This project implements a secure and specification-compliant eID Server that facilitates electronic identity authentication via SOAP. It supports the German eID card (nPA) and follows the TR-03130 guidelines for secure middleware services.
- SOAP-based Authentication Flow
- Extended Access Control (EAC) via smartcard
- SAML Assertion Generation for service providers
- Modular architecture supporting custom clients
- Standards-compliant security and cryptographic flow
The eID Server enables identity verification using a SOAP-based flow between the following key components:
- User initiates login via the Service Provider (SP).
- SP redirects to eID-Server with a SAML AuthnRequest.
- eID-Server returns a redirect/POST to initiate a SOAP/PAOS session.
- eID-Client (AusweisApp2 or custom app) connects and initiates authentication.
- eID-Server interacts via EAC protocol with the eID card through the client.
- On success, SAML Assertion is sent back to the SP.
🖇️ Currently implemented interface: SOAP (PAOS over HTTP)
🧩 Alternative (not yet active): SAML Binding (HTTP Redirect or POST)
- PART1: Functional Specification
- PART2: Security Framework
- PART3: eIDAS Middleware Service
- PART4: Conformance Test Specification
Before running the server, ensure you have the following tools installed:
- Rust & Cargo (Latest stable version recommended).
- Redis (Optional): Used for persistent session management. The server defaults to a temporary in-memory store if Redis is not configured.
Clone the Repository:
git clone https://github.com/ADORSYS-GIS/eID-Server.git
cd eID-ServerThe server needs some configuration to run. You can either use a configuration file or environment variables.
Configuration file:
mkdir -p config
touch config/settings.tomlAdd basic configuration. By default, the server will use a temporary in-memory session store.
[server]
host = "127.0.0.1"
port = 8080To enable persistent sessions with Redis, uncomment the following section.
#[redis]
#uri = "redis://127.0.0.1:6379"Environment Variables:
You can also configure the server using environment variables. By default, no Redis connection is needed. To enable it, set the APP_REDIS__URI variable. See the .env.example file for more details.
The simplest way to run the project is with docker compose:
- Execute the command below at the root of the project
docker compose up --build -dThis command will pull all required images and start the server.
You can run the server directly with Cargo. If you have configured a Redis URI, ensure the Redis server is running first.
cargo runBy default, the server will listen on https://localhost:3000. You can modify the host and port in the configuration settings.
cargo test