Skip to content

v1.3.2.0 for Windows Server 2016 / 2022

Compare
Choose a tag to compare
@phaupt phaupt released this 03 Feb 13:29
· 60 commits to main since this release
01c3e1f

Created Version 1.3.2.0 which includes a fix for issue #1, #5 and #7

Modified CertificateChain validation.
Added config-params for custom Root Certificates.
Added new config-param for SignatureProfile.

Example configuration xml:

<appConfig>
   <!-- possible values for SslRootCaCertFiles: any path to cert files, multiple paths seperated by semicolon, default is empty -->
   <!-- possible values for SignatureProfile: any string with valid Profile, default if empty: http://mid.swisscom.ch/MID/v1/AuthProfile1 -->
   <mobileIdClient
    AP_ID = "mid://ap.mycompany.ch"
    SslKeystore = "LocalMachine"
    SslCertThumbprint = "19cb073f974729d9fec86ca5912ac66886fcdeba"
    SslRootCaCertDN="C=CH, O=Swisscom, OID.2.5.4.97=VATCH-CHE-101.654.423, OU=Digital Certificate Services, CN=Swisscom Root CA 4"
    SslRootCaCertFiles="C:\Program Files (x86)\MobileIdAdfs\v1.3\certs\Swisscom_Root_CA_2.crt;C:\Program Files (x86)\MobileIdAdfs\v1.3\certs\Swisscom_Root_CA_4.crt" 
    SignatureProfile="http://mid.swisscom.ch/Any-LoA4"
    DtbsPrefix = "ADFS Demo: "
    RequestTimeOutSeconds = "60"
    PollResponseIntervalSeconds = "1"
    PollResponseDelaySeconds = "3"
    ServiceUrlPrefix  = "https://mobileid.swisscom.com/soap/services/"
    SecurityProtocolType = "Tls12"
    EnableSubscriberInfo = "false"
    DisableSignatureValidation = "false"
    DisableSignatureCertValidation = "false"
  />
  <mobileIdAdfs
    AdAttrMobile = "mobile"
    AdAttrMidSerialNumber = "serialNumber"
    ShowDebugMsg = "true"
    LoginPrompt.en = "Demo Login with mobileID? Session ID (#TransId#)"
    LoginPrompt.de = "Demo Login mit mobileID? Session ID (#TransId#)"
    LoginPrompt.fr = "Demo Login avec mobileID? Session ID (#TransId#)"
    LoginPrompt.it = "Demo Login con mobileID? Session ID (#TransId#)"
  />
</appConfig>

If DisableSignatureCertValidation configured true no chain-validation is made even if there are configured SslRootCaCertFiles.