Authenticate using Signicat

‌Signicat provides eID authentication in many countries. This article shows how to integrate to allow for these eIDs in Curity Identity Server.

Use the built-in OpenID Authenticator to integrate with Signicat.

Prerequisites

• An installation of Curity Identity Server with the basic setup completed. You can achieve this by following the Getting Started Guides.
• A subscription or test environment at Signicat

Configure the Authentictor

Create a new OIDC Authenticator. Enter the settings from Signicat . Client Authentication Method is client-secret. Enable Use HTTP Basic Authentication.

Scopes/claims

Multiple scopes can be used depending on which claims are needed. openid is mandatory. These claims are then exposed via the User Info endpoint.

Some of the claims contain a period .. The Curity Identity Server parses such claims as objects. The signicat.national_id scope is requested to get the national id of the subject. The responding claim will be signicat.national_id, being parsed as an object in the Subject attributes.

signicat: {
    national_id: "11113306361"
}
subject: "Nn5WJiuRB6D7GFXV6LNhx0gQUJyOnBtf"

An attribute in an object can be tricky to address in various areas of the product, for example in subsequent Authentication Actions. One way to solve this is to have a Script Action copying the national_id attribute out of the object.

function result(context) {
    var attributes = context.attributeMap;
    attributes.national_id = attributes.signicat.national_id;
    return attributes;
}

The national_id is now a separate subject attribute.

{
    national_id: "11113306361",
    signicat: {
        national_id: "11113306361"
    },
    subject: "Nn5WJiuRB6D7GFXV6LNhx0gQUJyOnBtf"
}

Conclusion

Using Signicat is a powerful way to enrich Curity Identity Server with eIDs. Integration is standard based using the built-in Open ID Authenticator making it easy to set up. Refer to the Signicat Docs for more details.