This process is a sub process of the Signing. It takes place in the Signer authentication part of Signing. It includes the technical authentication processes using different authentication mechanisms. The result of the authentication process is that the identity provider is able to create and provide an ID token for the Signer.
Figure 14: Sequence diagram doingAuthenticationSigner process
|
Nr. |
Step |
Components |
Description |
||
|
|
eID Card |
Hard Token |
|
eID Card |
Hard Token |
|
61 doingAuthenticationSigner |
|||||
|
61.1 |
The Signer requests authentication of the Signer at the SSSrv/UI. |
Signer, SSSrv/UI |
requestApplication |
||
|
61.2 |
The SSSrv/UI requests authentication of the Signer to the IdP. |
SSSrv/UI, IdP |
requestAuthentication |
||
|
61.3 |
The IdP checks the request for authentication. |
IdP |
checkRequestAuthentication |
||
|
61.4 |
The IdP provides the Signer with the authentication page. |
IdP, Signer |
provideAuthenticationPage |
||
|
61.5 |
The undersigned requests at the IdP |
Signer, IdP |
requestEID Authentication |
requestAuthCert Authentication |
|
|
a eID based authentication. |
a certificate based authentication. |
||||
|
61.6 |
The IdP checks the request for authentication. |
IdP |
checkRequestEID Authentication |
checkRequestAuth CertAuthentication |
|
|
61.7 |
The IdP demands |
IdP, RM/SAK |
requestEID Authentication |
requestAuthCert Authentication |
|
|
a eID based authentication for the RM. |
a certificate based authentication for the IdP's own SAK /OS. |
||||
|
61.8 |
RM, IdP, SSSrv /UI and IDApp perform the eID procedure. |
The IdP's own SAK /OS reads the data from the authentication certificate. |
RM (IdP, SSSrv/UI, AusweisApp) / SAK/OS |
performEIdProcess |
readCertificateData |
|
61.9 |
The IdP is supplied |
RM / SAK /OS, IdP |
returnEIDData |
returnAuthCertData |
|
|
with the eID data by the RM. |
with the data of the authentication certificate by the IdP's own SAK/OS. |
||||
|
61.10 |
The IdP validates the |
IdP |
validateEIDData |
validateAuthCertData |
|
|
eID data (extracts the Restricted ID). |
data of the authentication certificate. |
||||
|
61.11 |
The IdP queries user data at the UM |
IdP, UM |
queryUserData ByEIDData |
queryUserDataBy AuthCertData |
|
|
according to the read RestrictedID. |
according to the read authentication certificate. |
||||
|
61.12 |
The UM checks the request to query user data based on the |
UM |
checkQueryUser DataByEIDData |
checkQueryUserData ByAuthCertData |
|
|
eID data. |
data of the authentication certificate |
||||
|
61.13 |
The UM sends the user data back to the IdP. |
UM, IdP |
returnUserData |
||
|
61.14 |
The ID token is generated according to the authenticated Signer and the queried user data. |
IdP |
createIDTokenForSigner |
||
|
61.15 |
The IdP signs the ID token. |
IdP |
signIDToken |
||
|
61.16 |
The IdP confirms the authentication by returning the signed ID token to the SSSrv/UI. |
IdP, SSSrv /UI |
confirmAuthentication |
||
|
61.17 |
The SSSrv/UI delivers the application to the Signer. |
SSSrv/UI, Signer |
deliverApplication |
|
|
Table 14: Step-by-step description doingAuthenticationSigner process