Net iD Access Server – Log samples from serverside
A registered user in Net iD Access Server
A user post in the server can look like this:
Which corresponds just fine to the users certificate used when registering for this instance of Net iD Access Server:
The authentication process
Login request – 1
This a sample of a login request. The user has just entered the UserID but not yet started the Net iD Access App and the value of <Status> is OUTSTANDING_TRANSACTION
The complete NonVisibleData-tag looks like this:
The NonVisibleData is Base64-encoded an if we decode the string we find this:
Login request – 2
Here’s the next step in the login request. The user has started Net iD Access App, the challenge from Net iD Access Server have reached the end user device but the user have not entered the PIN code yet. The value of <Status> is USER_SIGN
Login request – 3
In the last step we can see that <Status> has changed to COMPLETE and <Signature> is no longer empty. We can also see information about the device in the <Device> tag.
The complete Signature-tag looks like this: (just added the PKCS#7 lines)
If we decode it we can see that it all makes sense and that the challenge really is in there.
Here’s the complete PKCS#7 parsed: auth_nias_pem_parsed.txt