SAML2BankID

Authenticate using BankID. Depending on the method used the user may need to enter the personal number. 

BankID authenticator allows for three different scenarios:

  • Starting BankID on the same device.
  • Starting BankID on another device.
  • Starting BankID using a QR code. 

Every method needs to be activated through configuration.

Properties

Name Description Default value Mandatory
idpID The iternal identifier of the idp used N/A Yes
samlAuthMethod What value is set in the AuthnContextClassRef urn:oasis:names:tc:SAML:2.0:ac:classes:XMLDSig No
keyStore ID of the key store used to communicate with BankID backend N/A Yes
mode If connecting to BankID test backend set this value to "test". N/A No
loginTemplate Template used for rendering the user facing UI bankid.template No
client_ip_request_param The parameter of the http client request holding the value of the requesting client remoteAddress No
providerClass Full package and class name of the class used to provide backend communication with BankID No

Example Configuration

{
        "id": "bidsaml",
        "alias": "bidsaml",
        "name": "SAML2BankID",
        "configuration": {
            "idpID":"samlidp",
            "pipeID": "pipeBID",
            "keyStore": "bankidkeystore",            
            "mode": "test",
            "enableHoneypot": "true",
            "loginTemplate": "bankid.template",
            "translation": [
                "bankid.messages.title_starting",
                "bankid.messages.title_current_device",
                "bankid.messages.title_mobile_device",
                "bankid.messages.title_qrcode",
                "bankid.messages.text_starting",
                "bankid.messages.text_current_device",
                "bankid.messages.text_mobile_device",
                "bankid.messages.text_qrcode",
                "bankid.messages.input_personal_number",
                "bankid.messages.button_submit",
                "bankid.messages.button_start_over",
                "bankid.messages.button_start_manually",
                "bankid.messages.info_bankid_link_creation_app",
                "bankid.messages.info_bankid_url_link_redirection_success_app",
                "bankid.messages.info_open_app",
                "bankid.messages.info_rediection_app",
                "bankid.messages.info_verified_app",
                "bankid.messages.info_qrcode_scanned_app",
                "bankid.messages.error_bad_personal_number",
                "bankid.messages.error_cancellation",
                "bankid.messages.error_request",
                "bankid.messages.changeLanguage"
            ],
            "templateVariables": {
                "cancel_href": "/saml/authenticate/logout/?nextTarget=/saml/authenticate/bidsaml",
                "methods": [
                    {
                        "title": "bankid.messages.option_label_od",
                        "image": "/authenticate/res/images/bankid/bankid.png",
                        "data-toggle-action": "OD"
                    },
                    {
                        "title": "bankid.messages.option_label_sd",
                        "image": "/authenticate/res/images/bankid/bankid.png",
                        "data-toggle-action": "SD"
                    },
                    {
                        "title": "bankid.messages.option_label_qr",
                        "image": "/authenticate/res/images/bankid/bankid-qrc.png",
                        "data-toggle-action": "QR"
                    }
                ]
            }
        }
    }

Requirements

  • A BankID key store issued by an authorized issuer
  • The user must have activated BankID prior to authenticating