With QR or "app-switch"
This authenticator expects users either scan a QR code or "app-switch". Used for both mobile and Windows clients.
Configuration
Authenticator type: SithsWithQr
Common Authenticator configuration can be found here.
internal_http_destination
ID of the internal http client used to talk with SITHS eID backend.
"default"
custom_siths_endpoint
Custom SITHS eID endpoint. This value overrides the mode
value.
N/A
mode
Three modes are possible: "production"
, "qa"
or "test"
. Depending on the mode, the URL used to talk to SITHS eID differs.
"production"
custom_identifier
When logging events, the custom_identifier lets you tag the event.
N/A
poll_frequency
How often should client poll for status updates. Default every 2 seconds.
2
allowed_polling_for_minutes
How many minutes is client allowed to keep polling.
2
organizationName
The organization name/identifier to be displayed in the client.
N/A
rfc2253Issuers
Specifies what issuing CA´s that the SITHS service MAY allow.
["CN=SITHS e-id Person ID Mobile CA v1,O=Inera AB,C=SE","CN=SITHS e-id Person ID 3 CA v1,O=Inera AB,C=SE","CN=TEST SITHS e-id Person ID Mobile CA v1,O=Inera AB,C=SE","CN=TEST SITHS e-id Person ID 3 CA v1,O=Inera AB,C=SE"]
checkRevocation
Indicates if the SITHS service SHALL check the revocation status of the end-user certificate and its certificate chain.
true
sithsEidChallenge
Challenge to present to the client in order for it to establish a secure connection.
N/A
authMessage
A message for the client to show to the user during the authentication process
N/A
animated_qr
If the generated QR code should be "animated".
true
Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.
Logging
Apart from system logging, event logging is done when starting, completing, and failing a SITHS eID transaction.
Event ids are:
WEB_100020, SITHS eID authentication started
IDENTIFIER (user trace id)
SOURCE_ADDRESS (ip address of device starting transaction)
CUSTOMER_IDENTIFIER (if configured)
WEB_100021, SITHS eID authentication completed
IDENTIFIER (user trace id)
SOURCE_ADDRESS (ip address of the SITHS eID device used)
SOURCE_USER_NAME (personal number)
CUSTOMER_IDENTIFIER (if configured)
WEB_100022, SITHS eID authentication failed
IDENTIFIER (user trace id)
SOURCE_ADDRESS (ip address of the SITHS eID device used)
CUSTOMER_IDENTIFIER (if configured)
MESSAGE (information)
WEB_100023, SITHS eID authentication canceled or expired
IDENTIFIER (user trace id)
SOURCE_ADDRESS (ip address of the SITHS eID device used)
CUSTOMER_IDENTIFIER (if configured)
Data exposed to global state
After a user completes a transaction, the authenticator is marked as done. Data from the SITHS eID authentication response is then put into the global state (exports). The data can be referenced later (in a pipe for example) by expansion:
{{exports.credentialInformation_issuer}}
credentialInformation_issuer
credentialInformation_subject
credentialInformation_expireAt
revocationStatus_credentialId
revocationStatus_status
revocationStatus_ocspResponse
revocationStatus_type
userCertificate
personalNumber
cert_subject
cert_issuer
cert_not_before
cert_not_after
cert_serial
cert_key_usage
cert_basic_contraints
cert_sign_algorithm
cert_ext_key_usage
cert_pub_key
cert_pub_key_algorithm
cert_pub_key_format
cert_crl_distribution_points
cert_ocsp_locations
cert_ocsp_issuers
Note that it is not guaranteed that all parameters hold value.
API
When communicating with the backend this describes the
General requirements
Backend communications are made using AJAX and the HTTP PUT method. Every request need a Content-Type with the value of application/json
.
Getting state
Body must conform to the example below.
Starting an authentication
To start authentication send AJAX request.
Cancel a request
A request can be canceled at any time. This is done by sending a cancel request.
Response from server
In general, you should expect a server response with http status code 200. Anything else is to be considered an error.
Response body will be in the form of a JSON object. Typically the response looks like:
Possible status messages
One of the following status codes is returned based on the current state. These statuses are of a more general type.
ABOUT_TO_START
PENDING
COMPLETE
ERROR
Possible sithsStatus messages
One of the following sithsStatus codes is returned based on the current state. These statuses are of a more granular type.
OUTSTANDING_TRANSACTION
STARTED
USER_CANCEL
EXPIRED_TRANSACTION
INVALID_QR_CODE
CERTIFICATE_ERR
COMPLETE_FAILED
Translation keys
Default translations provided:
English, assets/locales/en.json
Swedish, assets/locales/sv.json
Last updated