SAML2BankID

Authenticate using BankID. Depending on the method used the user may need to enter the personal number. 

BankID authenticator allows for three different scenarios:

  • Starting BankID on the same device.
  • Starting BankID on another device.
  • Starting BankID using a QR code. 

Every method needs to be activated through configuration.

Translate userVisibleData by adding keyword "bankid.translated.userVisibleData" to this field and update language files with the keyword and translations.  

On successful authentication, these parameters will be added to the request sent to the connected pipe:

  • userPersonalNumber  - The end user personal number (SSID)
  • userGivenName  - The end user given name
  • userSurName - The end user family name
  • bid_signature - The signature created in the bankID client during the authentication

Properties

Name Description Default value Mandatory
idpID The internal identifier of the idp used N/A Yes
pipeID ID of the pipe to be executed on successful authentication N/A Yes
samlAuthMethod What value is set in the AuthnContextClassRef urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig No
keyStore ID of the key store used to communicate with BankID backend N/A Yes
mode If connecting to BankID test backend set this value to "test". N/A No
userVisibleData A text that is displayed to the user during authentication with BankID. No
loginTemplate Template used for rendering the user facing UI bankid.template No
client_ip_request_param The parameter of the http client request holding the value of the requesting client remoteAddress No
certificatePolicy A comma sepearated string of BankdID policies N/A No
strictValidation Whether or not additional validation checks should be made on the SAMLRequest. false No

Example Configuration 

{
        "id": "bidsaml",
        "alias": "bidsaml",
        "name": "SAML2BankID",
        "configuration": {
            "idpID":"samlidp",
            "pipeID": "pipeBID",
            "keyStore": "bankidkeystore",            
            "mode": "test",
            "userVisibleData": "A text that is displayed to the user during authentication with BankID",
            "enableHoneypot": "true",
            "loginTemplate": "bankid.template",
            "translation": [
                "bankid.messages.title_starting",
                "bankid.messages.title_current_device",
                "bankid.messages.title_mobile_device",
                "bankid.messages.title_qrcode",
                "bankid.messages.text_starting",
                "bankid.messages.text_current_device",
                "bankid.messages.text_mobile_device",
                "bankid.messages.text_qrcode",
                "bankid.messages.input_personal_number",
                "bankid.messages.button_submit",
                "bankid.messages.button_start_over",
                "bankid.messages.button_start_manually",
                "bankid.messages.info_bankid_link_creation_app",
                "bankid.messages.info_bankid_url_link_redirection_success_app",
                "bankid.messages.info_open_app",
                "bankid.messages.info_rediection_app",
                "bankid.messages.info_verified_app",
                "bankid.messages.info_qrcode_scanned_app",
                "bankid.messages.error_bad_personal_number",
                "bankid.messages.error_cancellation",
                "bankid.messages.error_request",
                "bankid.messages.changeLanguage"
            ],
            "templateVariables": {
                "methods": [
                    {
                        "title": "bankid.messages.option_label_od",
                        "image": "/authenticate/res/images/icons/phenixid-bankid.png",
                        "data-toggle-action": "OD"
                    },
                    {
                        "title": "bankid.messages.option_label_sd",
                        "image": "/authenticate/res/images/icons/phenixid-bankid.png",
                        "data-toggle-action": "SD"
                    },
                    {
                        "title": "bankid.messages.option_label_qr",
                        "image": "/authenticate/res/images/icons/phenixid-bankid-qr.png",
                        "data-toggle-action": "QR"
                    }
                ]
            }
        }
    }

Requirements

  • A BankID key store issued by an authorized issuer
  • The user must have activated BankID prior to authenticating