Added documentation about the KOMBIT public certificate (#34)

GufCab · web-flow · commit ea89637d5a1a · 2022-11-17T10:44:30.000+01:00
diff --git a/source/installation-guide/installation-guide.rst b/source/installation-guide/installation-guide.rst
@@ -235,6 +235,8 @@ OS2IoT-backend takes several environment variables as configuration, if these ar
 +-------------------------------+------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+
 | KOMBIT_CERTIFICATEPRIVATEKEY  | The certificate  private key for KOMBIT adgangsstyring                                               | :code:`null`                                                                            |
 +-------------------------------+------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+
+| KOMBIT_CERTIFICATEPUBLICKEY   | Public certificate from the KOMBIT idp for verifying SAML response                                   | :code:`"INSERT_KOMBIT_CERT"`                                                            |
++-------------------------------+------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+
 | KOMBIT_ROLE_NAME              | This string must be a substring of the brugersystemrolle you grant users for them to be given access | :code:`http://os2iot.dk/roles/usersystemrole/adgang/`                                   |
 +-------------------------------+------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+
 | CHIRPSTACK_JWTSECRET          | Secret to generate JWT for Chirpstack                                                                | :code:`verysecret`                                                                      |
diff --git a/source/kombit-adgangsstyring/kombit-adgangsstyring.rst b/source/kombit-adgangsstyring/kombit-adgangsstyring.rst
@@ -16,6 +16,9 @@ Prerequisites:
 
 2. A NemID FOCES or VOCES (FOCES is preferred) for production use (Issued by: TRUST2408 OCES CA). If the OS2IoT installation is a TEST system, and the test environment for KOMBIT adgangsstyring is being used, then a FOCES/VOCES for the NemID integration environment is sufficent (Issued by: TRUST2408 Systemtest).
 
+3. The public certificate from the KOMBIT IDP. Can be retrieved from
+    a. **KOMBIT Test endpoint:** https://adgangsstyring.eksterntest-stoettesystemerne.dk/runtime/saml2/metadata.idp
+    b. **KOMBIT Prod endpoint:** https://adgangsstyring.stoettesystemerne.dk/runtime/saml2/metadata.idp
 
 Once the prerequisites are in order the configuration can begin.
 
@@ -91,6 +94,13 @@ Steps:
             .. code-block:: javascript
 
                 KOMBIT_ENTRYPOINT="https://adgangsstyring.eksterntest-stoettesystemerne.dk/runtime/saml2/issue.idp"
+        
+        iiiii. The variable :code:`KOMBIT_CERTIFICATEPUBLICKEY` must be set to the public key of the KOMBIT idp. If unset, the backend will not validate responses from KOMBIT, even if they are valid. Must be one line, with only the key part as shown below
+            d. An example for :code:`.env` could be:
+
+            .. code-block:: javascript
+
+                KOMBIT_CERTIFICATEPUBLICKEY="MIIGHTCCBQWgAwIBAgIEXgiTCTA[...]H0QDoU9mHDP17gSZZ"
 
 
 Test:
