Versions Compared

Old Version 1

changes.mady.by.user John Jellema

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

...

Current Ubisecure SSO supports the following use cases for BankID

...

cases  via authentication method, Unregistered Device Swedish BankID

...

:

  • BankID authenticate on the same device
  • BankID authenticate on another device by scanning an animated QR code


Complete list of Swedish BankID use cases can be found in BankID Relying Party guidelines.Image Removedin Use cases (bankid.com).

The following diagram illustrates components participating in the BankID authentication. The end-user needs to download either a desktop or mobile BankID app in order to use this method.


Gliffy
imageAttachmentIdatt9255125060
baseUrlhttps://ubisecuredev.atlassian.net/wiki
macroId38ef3ced-d314-4210-bfe0-36da57abcd88
nameSwedisBankID-architecture
diagramAttachmentIdatt9255059521
containerId9165283721
timestamp1707822969180


Terminology

TermDescription
Relying Party (RP)A party that uses the BankID web service to provide authentication and signing functionality to the end user.
Backchannel authenticationA method of performing authentication transaction hidden from the client facing Animated QR codeA QR code being continuously updated, thereby making remote fraud more difficult, for details see QR codes (bankid.com)

Authentication flow

Swedish BankID authentication flow with two options is the following:

  1. After BankID authentication method has been selected an authentication request is directly sent to the Swedish BankID service and waiting page is shown to the user
    Image Added
  2. On the waiting page, the animated QR code is shown to the user for authentication on another device i.e. Mobile BankID app
  3. For authenticating on the same device the user can click Start the BankID app link to open BankID app and identify with it
  4. If user chooses to scan the QR code with Mobile BankID app after scanning he/she identifies either with security code, fingerprint or facial recognition in the Mobile BankID app.
    Image Added
  5. After successful authentication user is redirected to the application

You may customize the default SSO views, see Login user interface customization - SSO.

The intent text: "Logging in to Swedish BankID Application" in the BankID app can be customized like explained in Configuration of User Visible Data per application.

Technical information

Ubisecure SSO and related components act as a Relying Party to BankID service provider. This concept is strictly specified in BankID Relying Party guidelinesIntegration guide (bankid.com). It is highly suggested to read through the guidelines before proceeding to enable the authentication method.

Tip
titleBankID specification Web service API version
Ubisecure Swedish BankID is based on version 3.7 of the Relying Party guidelines.compatible with BankID Web service API v.6.0

Obtaining test and production certificates

...

Swedish BankID provider provides two environment; production and test. For test, you can get pre-defined certificates from the Relying Party guidelines page. For production you have to obtain the client certificate from the bank you purchase the service from. For more information, please refer to BankID Relying Party guidelinesIntegration guide (bankid.com).

Creating test accounts

Swedish BankID Relying Party info provides a document and instructions for obtaining a test BankID. You can find this document on the Relying Party guidelines Integration guide page mentioned above or use the direct link to How to get a test BankIDTest (bankid.com) .

Installing and configuring

...