Authenticate using Siths EID (card or app).

Siths EID authenticator allows for two different scenarios:

  • Starting Siths EID on the same device.
  • Starting Siths EID using a QR code. 

Every method needs to be activated through configuration.


On successful authentication, these parameters will be added to the request sent to the connected pipe:

  • userPersonalNumber  - The end user personal number (SSID)
  • userCertificate  - The full user certificate (PEM formatted)


Name Description Default value Mandatory
pipeID ID of the pipe to be executed on successful authentication N/A Yes
keyStore ID of the key store used to communicate with Siths eid backend N/A Yes
sithseidURL The root URL of the Siths EID Backend. N/A Yes
rfc2253Issuers List of trusted SITHS eID issuers. [ "CN=TEST SITHS e-id Person HSA-id 3 CA v1,O=Inera AB,C=SE", "CN=TEST SITHS e-id Person ID 3 CA v1,O=Inera AB,C=SE", "CN=TEST SITHS e-id Person ID Mobile CA v1,O=Inera AB,C=SE", "CN=CGI Test Root CA,OU=Test,O=CGI,ST=Jamtland,C=SE", "CN=SITHS Type 1 CA v1,O=Inera AB,C=SE", "CN=SITHS Type 1 CA v1 PP,O=Inera AB,C=SE" ] No
loginTemplate Template used for rendering the user facing UI sithseidagnostic.template No
templateVariables Parameters to control the GUI rendering. Methods define the user options to present (sd=same device, qr=qr code) N/A Yes
organizationName The header text to be displayed in the Siths Eid client during authentication. N/A Yes
personalIdentifier Which personalIdentifier should be used. No

Example Configuration

		"id": "c48b7a22-21c9-44f2-b606-6bd000db60fe",
		"alias": "siths-eid-test",
		"name": "SithsEIDAuthenticator",
		"displayName": "siths-eid-test",
		"configuration": {
			"keyStore": "5ca8fb2f-bb98-48eb-a1fd-f1e89879fd50",
			"pipeID": "e9acc237-0357-4d8e-b68d-c487b2b987d4",
			"sithseidURL": "",
			"organizationName": "PhenixID Authentication Services",
			"templateVariables": {
				"methods": [
						"image": "/authenticate/res/images/sithseid/sithseid.png",
						"data-toggle-action": "SD",
						"title": "sithseid.messages.option_label_sd"
						"image": "/authenticate/res/images/sithseid/sithseid-qrc.png",
						"data-toggle-action": "QR",
						"title": "sithseid.messages.option_label_qr"
			"translation": [
			"loginTemplate": "sithseidagnostic.template"
		"created": "2021-01-04 11:02:13.461"


  • A Siths Eid key store issued by an authorized issuer
  • PAS IP address whitelisted to be able to communicate with the siths eid backend URL
  • Siths eid client with enrolled user certificate
  • Siths eid backend URL SSL certificate (for https) ca:s added to cacerts trust store.

Adding trust to production SITHS CAs

Configure the rfc2253Issuers parameter to trust production SITHS CAs:

"rfc2253Issuers": [ 
"CN=SITHS e-id Person ID 3 CA v1,O=Inera AB,C=SE", 
"CN=SITHS e-id Person ID Mobile CA v1,O=Inera AB,C=SE"