelse-og-administration-af-tjenester/log-in/dokumentation.og.guides/.
- [UG]
- Guide til anvendelse af Opslagstjenester, available at https://tu.nemlog-in.dk/oprettelse-og-administration-af-tjenester/log-in/dokumentation.og.guides/.
- [Inttest]
- Certificates for Integrationtest can be obtained at
- [Prod]
- Certificates for Production can be obtained at