SAML2SithsEID
Authenticate using Siths EID (card or app).
Siths EID authenticator allows for two different scenarios:
- Starting Siths EID on the same device.
- Starting Siths EID using a QR code.
Every method needs to be activated through configuration.
On successful authentication, these parameters will be added to the request sent to the connected pipe:
- userPersonalNumber - The end user personal number (SSID)
- userCertificate - The full user certificate (PEM formatted)
Patch instructions
SAML2SithsEID binaries and template files must for now (version 4.0) be added manually to the PAS installation. Please download binaries and instructions to install the patch here.
Example Configuration
{
"id": "c48b7a22-21c9-44f2-b606-6bd000db60fe",
"alias": "siths-eid-test",
"name": "SAML2SithsEID",
"displayName": "siths-eid-test",
"configuration": {
"keyStore": "5ca8fb2f-bb98-48eb-a1fd-f1e89879fd50",
"pipeID": "e9acc237-0357-4d8e-b68d-c487b2b987d4",
"idpID": "2a9b1517-c8ef-47cc-a2f2-783076e124dc",
"sithseidURL": "https://secure-authservice.idp.ineratest.org",
"samlAuthMethod": "urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig",
"organizationName": "PhenixID Authentication Services",
"templateVariables": {
"methods": [
{
"image": "/authenticate/res/images/sithseid/sithseid.png",
"data-toggle-action": "SD",
"title": "sithseid.messages.option_label_sd"
},
{
"image": "/authenticate/res/images/sithseid/sithseid-qrc.png",
"data-toggle-action": "QR",
"title": "sithseid.messages.option_label_qr"
}
]
},
"translation": [
"sithseid.messages.title_starting",
"sithseid.messages.title_current_device",
"sithseid.messages.title_mobile_device",
"sithseid.messages.title_qrcode",
"sithseid.messages.text_starting",
"sithseid.messages.text_current_device",
"sithseid.messages.text_mobile_device",
"sithseid.messages.text_qrcode",
"sithseid.messages.input_personal_number",
"sithseid.messages.button_submit",
"sithseid.messages.button_start_over",
"sithseid.messages.button_start_manually",
"sithseid.messages.info_bankid_link_creation_app",
"sithseid.messages.info_bankid_url_link_redirection_success_app",
"sithseid.messages.info_open_app",
"sithseid.messages.info_rediection_app",
"sithseid.messages.info_verified_app",
"sithseid.messages.info_qrcode_scanned_app",
"sithseid.messages.error_bad_personal_number",
"sithseid.messages.error_cancellation",
"sithseid.messages.error_request",
"sithseid.messages.changeLanguage"
],
"loginTemplate": "sithseid.template"
},
"created": "2021-01-04 11:02:13.461"
}
Requirements
- A Siths Eid key store issued by an authorized issuer
- PAS IP address whitelisted to be able to communicate with the siths eid backend URL
- Siths eid client with enrolled user certificate
- Siths eid backend URL SSL certificate (for https) ca:s added to cacerts trust store.
Tips
Make sure to have the proper rfc2253Issuers configured!
The default value will not work with Ineras production environment.
Use the configuration below instead:
"rfc2253Issuers": [
"CN=SITHS e-id Person ID 3 CA v1,O=Inera AB,C=SE",
"CN=SITHS e-id Person ID Mobile CA v1,O=Inera AB,C=SE"
]
Click to copy