Freja eID

This guide scenario will create an authenticator that uses Freja eID for user authentication. It can be paired with another user store to make sure only users from that particular user store are granted access.

Name and Description

Input the name and description of your authenticator scenario

Alias

Here you enter an alias for your authenticator, which is a more user friendly version of the authenticator's ID (which is a random, auto generated UUID string). 

User store

Here you may configure which user store the authentication should be performed against.

Freja eID has its own user store so that anyone with a valid Freja eID can authenticate against it. If you want to use your own user store, but still use Freja eID as authentication, you may add a user store connection and create a search filter that will match the user returned from the Freja eID authentication with one in your own user store.

You may select an existing user store, or configure a new one. For instructions on configuring a new one, see the guide scenario for "Connections - LDAP" or "Connections - JDBC".

Search settings - only relevant if you use your own user store

Depending on whether your connection is LDAP or JDBC, your next step will look different. For LDAP, you enter your search filter such that the username that the user will enter on the web correlates with your userid-attribute in the directory. You also select the search base for the users by clicking "choose" and selecting the correct category for your users.

For JDBC you simply adjust the SQL query so that it will select the correct user. {{request.userPersonalNumber}} will resolve to the personal number / SSN returned by Freja EID for example. Adjust your search filter so that it matches the attribute in your user store.

Mode

Select whether you want to use Freja eID in personal or organisation mode. Also if you want to use it in test or production mode. For the authenticator to work, this must match which keystore you select in the next step.

Keystore

Select which keystore you want to use. This keystore has to contain your Freja eID relying party certificate. You will need to get such a certificate from Freja eID themselves. It also needs to reflect the mode you select (test or production). You may create a new keystore in this step if you have not created one already.

Requested attributes

In this step you select which attributes you want to receive about the authenticated user. Note that depending on what you select here, it may affect the minimum required registration level that can be set. Visit official Freja eID documentation for details of which attributes require which registration level.

Minimum registration level

Here you can select the minimum registration level. It will automatically be set to the lowest possible registration level for the attributes you have selected. If you try to set it to an invalid setting for your attribute profile, you will get an error message.

The result

Upon finishing the guide scenario, you will be met with an edit page where you can adjust additional settings. You can also see the "execution flow" tab where you can adjust the pipes and valves created in the scenario.