Authenticate using Signicat

Authenticate using Signicat

On this page

Signicat provides eID authentication in many countries. This article shows how to integrate to allow for these eIDs in Curity Identity Server.

Use the built-in OpenID Authenticator to integrate with Signicat.

Prerequisites

  • An installation of Curity Identity Server with the basic setup completed. You can achieve this by following the Getting Started Guides.
  • A subscription or test environment at Signicat

Configure the Authentictor

Create a new OIDC Authenticator. Enter the settings from Signicat . Client Authentication Method is client-secret. Enable Use HTTP Basic Authentication.

Scopes/claims

Multiple scopes can be used depending on which claims are needed. openid is mandatory. These claims are then exposed via the User Info endpoint.

Some of the claims contain a period .. The Curity Identity Server parses such claims as objects. The signicat.national_id scope is requested to get the national id of the subject. The responding claim will be signicat.national_id, being parsed as an object in the Subject attributes.

signicat: {
    national_id: "11113306361"
}
subject: "Nn5WJiuRB6D7GFXV6LNhx0gQUJyOnBtf"

An attribute in an object can be tricky to address in various areas of the product, for example in subsequent Authentication Actions. One way to solve this is to have a Script Action copying the national_id attribute out of the object.

function result(context) {
    var attributes = context.attributeMap;
    attributes.national_id = attributes.signicat.national_id;
    return attributes;
}

The national_id is now a separate subject attribute.

{
    national_id: "11113306361",
    signicat: {
        national_id: "11113306361"
    },
    subject: "Nn5WJiuRB6D7GFXV6LNhx0gQUJyOnBtf"
}

Conclusion

Using Signicat is a powerful way to enrich Curity Identity Server with eIDs. Integration is standard based using the built-in Open ID Authenticator making it easy to set up. Refer to the Signicat Docs for more details.