SithsEIDAuthenticator
Note
Authenticate using Siths EID (card or app).
Siths EID authenticator allows for two different scenarios:
- Starting Siths EID on the same device.
- Starting Siths EID using a QR code.
On successful authentication, these parameters will be added to the request sent to the connected pipe:
- userPersonalNumber - The end user personal number (SSID)
- userCertificate - The full user certificate (PEM formatted)
- orderRef - The Siths EID Order reference.
Properties
| Name | Description | Default value | Mandatory |
|---|---|---|---|
| pipeID | ID of the pipe to be executed on successful authentication | N/A | Yes |
| keyStore | ID of the key store used to communicate with Siths eid backend | N/A | Yes |
| sithseidURL | The root URL of the Siths EID Backend. | N/A | Yes |
| rfc2253Issuers | List of trusted SITHS eID issuers. | [ "CN=TEST SITHS e-id Person HSA-id 3 CA v1,O=Inera AB,C=SE", "CN=TEST SITHS e-id Person ID 3 CA v1,O=Inera AB,C=SE", "CN=TEST SITHS e-id Person ID Mobile CA v1,O=Inera AB,C=SE", "CN=CGI Test Root CA,OU=Test,O=CGI,ST=Jamtland,C=SE", "CN=SITHS Type 1 CA v1,O=Inera AB,C=SE", "CN=SITHS Type 1 CA v1 PP,O=Inera AB,C=SE" ] | No |
| organizationName | The header text to be displayed in the Siths Eid client during authentication. | N/A | Yes |
| personalIdentifier | Which personalIdentifier should be used. | N/A | No |
| customReturnUrls | Custom return urls to be used, read more here. | No | |
| allowedModes | Which authenticator modes are allowed to be used. Possible values are 'deviceApp' and 'qrCode', and recommended is to allow both. | deviceApp, qrCode | No |
| timeoutMinutes | Amount of minutes before the transaction expires and a manual restart is needed. Recommended to be at least 5 for accessibility. | 10 | No |
Example Configuration
{
"id": "c48b7a22-21c9-44f2-b606-6bd000db60fe",
"alias": "siths-eid-test",
"name": "SithsEIDAuthenticator",
"displayName": "siths-eid-test",
"configuration": {
"keyStore": "5ca8fb2f-bb98-48eb-a1fd-f1e89879fd50",
"pipeID": "e9acc237-0357-4d8e-b68d-c487b2b987d4",
"sithseidURL": "https://secure-authservice.idp.ineratest.org",
"organizationName": "PhenixID Authentication Services",
"allowedModes": ["qrCode", "deviceApp"]
},
"created": "2021-01-04 11:02:13.461"
}
Requirements
- A Siths Eid key store issued by an authorized issuer
- PAS IP address whitelisted to be able to communicate with the siths eid backend URL
- Siths eid client with enrolled user certificate
- Siths eid backend URL SSL certificate (for https) ca:s added to cacerts trust store.
Adding trust to production SITHS CAs
Configure the rfc2253Issuers parameter to trust production SITHS CAs:
"rfc2253Issuers": [
"CN=SITHS e-id Person ID 3 CA v1,O=Inera AB,C=SE",
"CN=SITHS e-id Person ID Mobile CA v1,O=Inera AB,C=SE"
]