Foregin eID (SAMLSPBroker)
eIDAS requires Swedish public authorities to provide their e-service with the option to log in with a foreign e-identification. Fortified ID has a solution for that.
Last updated
eIDAS requires Swedish public authorities to provide their e-service with the option to log in with a foreign e-identification. Fortified ID has a solution for that.
Last updated
In this scenario, we will append the default installation with Foregin eID.
E-services that require electronic identification and that are used in public offices must be connected to the Swedish eIDAS node, Sweden Connect. The purpose of the requirement is to make it easier for EU citizens to use e-services across national borders.
According to the EU regulation eIDAS, each member state needs to provide a so-called country node, a connection point where e-identification traffic is controlled and "translated" to the respective country's identity method. In Sweden, the country node is Sweden Connect. Fortified ID Access can act as a bridge between your applications and the Swedish eIDAS node so your application will support Foreign ID as a login method.
In this use case:
Fortified ID Access will act as the bridge/proxy between application and Swedish eIDAS node
Fortified ID Access will act as a SAML SP to Sweden Connect eIDAS node
Fortified ID Access will act as a SAML IdP to SAML SP application
NOTE: This configuration is an example configuration to be used with the sandbox environment. Please make sure to adjust the configuration to suit your needs, this is extra important for production purposes.
This use case assumes that you have good knowledge of the product in question.
Fortified ID Access installed and configured with the default configuration
Swedish eIDAS node (SAML IdP) You need an account on the Swedish eIDAS node provided by DIGG and Sweden Connect. In this use case we connect to the development and test environment found on this site, .
Add files and folders from ZIP-file to the config-folder, ex: C:\Program Files\FortifiedID\mgmt-center\data\customer\access
Append you globals with the following parameters and adjust them according to you needs
Append the translations file with the following translation
Append the selector with at reference to the new authenticator by appending this block to the default selector
Append the SAML Module with the new SAML SP configuration
Restart the Access service
Login to access your Sweden Connect configuration
Make sure Fortified ID WEB is started
Open a browser and browser to https://dev.fortifiedid.se/saml/metadata/fortifiedid_sp_eidas Change dev.fortifiedid.se to your http address
A file named fortifiedid_sp_eidas.xml will be downloaded to your computer
Keep the file for the next step
Click New in the Metadata records
Give the record a name, paste your metadata into the Metadata dialog box from the file in the previous step
Click Save
It can take up to 10 minutes before your addition is active. Go and grab a cup of coffee.
You can check your addition for warnings and/or errors to fix
Search for the name you give your metadata in the previous step
Look for any Errors and address them
The selector should now be displayed, including the new option for "Foregin eID (eIDAS)".
Select "Foregin eID (eIDAS)"
You will be redirected to the Sweden Connect authentication
After a successful authentication you will be redirected back to the Access server and finally to the selected application or the Fortified ID test application.
Download
Open a browser and browse to
Browse to
Browse to a site protected by the Access server. Optionally the default login url might be used.
