User visible data is a text displayed to the user during authentication with BankID, with the purpose of providing context for the authentication and to enable users to detect identification errors and averting fraud attempts.
Usage in SSO
In order to customize the userVisibleData
parameter for the Swedish BankID Authentication, please update the BANK_ID_TEXT
internationalization message that can be found in the i18n/uas.properties
file.
The length of the text must be no longer than 1125 characters (including application name - see “Customization” paragraph)
Customization
The BANK_ID_TEXT
message can have the application display name injected. To do so, insert the placeholder {0}
at the desired location. For example:
BANK_ID_TEXT = You are trying to authenticate to {0}. Please confirm the operation.
If your configured application display name is My application
then the user will see:
You are trying to authenticate to My application. Please confirm the operation.
Application display name
Display name can be provided in one of the following ways:
from metadata:
client_name
field for OAuth2/OICDDisplayName
field for SAMLif above is not present:
hostname
redirect_uri
field for Oauth2/OICDassertionConsumerUrl
field for SAML
from
ftn_spname
request parameter if theAllowFtnSpname
is enabled (see https://ubisecuredev.atlassian.net/l/cp/cxk6skXX for details)
BankID documentation
BankID /auth endpoint documentation
BankID userVisibleData - example