User authentication and authorization of signature operations
The process of authentication and authorization of signature operations for a user requires the following steps:
- Client system authentication.
- Signature request
- Authentication and authorization of the request
- Execution of the signature.
A continuación se describen los siguientes apartados del proceso.
Client system authentication
To perform signature operations provided by Viafirma Fortress it is necessary to obtain a token associated with the client.
To do this, Viafirma Fortress offers the following Rest method, available at:
https://fortress.viafirma.com/fortress/oauth2/v1/token
This URL receives a series of parameters, which configure and prepare the signature request made by a client:
https://fortress.viafirma.com/fortress/oauth2/v1/token?
scope=client&
redirect_uri={url_de retorno_definido_en_viafirma_fortress}&
client_id={codigo_del_cliente_definido_en_viafirma_fortress}&
client_secret={clave_del_cliente_definido_en_viafirma_fortress}&
grant_type=client_credentials
| Parameter | Value | Description |
|---|---|---|
| scope | client | For services associated with signing documents. |
| redirect_uri | URL | It must match one of the return URLs defined in Viafirma Fortress |
| client_id | Client ID defined in Viafirma Fortress | Identify the client application that made the request |
| client_secret | Customer key defined in Viafirma Fortress | Allows you to validate the client application that made the request |
| grant_type | client_credentials | Indicates that the client requests access to protected resources under his control |
As a certificateRequestEntity, Viafirma Fortress will return an object in application / json format with the information of the access token associated with the client.
{
"access_token": "1479cc2592a84cfb83c01402df613d01",
"token_type": "Bearer",
"expires_in": 3599
}
Signature request
With the client system token obtained from the previous call, the client will call the Viafirma Fortress method / signature, providing the information to be digitally signed by the user. In the next
section you will find the detailed description of the signature method, as well as the parameters it receives. Once the information is processed Viafirma Fortress will return
to the client system an object in application / json format, composed of an authorization code and an execution code
{
"authCode": "124d6a9b5eaa470396a4db454780f6da",
"exeCode": "96f1e73e5718438c8683846a2479d198"
}
Authentication and authorization of the request.
Once the document or the documents to be signed have been prepared, it will be necessary to authenticate the user to be able to make the signature.
As in the process of authentication and authorization in query operations, it is necessary that it be authenticated with 1 or 2 authentication factors. Depending on the configuration associated with the Viafirma Fortress client, Viafirma Fortress may request an authentication factor or, on the contrary, Fortress will force the user to authenticate against two authentication factors of different categories. The categories will be:
- Something I know -> Knowledge
- Something I have -> Possession
- Something that I am -> Inherence
To perform a user's authentication process, Viafirma Fortress offers a web interface, available at:
https://fortress.viafirma.com/fortress/oauth2/v1/auth
This URL receives a series of parameters, which configure and prepare the authentication and authorization request in the signing process:
https://fortress.viafirma.com/fortress/oauth2/v1/auth?
signature_code={codigo_autorización_de_la_firma}
scope=signature&
client_id={codigo_del_cliente_definido_en_viafirma_fortress}&
redirect_uri={url_de retorno_definido_en_viafirma_fortress}
| Parameter | Value | Description |
|---|---|---|
| signature_code | Signature Authorization Code | Authorization code for the signature operation |
| scope | signature | signature : For services associated with the signing of documents |
| redirect_uri | URL | It must match one of the return URLs defined in Viafirma Fortress |
| client_id | Client ID defined in Viafirma Fortress | Identify the client application that made the request |
Request user to sign
If the client did not report the user_code field associated with the user, in the `application / json` object that he used as a parameter in the` / signature` method call, Viafirma Fortress will request the user code that wishes to make the signature.
When the user enters his user code in Fortress, Viafirma Fortress will validate it and show him the set of authentication factors in which the user is enrolled.
Viafirma Fortress will store the user once validated by at least one Authentication Factor in the browser's cookies, so as not to have to repeat the process each time the user tries to interact with Viafirma Fortress.
Authentication Factors
Viafirma Fortress, through the different authentication factors in which the user is enrolled, must ensure the identity of the user.
Active authentication factors can be determined during the installation of Viafirma Fortress, by modifying the values of the corresponding attributes, which follow a pattern of
type fortress.idp. {Code_of_idp} .active (see installation manual).
During the entire document signing process, the user can see the number of documents to be signed as well as download them.
Regardless of the authentication factors selected, in case of successful authentication, it is understood that the user has authorized the operation and control will be returned to the client application, redirecting to the return URL specified in the request configuration.
Authentication factor: Email
A unique code is sent to the user's email, which you must enter on the authorization screen once you receive it.
Authentication factor: SMS
An SMS with a unique code is sent to the user's mobile phone, which must be entered on the authorization screen once it is received.
Authentication factor: OTP
It is necessary to have the app (Android / IOS) that will generate a code, updated every so often. The user must enter the code in the authorization screen before the code expires.
Authentication factor: LDAP
The user's LDAP password will be requested (the configuration of the LDAP service is done during the Viafirma Fortress installation).
Authentication factor: PIN
The PIN code of the user stored in Viafirma Fortress will be requested.
Authentication factor: Password
The user's password will be requested in Fortress.
Select the certificate to be used in the signature
Once the user has successfully authenticated using any of the available authentication factors, the list of delegated certificates and certificates of the user (guarded by Viafirma Fortress) will be displayed. Once the user has selected one of their certificates, control will be returned to the client application.
Execution of the signature
Finally, when the user selects a certificate, Viafirma Fortress returns the following information to the client system, to execute the signature:
the selected certificate
execution status
- and the date of execution
results matching ""
No results matching ""