Bankid (Section)#
Path: /profiles/profile{id, type}/settings/authentication-service/authenticators/authenticator{id}/bankid
The settings for a BankID authentication provider
Parameters#
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| http-client | leafref | required | A reference to the Http Client | |
| allowed-bankid-types | multi-value, enumeration | optional | any | The allowed forms of BankID that may be used for authentication |
| qr-code-ttl | uint16 | optional | 60 | The amount of seconds that refreshing QR codes are displayed to the user |
| type-of-card-reader | enumeration | optional | The type of smartcard reader that must be used when authenticating with a form of BankID that supports smartcards | |
| mode | enumeration | optional | production | The method by which to connect to the BankID — either test or production |
| api-version | enumeration | optional | version-6 | The version of the BankID API to use. |
| max-allowed-attempts | uint16 | optional | 3 | The maximum number of authentication attempts that is allowed to be sent during one session. When this value is set to 0, there is no maximum attempts enforced. This option is obsolete and will be removed in a subsequent release (the BankID API itself handles this). |
| add-extended-bankid-attributes | boolean | optional | false | Parse the returned BankID signature to obtain issuers and the device info. This will make the contextAttributes large, storing the SSO sessions in a database is advised. |
| user-message | non-empty-string | optional | A message to show to the user in the app. The value may be a message-key, or the actual message. The message may be overridden by the client sending a binding message in the authentication request. | |
| mrtd | boolean | optional | false | Require the user to authenticate using a MRTD (machine readable travel document), like a Swedish Passport |
| enforce-ip-address-match-on-same-device | boolean | optional | false | On same-device flows using autostart tokens, enforces the verification that the IP address of the device doing the authentication flow is the same as the IP address of the device with the BankId application. The authentication will be rejected if the addresses don’t match, which helps increases the security. However, it may reject legitimate authentications if the user’s device simultaneously uses multiple IP addresses |
Subsections#
| Name | Type | Description |
|---|---|---|
| risk-assessment | Section | The risk parameters of the BankID API |