Permalink:
| Table of Contents |
|---|
This flow is currently working for suomi.fi strong identification in Finland.
User is redirected to a web page on ID service, which redirects user to the strong identification service, where the user will sign in to their bank or otherwise prove their identity, and are then redirected back to the ID service and the service will redirect back to the original service.
Endpoint URL without parameters: <baseUri>/openid/strongidentification
Method: POST or GET
Parameters:
...
Example URL with parameters:
https://fi.trivoreid.com/openid/strongidentification
?access_token=SY6DwAUw6G1XT463sV52FzZyi3gC4lk5
&successRedirectUri=https%3A%2F%2Fexample.com%2Fsuccess &failureRedirectUri=https%3A%2F%2Fexample.com%2Ffailure
Produce URL leading to interactive strong identification web page
Since server version 3.7 the URL for interactive strong identification is generated by requesting the URL via the Management API. The API can be called with Management API Client credentials or any valid access token (no specific scope is required). You need to provide the User ID, success redirect URI and failure redirect URI parameters.
See the API documentation for
POST <baseUri>/api/rest/v1/user/{userId}/strongidentification/interactive
for more details.
The produced URL is valid only for a short time, so it should be generated only immediately before user is forwarded to the URL.
Deprecated method to produce identification URL
In previous server versions the URL for interactive identification was produced by hand and required an access token. This method still exists but is not recommended.
Redirect user to the produced URL
Have the user open the URL in their web browser.
Wait for results
The identification process may end in success or failure. In case of success, the user is redirected to the provided success redirect URL. In case of failure (including the case of cancellation) the user is redirected to the failure redirect URL.
Failure redirect URI parameters
If identification process is not successfully finished, these parameters may be added to the failure URI.
...
| Error code | Meaning |
|---|---|
| not_available | Strong identification is not available for current user. |
| invalid_token | Access token is invalid or expired |
| saml_auth_fail | Authentication failed on SAML IDP side (for example, user cancelled) |
| internal | Unexpected internal service error |
| auth_fail | Internal authentication error (for example, configuration issue) |
Some graph
Sequence for suomi.fi strong identification + sign-in (Finnish)
Test credentials
Test credentials for suomi.fi identification + sign-in
The authotiry VRK provides test credentials at <https://palveluhallinta.suomi.fi/fi/tuki/artikkelit/5a82ef7ab03cdc41de664a2b>.
...