SithsEIDAuthenticator
Authenticate using Siths EID (card or app).
Siths EID authenticator allows for two different scenarios:
- Starting Siths EID on the same device.
- Starting Siths EID using a QR code.
Every method needs to be activated through configuration.
On successful authentication, these parameters will be added to the request sent to the connected pipe:
- userPersonalNumber - The end user personal number (SSID)
- userCertificate - The full user certificate (PEM formatted)
Properties
Example Configuration
{
"id": "c48b7a22-21c9-44f2-b606-6bd000db60fe",
"alias": "siths-eid-test",
"name": "SithsEIDAuthenticator",
"displayName": "siths-eid-test",
"configuration": {
"keyStore": "5ca8fb2f-bb98-48eb-a1fd-f1e89879fd50",
"pipeID": "e9acc237-0357-4d8e-b68d-c487b2b987d4",
"sithseidURL": "https://secure-authservice.idp.ineratest.org",
"organizationName": "PhenixID Authentication Services",
"templateVariables": {
"methods": [
{
"image": "/authenticate/res/images/sithseid/sithseid.png",
"data-toggle-action": "SD",
"title": "sithseid.messages.option_label_sd"
},
{
"image": "/authenticate/res/images/sithseid/sithseid-qrc.png",
"data-toggle-action": "QR",
"title": "sithseid.messages.option_label_qr"
}
]
},
"translation": [
"sithseid.messages.title_starting",
"sithseid.messages.title_current_device",
"sithseid.messages.title_mobile_device",
"sithseid.messages.title_qrcode",
"sithseid.messages.text_starting",
"sithseid.messages.text_current_device",
"sithseid.messages.text_mobile_device",
"sithseid.messages.text_qrcode",
"sithseid.messages.input_personal_number",
"sithseid.messages.button_submit",
"sithseid.messages.button_start_over",
"sithseid.messages.button_start_manually",
"sithseid.messages.info_bankid_link_creation_app",
"sithseid.messages.info_bankid_url_link_redirection_success_app",
"sithseid.messages.info_open_app",
"sithseid.messages.info_rediection_app",
"sithseid.messages.info_verified_app",
"sithseid.messages.info_qrcode_scanned_app",
"sithseid.messages.error_bad_personal_number",
"sithseid.messages.error_cancellation",
"sithseid.messages.error_request",
"sithseid.messages.changeLanguage"
],
"loginTemplate": "sithseidagnostic.template"
},
"created": "2021-01-04 11:02:13.461"
}
Requirements
- A Siths Eid key store issued by an authorized issuer
- PAS IP address whitelisted to be able to communicate with the siths eid backend URL
- Siths eid client with enrolled user certificate
- Siths eid backend URL SSL certificate (for https) ca:s added to cacerts trust store.
Adding trust to production SITHS CAs
Configure the rfc2253Issuers parameter to trust production SITHS CAs:
"rfc2253Issuers": [
"CN=SITHS e-id Person ID 3 CA v1,O=Inera AB,C=SE",
"CN=SITHS e-id Person ID Mobile CA v1,O=Inera AB,C=SE"
]