BankID v6.0
Warning
This authenticator is a legacy authenticator. It is recommended to plan for migrating the authenticator to the new protocol agnostic authenticator architecture. More information about the legacy authenticators can be found here.
Note
Authenticate using BankID.
BankID authenticator allows for two scenarios:
- Starting BankID on the same device.
- Starting BankID using a QR code.
Every method needs to be activated through configuration.
Translate userVisibleData by adding keyword "bankid.translated.userVisibleData" to this field and update language files with the keyword and translations.
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| pipeID | The pipe executed after a successful BankID authentication | N/A | Yes |
| successURL | Location where to after a successful BankID authentication | N/A | No |
| keyStore | ID of the keystore used t ocommunicate with BankID bankend | N/A | Yes |
| mode | If connecting to BankID test backend set this value to "test". | N/A | No |
| version | Sets the version of the bankId api to use | v5.1 | No |
| loginTemplate | Template used for rendering the user facing UI | bankid.template | No |
| client_ip_request_param | The parameter of the http client request holding the value of the requesting client | remoteAddress | No |
| translation | A JSON Array of custom translation keys | No | |
| templateVariables | Options used for showing/hiding BankID methods (On this device, On Other Device, Scan QR code). | No | |
| includeQueryString | On a successful authentication, should the data from the original query be added when redirecting the client | false | No |
| sessionValues | When rendering template, the template can pull data from from the session. For more int see: Use of sessionValues parameter on HTTP authenticator | No | |
| userVisibleData | Text shown in bankid client when user is authenticating | No | |
| userVisibleDataFormat | If present, and set to “simpleMarkdownV1”, this parameter indicates that userVisibleData holds formatting characters | No | |
| userNonVisibleData | Data not displayed to the user. String | No | |
| requirement | Requirements on how the auth order must be performed. Json format. | No | |
| allowLanguageChange | should the user be able to change the language in the UI | true | No |
| icon | The default 'icon' in the templte. Not to be confused with favicon | res/images/backgrounds/transparent.png | No |
| useRedirectUrl | Whether or not redirect url should be provided when launching the bankid application for ios users. | true | No |
| returnUrl | BankID returnUrl parameter. Will be used to redirect the user after finished authentication. Will override any other return url set by the initiating client. | No |
Requirements
The requirement parameter is used to describe how a signature must be created and verified. add a json(escaped as String) containing one or more of the attributes below to the authenticators configuration.
| Attribute name | Description | default | Versions |
|---|---|---|---|
| pinCode | New in v6.0. Users are required to sign the transaction with their PIN code, even if they have biometrics activated. | false | v6.0 |
| allowFingerprint | Removed in v6.0.Users of iOS and Android devices may use fingerprint for authentication and signing if the device supports it and the user configured the device to use it. | true for authentication. false for signing. | v5.1 |
| mrtd | Boolean. If present, and set to "true", the client needs to provide MRTD (Machine readable travel document) information to complete the order. Only Swedish passports and national ID cards are supported. | false | v6.0 |
| certificatePolicies | The oid in certificate policies in the user certificate. List of String. | v6.0 and v5.1 | |
| issuerCn | The cn (common name) of the issuer. List of String. | v5.1 | |
| cardReader | "class1" or "class2 determines that a cardReader must be used and a Pin code must be entered. See BankID documentation for further information. | no cardReader is required | v6.0 and v5.1 |
| risk | The accepted risk level of the transaction. Either "low" or "moderate". See BankID documentation for further information. | v6.0 |
Example Configuration
{
"id": "bid",
"alias": "bid",
"name": "BankID",
"configuration": {
"pipeID": "pipeBID",
"keyStore": "bankidkeystore",
"password": "qwerty123",
"mode": "test",
"version" : "v6.0",
"successURL": "/selfservice/",
"enableHoneypot": "true",
"loginTemplate": "bankid.template",
"requirement": "{\"certificatePolicies\":[\"1.2.3.4.5\"], \"mrtd\": false}",
"userVisibleData": "*This is visible in the BankID application*",
"userVisibleDataFormat": "simpleMarkdownV1",
"translation": [
"bankid.messages.title_starting",
"bankid.messages.title_current_device",
"bankid.messages.title_mobile_device",
"bankid.messages.title_qrcode",
"bankid.messages.text_starting",
"bankid.messages.text_current_device",
"bankid.messages.text_mobile_device",
"bankid.messages.text_qrcode",
"bankid.messages.input_personal_number",
"bankid.messages.button_submit",
"bankid.messages.button_start_over",
"bankid.messages.button_start_manually",
"bankid.messages.info_bankid_link_creation_app",
"bankid.messages.info_bankid_url_link_redirection_success_app",
"bankid.messages.info_open_app",
"bankid.messages.info_rediection_app",
"bankid.messages.info_verified_app",
"bankid.messages.info_qrcode_scanned_app",
"bankid.messages.error_bad_personal_number",
"bankid.messages.error_cancellation",
"bankid.messages.error_request",
"bankid.messages.changeLanguage"
],
"templateVariables": {
"cancel_href": "/bid/authenticate/logout/bid/?nextTarget=/bid/authenticate/bid/",
"methods": [
{
"title": "bankid.messages.option_label_sd",
"image": "/authenticate/res/images/icons/phenixid-bankid.png",
"data-toggle-action": "SD"
},
{
"title": "bankid.messages.option_label_qr",
"image": "/authenticate/res/images/icons/phenixid-bankid-qr.png",
"data-toggle-action": "QR"
}
]
}
}
}
Prerequisites
- A BankID key store issued by an authorized issuer
- The user must have activated BankID prior to authenticating