id2s phishing testside

Test environment

Phishing protecting in MitID is investigated by use of the id2 phishing-protection test-environment. The environment mimics the MitID component architecture and allows the same user interaction patterns as MitID. The environment consists of the following components:

Core component

Corresponding to MitID Core. Hosted at https://testid.dk. Management of test-identities and authentication flows.

Broker component

Corresponds to a MitID Broker. Hosted at https://broker.testid.dk. Implements the OpenID Connect authentication protocol with service providers.

Service provider

A sample service provider (Min Bank). Hosted at https://serviceprovider.id2.dk – this site.

Client component

A JavaScript (React) client component representing the MitID Core Client. Broker utilizes the client as MitID Brokers utilize the MitID Core Client.

App component

The MitID App is represented by iOS and Android apps. The iOS App (“FIDO test”) is available in TestFlight.

iOS app is available through TestFlight here. You may need to install TestFlight prior to testing the app.

Android app is available in Google Play here. You will need to have your Google Account (e-mail) pre-registered by id2 to install the Android app Google Play.

Signed installation packages (.ipa and .apk files) are also available.

Test cases

Password manager tests

These tests explore the proposed approach to implementing 3rd party passkey manager functionality to improve the user experience substantially.

PM1: Same device registration and authentication

App-test on same device. 

See test description here.

PM2: Cross device authentication (BLE)

App and pc test with FIDO cross device functionality. Use of BLE-QR code.

See test description here.

CT1:  Registration and authentication on Windows pc – code token

Test illustrates code token use of ‘locked device’ concept. User has code token (only) and registers a pc as his/her locked device.

See test description here.

NB1:  Registration and authentication on Windows pc – app

Test illustrates use of Windows Hello with app for users not able to use BLE cross device.
See test description here.