SAML2BankID

Authenticate using BankID. Depending on the method used the user may need to enter the personal number. 

BankID authenticator allows for three different scenarios:

  • Starting BankID on the same device.
  • Starting BankID on another device.
  • Starting BankID using a QR code. 

Every method needs to be activated through configuration.


On successful authentication, these parameters will be added to the request sent to the connected pipe:

  • userPersonalNumber  - The end user personal number (SSID)
  • userGivenName  - The end user given name
  • userSurName - The end user family name
  • bid_signature - The signature created in the bankID client during the authentication

Properties

Name Description Default value Mandatory
idpID The internal identifier of the idp used N/A Yes
pipeID ID of the pipe to be executed on successful authentication N/A Yes
samlAuthMethod What value is set in the AuthnContextClassRef urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig No
keyStore ID of the key store used to communicate with BankID backend N/A Yes
mode If connecting to BankID test backend set this value to "test". N/A No
loginTemplate Template used for rendering the user facing UI bankid.template No
client_ip_request_param The parameter of the http client request holding the value of the requesting client remoteAddress No
certificatePolicy A comma sepearated string of BankdID policies N/A No

Example Configuration

{
        "id": "bidsaml",
        "alias": "bidsaml",
        "name": "SAML2BankID",
        "configuration": {
            "idpID":"samlidp",
            "pipeID": "pipeBID",
            "keyStore": "bankidkeystore",            
            "mode": "test",
            "enableHoneypot": "true",
            "loginTemplate": "bankid.template",
            "translation": [
                "bankid.messages.title_starting",
                "bankid.messages.title_current_device",
                "bankid.messages.title_mobile_device",
                "bankid.messages.title_qrcode",
                "bankid.messages.text_starting",
                "bankid.messages.text_current_device",
                "bankid.messages.text_mobile_device",
                "bankid.messages.text_qrcode",
                "bankid.messages.input_personal_number",
                "bankid.messages.button_submit",
                "bankid.messages.button_start_over",
                "bankid.messages.button_start_manually",
                "bankid.messages.info_bankid_link_creation_app",
                "bankid.messages.info_bankid_url_link_redirection_success_app",
                "bankid.messages.info_open_app",
                "bankid.messages.info_rediection_app",
                "bankid.messages.info_verified_app",
                "bankid.messages.info_qrcode_scanned_app",
                "bankid.messages.error_bad_personal_number",
                "bankid.messages.error_cancellation",
                "bankid.messages.error_request",
                "bankid.messages.changeLanguage"
            ],
            "templateVariables": {
                "methods": [
                    {
                        "title": "bankid.messages.option_label_od",
                        "image": "/authenticate/res/images/icons/phenixid-bankid.png",
                        "data-toggle-action": "OD"
                    },
                    {
                        "title": "bankid.messages.option_label_sd",
                        "image": "/authenticate/res/images/icons/phenixid-bankid.png",
                        "data-toggle-action": "SD"
                    },
                    {
                        "title": "bankid.messages.option_label_qr",
                        "image": "/authenticate/res/images/icons/phenixid-bankid-qr.png",
                        "data-toggle-action": "QR"
                    }
                ]
            }
        }
    }

Requirements

  • A BankID key store issued by an authorized issuer
  • The user must have activated BankID prior to authenticating