Implementing the NemID solution via TU Example

 

​​​​Introduction to the NemID solution

This is a brief introduction to the NemID solution and the essentiel sub-systems, which interfaces with it. 

When implementing a NemID solution, a service prodvider's site will be able to offer:

  • Login/signing with NemID OTP (One Time Password)
  • Login/signing with NemID code file

 

When using the NemID login/signing mechanism it is possible to:

  • Check the end-user's certificate - whether it matches the user identity in the serviceprovider system (CPR or other selfmade ID) or not. This is done by using the PID/CPR service.
  • Check the end-user's certificate used for login/signing - whether it is revoked or not. This is easily done by using the framework OOAPI which provides the possibility to verify the certificate by OCSP or CRL.
  • Check the end-user's certificate used for login/signing - whether it is expired or not. This is easily done by using the framework OOAPI which provides the possiblity to verify the state of the certificate.

 

Nets DanID highly recommends the following order in which to use the TU Example project:

  1. Start by downloading the TU Example project, and get it to run locally with Nets DanIDs test certificates. If using the .NET platform see Get the .NET TU example to run on a test setup on a local machine in Guides to proceed. If using the Java platorm see Get the Java TU example to run on Tomcat using Eclipse in Guides to proceed.
  2. After TU Example project is up and running locally with Nets DanIDs test certificates, modify the TU Example project and get it to run locally with your company's own test certificates. If using the .NET platform see Get the .NET TU example to run on a test setup on a local machine in Guides to proceed. If using the Java platorm see Get the Java TU example to run on Tomcat using Eclipse in Guides to proceed.
  3. After TU Example project is up and running locally with your company's own OCES test certificates, modify the TU Example project and get it to run on a test-server with the same test certificates. If using the .NET platform see Get the .NET TU example to run on a test setup in Guides to proceed. If using the Java platorm see Get the Java TU example to run on Tomcat using Eclipseon in Guides to proceed.
  4. After TU Example project is up and running on your company's test-server with your company's own test certificates, modify the TU Example project and get it to run on the same test-server but with production certificates. If using the .NET platform see Get the .NET TU example to run on a test server with a production certificateon in Guides to proceed. If using the Java platorm see Get the Java TU example to run on Tomcat using Eclipse in Guides to proceed.

These 4 steps completes the development cycle for the TU Example project. A proof of concept has now been implemented, and is ready to be ported into a real development project.
 

Login and signing with NemID (Borger)

All prime elements, like generating NemID JavaScript client and NemID CodeFile client for login/signing, usage of the PID/CPR service, check certificates validity, etc. are described and exemplified in the introduction project TU Example.

 

Company certificates (VOCES) used in TU Example project

As mentioned above, we strongly recommend starting the development process of the NemID solution by using the introduction project TU Example as a reference point.

When using the TU Example as reference point certain certificates used in the project might need some explanation. The certificates in the TU Example are needed for the following tasks:

  • one company certificate (VOCES) is needed for identifying the service provider as a client to the PID/CPR service
  • one company certificate (VOCES) is needed for signing NemID client parameters to ensure the identification of the service provider

In the TU Example project the same certificate is used for these two tasks. Note however that it is possible to configure the project to use a different certificate for each of these two tasks.

 

Further inquires as a service provider

If you have been registered as a service provider (TU), you can contact the Service Provider support.

Before contacting the support please check the FAQ to see if your issue has been addressed previously.
FAQ for developers (in Danish)