
Authenticate using Signicat
Use the built-in OpenID Authenticator to integrate with Signicat.
Prerequisites
- An installation of Curity Identity Server with the basic setup completed. You can achieve this by following the Getting Started Guides.
- A subscription or test environment at Signicat
Configure the Authentictor
Create a new OIDC
Authenticator. Enter the settings from Signicat
. Client Authentication Method
is client-secret
. Enable Use HTTP Basic Authentication
.
Scopes/claims
Multiple scopes can be used depending on which claims are needed. openid
is mandatory. These claims are then exposed via the User Info
endpoint.
Some of the claims contain a period .
. The Curity Identity Server parses such claims as objects. The signicat.national_id
scope is requested to get the national id of the subject. The responding claim will be signicat.national_id
, being parsed as an object in the Subject attributes
.
signicat: {
national_id: "11113306361"
}
subject: "Nn5WJiuRB6D7GFXV6LNhx0gQUJyOnBtf"
An attribute in an object can be tricky to address in various areas of the product, for example in subsequent Authentication Actions
. One way to solve this is to have a Script Action
copying the national_id
attribute out of the object.
function result(context) {
var attributes = context.attributeMap;
attributes.national_id = attributes.signicat.national_id;
return attributes;
}
The national_id
is now a separate subject attribute.
{
national_id: "11113306361",
signicat: {
national_id: "11113306361"
},
subject: "Nn5WJiuRB6D7GFXV6LNhx0gQUJyOnBtf"
}
Conclusion
Using Signicat is a powerful way to enrich Curity Identity Server with eIDs. Integration is standard based using the built-in Open ID Authenticator making it easy to set up. Refer to the Signicat Docs for more details.