UAE PASS
  • UAE PASS
  • Overview
  • Getting Onboarded with UAE PASS
    • Onboarding Process for UAE PASS Service Providers
      • Initiation Phase
      • Development Phase
      • Assessment Phase
      • Go live Phase
  • Quick Start Guide - UAE PASS Staging Environment
    • User Account Types
    • Create Staging UAE PASS Account
    • Upgrade Staging UAE PASS Account
    • Testing Credentials for POC
    • Conduct a POC with UAE PASS Authentication
  • Feature Guides
    • Authentication
      • Web Integration
        • Introduction
        • Pre-Requisites
        • Endpoints
        • 1. Authorization Code
        • 2. Access Token
        • 3. User Information
        • 4. Logout
        • Login Button
        • Authentication Postman Walkthrough
      • Mobile Integration
        • Introduction
        • Pre-Requisites
        • Requirements
        • Guide
          • SDK
          • API
        • SDK Integration
      • Token Validation API
        • Introduction
        • Pre-Requistes
        • Endpoints
        • Integration Steps
          • 1. Verify access token API using Basic Authentication
          • 2. Obtaining Authenticated User Information from the Access Token
        • Validation Decisions
      • User Linking
        • Automatic Linking
        • Manual Linking
        • Corporate Account
    • Digital Signature
      • Digital Signature (Single Document)
        • Signing Guide
          • Endpoints
          • Document Signing Steps
            • 1. Token
            • 2. Create Signer Process
            • 3. Sign Document
            • 4. Obtaining Document
            • 5. LTV Configuration
              • Integration Web Services
              • Postman Collection for LTV
            • 6. Deleting Document
          • Document Signature verification Process
          • Postman Collection for Digital Signature
            • Digital Signature Postman Walkthrough
        • Verification API Integration
          • Web Service Details
          • Postman Collection for Signature Verification API
      • Digital Signature (Multiple Document)
        • Signing Guide
          • Endpoints
          • Document Signing Steps
            • 1. Token
            • 2.Create Documents
            • 3. Create Signer Process
            • 4. Sign Document
            • 5. Obtaining Document
            • 6. LTV Configuration
              • Integration Web Services
              • Postman Collection for LTV
            • 7. Deleting Document
          • Document Signature verification Process
          • Postman Collection for Multiple Document Signing.
    • e-Seal
      • Introduction
      • DESC Process for Dubai Entities
        • Process overview
        • Detailed DESC process description
      • ICA Process for Non-Dubai Entities
        • Onboarding Process
        • Obtaining Credentials and Certificates
      • Integration Web Service
        • PAdES eSeal Signing
        • CAdES eSeal Signing
        • eSeal verification
        • eSeal error codes
      • Postman Collection
    • Hash Signing
      • Introduction
      • Hash Signing (Single Document)
        • Hash Signing (Java SDK Set Up)
          • Quick Setup
          • Hash Signing Process
            • 1. Start the Process
            • 2. Initiate Signing Process
            • 3. Sign PDF Document
          • Endpoints
          • Postman Collection
          • Utility Files
      • Bulk Hash Signing (Multiple Documents)
        • Quick Setup
        • Hash Signing Process
          • 1. Start Signing Process
          • 2. Initiate Signing Process
          • 3. Sign PDF Document
        • Endpoints
        • Postman Collection
  • Web Registration
    • Introduction
    • Steps to create account
    • Endpoints
      • 1. Access Code
      • 2. Access Token
      • 3. User Information
  • Facial Biometric Transactions Confirmation
    • Web Integration
      • Endpoints
      • Integration Steps
        • Obtain Authorization Code
        • Obtain Access Token
        • Obtain User Info
        • Log out User
    • Mobile Integration
      • Mobile Integration Guidelines
  • Guidelines
    • Use-Case Guidelines
      • Standard Authentication Scenarios for Service Provider Use Cases
      • Standard Digital Signature Scenarios for Service Provider Use Cases
      • Standard Implementation Guidelines
    • Design Guidelines
      • UAEPASS Button Guideline
      • Text Message Guidelines
  • Resources
    • Attributes List
    • Sample Apps
    • Staging Apps
    • Assets
  • FAQ
    • Common Integration Issues
  • Versioning
Powered by GitBook
On this page
  • Authentication Flow
  • Authentication Issues
  • 1. Consumer Key not found:
  • 2. Callback URL does not match:
  • 3. Invalid Scope:
  • 4. Authentication URL Format
  • 5. Invalid grant or expired code:
  • 6. Invalid basic header authentication
  • 7. Callback url mismatch while calling the token generation url:
  • 8. Internal Server Error
  • 9. Access token validation failed:
  • 10. If SP is facing any issues in mobile app-to-app integration, please make sure that you configure proper xml file in node 6.
  • 11. HTTP errors:
  • 12. Steps for Mobile App-App Integration:
  • 13. Mobile integration with UAE PASS SDK
  • 14. Logout from UAE PASS
  • Digital Signature Flow:
  • 1. Get the access token to start the signature process:
  • 2. Create sign process: use the token from step 4 to create sign process
  • 3. Get the signature status:
  • 4. Fetch the signed document:
  • 5. Delete the signature process:
  • Digital Signature Issues:
  • 1. Asking for authenticate again while signing:
  • 2. Remote server returned error:
  • 3. Invalid scope:
  • 4. Unauthorized client:
  • 5. If signing the same document twice, please make sure that SP passes the unique value for name parameter in process type of request body as below:
  • 6. If digital signature call is failing due to special character in full name parameter.
  • 7. If the grant type is not passed correctly.
  • 8. If client credentials are not passed correctly.

Was this helpful?

  1. FAQ

Common Integration Issues

The purpose of this is to explain the integration process and issues faced by SP’s during their integration.

PreviousFAQNextVersioning

Last updated 10 months ago

Was this helpful?

Authentication Flow

  1. Entity has to hit UAEPASS authentication url for getting the access code.

Authentication URL sample: redirect url&client_id=your client id&state=ShNP22hyl1jUU2RGjTRkpg==&response_type=code&scope=urn:uae:digitalid:profile:general&acr_values=urn:safelayer:tws:policies:authentication:level:low&ui_locales=en

2. Above url redirects user to login with UAEPASS, here user gives his mobile number. He will receive push notification in his mobile. Once user confirms the push notification in his mobile, Entity gets the access code.

3. By using that access code , entity has to generate the token by calling the token API (below link)

?grant_type=authorization_code&redirect_uri= your redirect url&code=paste the access code here. Authentication here is basic auth with client credentials(Already shared staging client credentials).

4. From above url, entity receives bearer token. By using that bearer token, entity has to call API to get the user details. If the user is SOP3, below are the 18 attributes which you get from this API call.

  • uuid (user unique id)

  • userType

  • fullnameEN

  • fullnameAR

  • firstnameEN

  • firstnameAR

  • lastnameEN

  • lastnameAR

  • nationalityEN

  • nationalityAR

  • gender

  • mobile (2)

  • email

  • idType (1)

  • idn(emirates ID)

  • spuuid1 (smart pass uuid)

  • titleEN (1)

  • titleAR (1)

Note:

  1. Available only for applicable users

  2. Available for all users unless verified via OTP in another profile

Authentication Issues

1. Consumer Key not found:

Resolution: This error appears when client is not registered in node6 server. Provide the client id, secret and redirect URI to respective onboarding team and get it configured in node6 server, incase of existing integration with UAEPASS or get a new client id, and secret from onboarding team by proving your redirect URI.

2. Callback URL does not match:

Resolution: Validate the redirect uri configured in UAE PASS and the URL used in the authorization and token request.

3. Invalid Scope:

Resolution: Make sure that SP is passing correct scope in authentication URL.

4. Authentication URL Format

Web:

Staging:

Production:

Mobile:

Staging:

Production:

5. Invalid grant or expired code:

Resolution: This error appears when passing the expired code to token generation call. The authentication code received from authorization url should be utilized by SP within 10 seconds.

6. Invalid basic header authentication

Resolution: This error appears when SP is not passing the client id or secret properly as configured in server.

7. Callback url mismatch while calling the token generation url:

Resolution: Please make sure that SP passes the same redirect url in authentication and token generation calls.

8. Internal Server Error

Resolution: Please make sure that SP is passing the header Content-Type as multipart/form-data in token generation call.

9. Access token validation failed:

Resolution: Please make sure that SP is passing the token to user profile API using header Authorization as Bearer {token}.

10. If SP is facing any issues in mobile app-to-app integration, please make sure that you configure proper xml file in node 6.

11. HTTP errors:

HTTP Status Code
Description

200

Success and response is recieved

204

No Content

400

Not all required parameters provided

405

Method not allowed. Invalid method sent for calling the API

401

Unauthorized, Invalid or no credentials provided

403

Forbidden. Invalid credentials i.e. Wrong username or passwrod

404

Not Found

500

Server Error

503

Service Under Maintenance

12. Steps for Mobile App-App Integration:

  • Authorization call:

  • Deep link url received from uaepass

uaepass://digitalid-users-ids/signatures/capTPqaTB648aqBdXHkL?successurl=https%3A%2F%2Fqa-ids.uaepass.ae%2Fauthenticationendpoint%2FmobileWaiting.jsp%3Fstatus%3Dsuccess%26sessionDataKey%3D5c406d59-40af-4328-841b-25cfaf41c7ee%26relyingParty%3Duaedds_mob_stage&failureurl=https%3A%2F%2Fqa-ids.uaepass.ae%2Fauthenticationendpoint%2FmobileWaiting.jsp%3Fstatus%3Dfailure%26sessionDataKey%3D5c406d59-40af-4328-841b-25cfaf41c7ee%26relyingParty%3Duaedds_mob_stage

  • Save the success and failure urls in different variables

Successvar1: https%3A%2F%2Fqa-ids.uaepass.ae%2Fauthenticationendpoint%2FmobileWaiting.jsp%3Fstatus%3Dsuccess%26sessionDataKey%3D5c406d59-40af-4328-841b-25cfaf41c7ee%26relyingParty%3Duaedds_mob_stage

failurevar2: https%3A%2F%2Fqa-ids.uaepass.ae%2Fauthenticationendpoint%2FmobileWaiting.jsp%3Fstatus%3Dfailure%26sessionDataKey%3D5c406d59-40af-4328-841b-25cfaf41c7ee%26relyingParty%3Duaedds_mob_stage

  • Change uaepass to uaepassstg

uaepassqa://digitalid-users-ids/signatures/capTPqaTB648aqBdXHkL?successurl=https%3A%2F%2Fqa-ids.uaepass.ae%2Fauthenticationendpoint%2FmobileWaiting.jsp%3Fstatus%3Dsuccess%26sessionDataKey%3D5c406d59-40af-4328-841b-25cfaf41c7ee%26relyingParty%3Duaedds_mob_stage&failureurl=https%3A%2F%2Fqa-ids.uaepass.ae%2Fauthenticationendpoint%2FmobileWaiting.jsp%3Fstatus%3Dfailure%26sessionDataKey%3D5c406d59-40af-4328-841b-25cfaf41c7ee%26relyingParty%3Duaedds_mob_stage

  • Change the success and failureurl as below.

uaepassstg://digitalid-users-ids/signatures/capTPqaTB648aqBdXHkL?successurl=dds%3A%2F%2Fuaedds.com%3Furl%3Dhttps%3A%2F%2Fqa-ids.uaepass.ae%2Fauthenticationendpoint%2FmobileWaiting.jsp%3Fstatus%3Dsuccess%26sessionDataKey%3D5c406d59-40af-4328-841b-25cfaf41c7ee%26relyingParty%3Duaedds_mob_stage&failureurl=dds%3A%2F%2Fuaedds.com%3Furl%3Dhttps%3A%2F%2Fqa-ids.uaepass.ae%2Fauthenticationendpoint%2FmobileWaiting.jsp%3Fstatus%3Dfailure%26sessionDataKey%3D5c406d59-40af-4328-841b-25cfaf41c7ee%26relyingParty%3Duaedds_mob_stage

  • SP will receive call back from uaepass.

dds%3A%2F%2Fuaedds.com%3Furl%3Dhttps%3A%2F%2Fqa-ids.uaepass.ae%2Fauthenticationendpoint%2FmobileWaiting.jsp%3Fstatus%3Dsuccess%26sessionDataKey%3D5c406d59-40af-4328-841b-25cfaf41c7ee%26relyingParty%3Duaedds_mob_stage

  • Once you recieve the callback from uaepass, fire the success url which is saved in below variable within the same webview.

Successvar1

13. Mobile integration with UAE PASS SDK

  • Update this section in Integration document as it is copied from migration guide.

14. Logout from UAE PASS

a. URL given in the Integration document is below

b. Update above with below (communicated over email).

  • UAEPASS new system accepts only state parameter. To pass an additional parameter in the logout url, encode the value into state parameter and pass it to logout url as below.

https://stg-id.uaepass.ae/idshub/logout?redirect_uri= http://localhost:8080/logout?state={base 64 encoded value of query string}

  • Please make sure that once SP receive the state parameter thereafter SP have to decode the same to use it.

c. Above logout URL is applicable in web and mobile both or in case of mobile only destroying cache is enough. If applicable for mobile, mention it in mobile integration section.

Digital Signature Flow:

1. Get the access token to start the signature process:

2. Create sign process: use the token from step 4 to create sign process

3. Get the signature status:

4. Fetch the signed document:

5. Delete the signature process:

Digital Signature Issues:

1. Asking for authenticate again while signing:

If UAEPASS is asking for authentication again while initiating the signature process, please make sure that you add WSO2 SAML flow in trustedx for that SP client config. Below are the steps to add:

  • Login to trusted

  • Find the SP in the client applications list.

  • Go to User Authentication tab ( select Yes)

  • Authentication requirements ( Select Specific Flows)

  • Click on add and then select WSO2 IDS SAML2 Flow and save

2. Remote server returned error:

Resolution: Please make sure that SP is using token generation call for signature only. Kindly note that node6 urls are to be used only authentication but not for signarture. Digital signature API’s remains same.

3. Invalid scope:

Resolution: Please make sure that SP passes correct scope as below:

urn%3Asafelayer%3Aeidas%3Asign%3Aprocess%3Adocument

4. Unauthorized client:

Resolution: Please make sure that all the signing scopes are assigned to that SP in trustedx and enable client_credentials in grant types tab. Below are the signing scopes to be assigned to SP if they have signing use case.

Signing Scopes

UAEPASS General Profile

Use Server Signing Identity

Sign Documents

Get Signing Identity Attributes

Use Advanced Server Signing Identity

Get Profile Information

5. If signing the same document twice, please make sure that SP passes the unique value for name parameter in process type of request body as below:

"name": "Sign1" for first signature

"name": "Sign2" for second signature.

6. If digital signature call is failing due to special character in full name parameter.

Follow below steps in order to resolve the issue.

1. Trim the first name and last name returned from UAE PASS.

2. Append last name to first name and pass it in full name parameter.

7. If the grant type is not passed correctly.

Resolution: Please make sure that SP passes correct grant_type value as client_credentials.

8. If client credentials are not passed correctly.

Resolution: Please make sure that SP passes the client id and secret value correctly.

.

.

.

https://stg-id.uaepass.ae/idshub/authorize?redirect_uri=your
https://qa-id.uaepass.ae/idshub/token
https://qa-id.uaepass.ae/idshub/userinfo
https://stg-id.uaepass.ae/idshub/authorize?response_type=code&client_id={client_id}&scope=urn:uae:digitalid:profile:general&state=HnlHOJTkTb66Y5H&redirect_uri={redirect_uri}&acr_values=urn:safelayer:tws:policies:authentication:level:low
https://id.uaepass.ae/idshub/authorize?response_type=code&client_id={client_id}&scope=urn:uae:digitalid:profile:general&state=HnlHOJTkTb66Y5H&redirect_uri={redirect_uri}&acr_values=urn:safelayer:tws:policies:authentication:level:low
https://stg-id.uaepass.ae/idshub/authorize?response_type=code&client_id={client_id}&scope=urn:uae:digitalid:profile:general&state=HnlHOJTkTb66Y5H&redirect_uri={redirect_uri}&acr_values=urn:digitalid:authentication:flow:mobileondevice
https://id.uaepass.ae/idshub/authorize?response_type=code&client_id={client_id}&scope=urn:uae:digitalid:profile:general&state=HnlHOJTkTb66Y5H&redirect_uri={redirect_uri}&acr_values=urn:digitalid:authentication:flow:mobileondevice
https://stg-id.uaepass.ae/idshub/authorize?response_type=code&client_id={client_id}&scope=urn:uae:digitalid:profile:general&state=HnlHOJTkTb66Y5H&redirect_uri={redirect_uri}&acr_values=urn:digitalid:authentication:flow:mobileondevice
https://stg-id.uaepass.ae/idshub/logout?redirect_uri=http://localhost:8080/logout
https://stg-id.uaepass.ae/trustedx-authserver/oauth/main-as/token?grant_type=client_credentials&scope=urn%3Asafelayer%3Aeidas%3Asign%3Aprocess%3Adocument
https://stg-id.uaepass.ae/trustedx-resources/esignsp/v2/signer_processes
https://stg-id.uaepass.ae/trustedx-resources/esignsp/v2/signer_processes/91rnf9vjeep6tlrdqghv8qk46pbj20e1/result
https://stg-id.uaepass.ae/trustedx-resources/esignsp/v2/documents/29gqd1aprv8t85l6vsct5vh7507f471r/content
https://stg-id.uaepass.ae/trustedx-resources/esignsp/v2/signer_processes/4186r9un1m0iqf98jmfa91k567qgb1rs