With QR or "app-switch"

This authenticator expects users either scan a QR code or "app-switch". Used for both mobile and Windows clients.

Configuration

Authenticator type: SithsWithQr

Common Authenticator configuration can be found here.

NameDescriptionDefault valueMandatory

internal_http_destination

ID of the internal http client used to talk with SITHS eID backend.

"default"

custom_siths_endpoint

Custom SITHS eID endpoint. This value overrides the mode value.

N/A

mode

Three modes are possible: "production", "qa" or "test". Depending on the mode, the URL used to talk to SITHS eID differs.

"production"

custom_identifier

When logging events, the custom_identifier lets you tag the event.

N/A

poll_frequency

How often should client poll for status updates. Default every 2 seconds.

2

allowed_polling_for_minutes

How many minutes is client allowed to keep polling.

2

organizationName

The organization name/identifier to be displayed in the client.

N/A

rfc2253Issuers

Specifies what issuing CA´s that the SITHS service MAY allow.

["CN=SITHS e-id Person ID Mobile CA v1,O=Inera AB,C=SE","CN=SITHS e-id Person ID 3 CA v1,O=Inera AB,C=SE","CN=TEST SITHS e-id Person ID Mobile CA v1,O=Inera AB,C=SE","CN=TEST SITHS e-id Person ID 3 CA v1,O=Inera AB,C=SE"]

checkRevocation

Indicates if the SITHS service SHALL check the revocation status of the end-user certificate and its certificate chain.

true

sithsEidChallenge

Challenge to present to the client in order for it to establish a secure connection.

N/A

authMessage

A message for the client to show to the user during the authentication process

N/A

animated_qr

If the generated QR code should be "animated".

true

Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.

Logging

Apart from system logging, event logging is done when starting, completing, and failing a SITHS eID transaction.

Event ids are:

  • WEB_100020, SITHS eID authentication started

    • IDENTIFIER (user trace id)

    • SOURCE_ADDRESS (ip address of device starting transaction)

    • CUSTOMER_IDENTIFIER (if configured)

  • WEB_100021, SITHS eID authentication completed

    • IDENTIFIER (user trace id)

    • SOURCE_ADDRESS (ip address of the SITHS eID device used)

    • SOURCE_USER_NAME (personal number)

    • CUSTOMER_IDENTIFIER (if configured)

  • WEB_100022, SITHS eID authentication failed

    • IDENTIFIER (user trace id)

    • SOURCE_ADDRESS (ip address of the SITHS eID device used)

    • CUSTOMER_IDENTIFIER (if configured)

    • MESSAGE (information)

  • WEB_100023, SITHS eID authentication canceled or expired

    • IDENTIFIER (user trace id)

    • SOURCE_ADDRESS (ip address of the SITHS eID device used)

    • CUSTOMER_IDENTIFIER (if configured)

Data exposed to global state

After a user completes a transaction, the authenticator is marked as done. Data from the SITHS eID authentication response is then put into the global state (exports). The data can be referenced later (in a pipe for example) by expansion:

{{exports.credentialInformation_issuer}}

  • credentialInformation_issuer

  • credentialInformation_subject

  • credentialInformation_expireAt

  • revocationStatus_credentialId

  • revocationStatus_status

  • revocationStatus_ocspResponse

  • revocationStatus_type

  • userCertificate

  • personalNumber

  • cert_subject

  • cert_issuer

  • cert_not_before

  • cert_not_after

  • cert_serial

  • cert_key_usage

  • cert_basic_contraints

  • cert_sign_algorithm

  • cert_ext_key_usage

  • cert_pub_key

  • cert_pub_key_algorithm

  • cert_pub_key_format

  • cert_crl_distribution_points

  • cert_ocsp_locations

  • cert_ocsp_issuers

Note that it is not guaranteed that all parameters hold value.

API

When communicating with the backend this describes the

General requirements

Backend communications are made using AJAX and the HTTP PUT method. Every request need a Content-Type with the value of application/json.

Getting state

Body must conform to the example below.

{
    "type": "state"
}

Starting an authentication

To start authentication send AJAX request.

{
    "type": "start",
    "data": {
    }
}

Cancel a request

A request can be canceled at any time. This is done by sending a cancel request.

{
    "type": "cancel"
}

Response from server

In general, you should expect a server response with http status code 200. Anything else is to be considered an error.

Response body will be in the form of a JSON object. Typically the response looks like:

{
    "status": "PENDING",
    "sithsStatus": "OUTSTANDING_TRANSACTION",
    "qrData": "<data for generating qr>",
    "pollFrequency": 2,
    "autostartToken": "<token>"
}

Possible status messages

One of the following status codes is returned based on the current state. These statuses are of a more general type.

  • ABOUT_TO_START

  • PENDING

  • COMPLETE

  • ERROR

Possible sithsStatus messages

One of the following sithsStatus codes is returned based on the current state. These statuses are of a more granular type.

  • OUTSTANDING_TRANSACTION

  • STARTED

  • USER_CANCEL

  • EXPIRED_TRANSACTION

  • INVALID_QR_CODE

  • CERTIFICATE_ERR

  • COMPLETE_FAILED

Translation keys

Default translations provided:

English, assets/locales/en.json

{
  "siths.qr_or_app_switch.personal_identity_number": "Personal identity number",
  "siths.qr_or_app_switch.start_authentication": "Start authentication",
  "siths.qr_or_app_switch.open_app": "Open SITHS eID app",
  "siths.qr_or_app_switch.open_siths_app_on_this_device": "Log in using SITHS eID on this device",
  "siths.qr_or_app_switch.show_qr_code": "Show QR code for login",
  "siths.qr_or_app_switch.start_siths_app": "Open SITHS eID app",
  "siths.qr_or_app_switch.scan_qr_code": "Open SITHS eID app and scan QR code",
  "siths.qr_or_app_switch.qr_code_scanned": "QR code scanned",
  "siths.qr_or_app_switch.app_opened": "SITHS eID app opened",
  "siths.qr_or_app_switch.verify_authentication": "Verifify identification in the SITHS eID app",
  "siths.qr_or_app_switch.authentication_verified": "Identification verified",
  "siths.qr_or_app_switch.redirecting": "Redirecting...",
  "siths.qr_or_app_switch.start_app": "Start your SITHS eID app.",
  "siths.qr_or_app_switch.cancel": "Cancel",
  "siths.qr_or_app_switch.canceling": "Canceling...",
  "siths.qr_or_app_switch.USER_CANCEL": "Unknown error. Please try again.",
  "siths.qr_or_app_switch.EXPIRED_TRANSACTION": "The SITHS eID app is not responding. Please check that the program is started and that you have internet access. Try again.",
  "siths.qr_or_app_switch.INVALID_QR_CODE": "QR code is invalid. Please try again.",
  "siths.qr_or_app_switch.CERTIFICATE_ERR": "SITHS eID certificate is too old. Verify your SITHS eID",
  "siths.qr_or_app_switch.COMPLETE_FAILED": "Identification failed. Please try again.",
  "siths.qr_or_app_switch.ERROR": "Unknown error. Please try again.",
  "siths.qr_or_app_switch.UNKNOWN": "Unknown error. Please try again.",
  "siths.qr_or_app_switch.FAILED": "Identification failed. Please try again.",
  "siths.qr_or_app_switch.API_ERROR": "Unknown error. Please try again.",
  "allow-cookies-body": "To save your language settings on this device you need to approve a language cookie.",
  "allow-cookies-button": "Approve language cookie",
  "change_language": "",
  "request.timeout": "Request timed out. Please try again."
}

Swedish, assets/locales/sv.json

{
  "siths.qr_or_app_switch.personal_identity_number": "Personnummer",
  "siths.qr_or_app_switch.start_authentication": "Starta verifiering",
  "siths.qr_or_app_switch.open_app": "Öppna SITHS eID-appen",
  "siths.qr_or_app_switch.open_siths_app_on_this_device": "Logga in med SITHS eID på den här enheten",
  "siths.qr_or_app_switch.show_qr_code": "Visa QR-kod för inloggning",
  "siths.qr_or_app_switch.start_siths_app": "Öppna SITHS eID-appen",
  "siths.qr_or_app_switch.scan_qr_code": "Öppna SITHS eID-appen och skanna QR-koden",
  "siths.qr_or_app_switch.qr_code_scanned": "QR-koden har skannats",
  "siths.qr_or_app_switch.app_opened": "SITHS eID-appen öppnad",
  "siths.qr_or_app_switch.verify_authentication": "Bekräfta i SITHS eID-appen",
  "siths.qr_or_app_switch.authentication_verified": "Bekfräftat identitet",
  "siths.qr_or_app_switch.redirecting": "Omdirigerar...",
  "siths.qr_or_app_switch.start_app": "Starta SITHS eID-appen",
  "siths.qr_or_app_switch.cancel": "Avbryt",
  "siths.qr_or_app_switch.canceling": "Avbryter...",
  "siths.qr_or_app_switch.USER_CANCEL": "Åtgärden avbruten. Försök igen",
  "siths.qr_or_app_switch.EXPIRED_TRANSACTION": "SITHS eID-appen svarar inte. Kontrollera att den är startad och att du har internetanslutning. Försök igen",
  "siths.qr_or_app_switch.INVALID_QR_CODE": "QR-koden är ogiltig. Försök igen.",
  "siths.qr_or_app_switch.CERTIFICATE_ERR": "SITHS eID-certifikatet är för gammalt. Verifiera SitSITHShs eID-installationen",
  "siths.qr_or_app_switch.COMPLETE_FAILED": "Identifiering misslyckades. Försök igen.",
  "siths.qr_or_app_switch.ERROR": "Okänt fel. Försök igen.",
  "siths.qr_or_app_switch.UNKNOWN": "Okänt fel. Försök igen.",
  "siths.qr_or_app_switch.FAILED": "Legitimeringen misslyckades. Försök igen",
  "siths.qr_or_app_switch.API_ERROR": "Okänt fel. Försök igen.",
  "allow-cookies-body": "Vill du spara dina språkinställningar på denna enhet behövs ett godkännande av  språk-cookie.",
  "allow-cookies-button": "Godkänn språk-cookie",
  "change_language": "",
  "request.timeout": "Tidsgränsen för förfrågan har överskridits. Försök igen."
}

Last updated