BankID

  • This component is not suitable for users that require assistive technologies. This component is not suitable for users who require assistive technologies.

Enables user interaction via BankID.

Component modes: Sign | Identify | Phone identify

Component mode: Phone identify

Allows "external" users to identify using Mobile BankID during phone calls, typically for support purposes.

Configuration

  1. BankID requires a client certificate to be installed on the server. The thumbprint of that certificate must be entered in the system setting BankIdClientCertificate.
  2. The server must also trust an SSL issuer certificate for the above certificate.

See extended documentation for detailed installation instructions, how to get the certificates, and pricing information.

The issuer certificates required for testing and production are available here and the client certificate for testing is available here if they are not already installed.

Testing

The component will use BankID's test server when the system setting BankIdUseTestId is enabled.

SQL

SQL Call: Init (mandatory)

May modify database: Yes

Resultset: Information

Table count: repeated exactly once
Row count: exactly one row
Columns
PersonalNumber mandatory string

The personal number of the person.

Must contain exactly 12 digits and no other characters.

SoftadminApi.User has support for storing personal numbers via the procedure SoftadminApi.User_UpdatePersonalNumber. The PersonalNumber column of SoftadminApi.User can then be used to retrieve the personal number.

TextToSign optional string

Text to sign, shown in the user's BankID app. Use this to describe the intent of the identification.

TextToSign can not be combined with FormattedTextToSign.

FormattedTextToSign optional string

Formatted text to sign, shown in the user's BankID app. Use this to describe the intent of the identification.

Supports e.g. headings, lists, and tables.
See Syntax, special characters and rendering for formatting options, and Examples.

FormattedTextToSign can not be combined with TextToSign.

Message optional string

A message shown in the browser.

SQL Call: Identify (mandatory)

The result of the identification.

May modify database: Yes

Parameters

@Action string
Set to 'Identify' for this call.
@BankIdSignatureId int
Id of the stored signature (found in SoftadminApi.BankIdSignature) if the user successfully identified.
Not set when @IsError = 1.
@ErrorMessage string
Error message.
Set when @IsError = 1.
@IsError bit
Set to 1 if an error occurred. Not set otherwise.
@PersonalNumber string
The personal number used for identifying. Consists of 12 digits with no other characters.
Not set when @IsError = 1.
@UserId int
The id of the current user.

Resultset: Forwarding

Table count:
Row count:
Columns
admin_cidstepsback optional int
Number of steps in the page history to jump back after execution (the default being one step back).
admin_forward optional string
Displays a user friendly message and then forwards to the next menu item.
admin_forwardmenugroupid optional int
Id of the menu group to show after execution (instead of former menu item).
admin_forwardmenuitemid optional int
Id of the menu item to execute after execution (instead of former menu item).

SQL Call: Validate parameters

Allows you to validate the SQL parameters before any other SQL is run in the component. This call is only made if the SQL is a stored procedure and Validate parameters is checked.

May modify database: No

Parameters

@Force bit
Set to 1 if the last call to validate parameters used admin_force and the user clicked OK in the OK/Cancel dialog.
@ValidateParams bit
Set to 1 when this call is made.

Resultset: Messages (optional)

Table count: repeated zero or one time
Row count: zero or one row
Columns
ADMIN_Force optional string
Message asking the end user to confirm their parameters.
ADMIN_Message optional string
Message explaining why the parameters are rejected.

Custom access control and logging

SQL Call: Custom access control and logging

Use this call to restrict which entries a user is allowed to view and edit, and to log which entries a user views.

Access to a menu item is normally controlled through functions and roles alone but some entities need more fine grained control. For example, a user may have access to the View Member menu item for normal members but not for members with a protected identity.

The menu items a user visits are always logged (in ADMINLogMenuItem) but for sensitive data you may need to log exactly what entries are viewed. Do the logging in this call as the common ways of viewing data (grid and InfoSQL) are not allowed to modify the database.

If you bind a scalar function instead of a stored procedure to this call then its name must end with '_GrantAccess'.

May modify database: Yes

Resultset: Access permissions

Return whether the user is allowed to visit the menu item with the current parameters.
Table count: repeated exactly once
Row count: exactly one row
Columns
GrantAccess mandatory bit
1 if the user is allowed to view the menu item, 0 if the user should not be allowed to view the menu item.

If 0 then an error will be logged as the user should not have been able to reach the menu item with the given parameters in the first place.

Querystring parameters

menuitemheading optional
String that replaces the menu item name when the menu item is loaded. It does not replace the name before that (like for example in the navigator). It is ignored if the menu item is displayed as a part in a multipart in which case the name can be set from the multipart procedure.