This AIC Journey creates a custom Prefill URL containing the PII data of the user to be verified, directs the user to ID Dataweb's hosted UI for verification, and then redirects them back to AIC with the results of the verification (“approve", "obligation", or "deny”).
https://docs.iddataweb.com/docs/gateway-overview
- Obtain an AXN Admin access token.
- With the AXN Admin access token, make a request to the Verification Link API with the PII data to get the IDDW Prefill URL (Option 1: Use the Admin API to generate a JWT for prefill).
- The output from the Verification Link API contains the full IDDW Prefill URL that AIC will use to redirect to IDDW. This Prefill URL includes a fully formed JSON Web Token containing your PII data, which is used as the login_hint value to prefill PII into your IDDW verification workflow.
- https://docs.iddataweb.com/reference/authorize
- AIC Redirects to IDDW using the IDDW Prefill URL generated above.
- Once you complete the IDDW verification workflow, you are Redirected back to AIC with a one-time token.
- For example: https://<AIC URL>/am/XUI?code=xQ5Ld5PDIRz8N1S8xw-qLiLu827qyRdPcbHaOnnfWgA
- You exchange this token (via a "back channel" API call) in order to retrieve the transaction details (i.e. id_token and access_token).
- The /token response is a JSON Web Token, and will include all authentication and verification results configured by the client
- https://docs.iddataweb.com/reference/token
- With the id_token and access_token returned, you then have two options:
- Decode the id_token JWT and extract the policyDecision
- Journey: IDDW Identity Proofing - ID Token.json
- Use the access_token to make an API call to the /userinfo endpoint to get the policyDecision
- Journey: IDDW Identity Proofing - Userinfo.json
- https://docs.iddataweb.com/reference/userinfo
- Decode the id_token JWT and extract the policyDecision
- Create the following in Environment Secrets & Variables
- Secrets
- esv-iddw-admin-password
- esv-iddw-admin-username
- esv-iddw-client-id
- esv-iddw-client-secret
- Variables
- esv-iddw-jwt-audience
- Example: 1234567890abcdef
- esv-iddw-jwt-issuer
- Example: https://preprod1.iddataweb.com
- esv-iddw-redirecturl
- Example: https://<AIC URL>/am/XUI/
- esv-iddw-signingkey
- Example: eyJrZXlzIjpbey…dfQ==
- esv-iddw-jwt-audience
- Secrets
- Import the provided Journeys:
- IDDW Identity Proofing - ID Token.json
- This Journey will decode the id_token JWT and extract the policyDecision
- IDDW Identity Proofing - Userinfo.json
- This Journey will use the access_token to make an API call to the /userinfo endpoint to get the policyDecision
- Optional: IDDW Identity Proofing - ID Token - Debug.json
- Contains Debug outputs for troubleshooting
- Optional: IDDW Identity Proofing - Userinfo - Debug.json
- Contains Debug outputs for troubleshooting
- IDDW Identity Proofing - ID Token.json
- Modify the respective Journey to include your PII data:
- Select the node titled “AXN Admin /verification/link”
- In the “Body Content” section, modify the userAttributes parameter to include the Prefill PII data you require for your verification workflow.
If you encounter any issues, be sure to check our Troubleshooting pages.
Support tickets can be raised whenever you need our assistance; here are some examples of when it is appropriate to open a ticket (but not limited to):
- Suspected bugs or problems with Ping Identity software.
- Requests for assistance
You can raise a ticket using BackStage, our customer support portal that provides one stop access to Ping Identity services.
BackStage shows all currently open support tickets and allows you to raise a new one by clicking New Ticket.
This Ping Identity project does not accept third-party code submissions.
This code is provided by Ping Identity on an “as is” basis, without warranty of any kind, to the fullest extent permitted by law. Ping Identity does not represent or warrant or make any guarantee regarding the use of this code or the accuracy, timeliness or completeness of any data or information relating to this code, and Ping Identity hereby disclaims all warranties whether express, or implied or statutory, including without limitation the implied warranties of merchantability, fitness for a particular purpose, and any warranty of non-infringement. Ping Identity shall not have any liability arising out of or related to any use, implementation or configuration of this code, including but not limited to use for any commercial purpose. Any action or suit relating to the use of the code may be brought only in the courts of a jurisdiction wherein Ping Identity resides or in which Ping Identity conducts its primary business, and under the laws of that jurisdiction excluding its conflict-of-law provisions.
This project is licensed under the MIT License - see the LICENSE file for details
© Copyright 2024 Ping Identity. All Rights Reserved