User visible data is a text displayed to the user during authentication with BankID, with the purpose of providing context for the authentication and to enable users to detect identification errors and averting fraud attempts.
Usage in SSO
In order to customize the userVisibleData
parameter for the Swedish BankID Authentication, please update the BANK_ID_TEXT
internationalization message. Instructions on the process can be found here: https://ubisecuredev.atlassian.net/l/cp/c1B1dWTf.
The length of the text must be no longer than 1125 characters (including application name - see “Customization” paragraph)
Customization
The BANK_ID_TEXT
message can have the application display name injected. To do so, insert the placeholder {0}
at the desired location. For example:
BANK_ID_TEXT = You are trying to authenticate to {0}. Please confirm the operation.
If your configured application display name is My application
then the user will see:
You are trying to authenticate to My application. Please confirm the operation.
Application display name
Display name can be provided in one of the following ways (listed in the order of preference):
from
ftn_spname
request parameter if theAllowFtnSpname
is enabled (see https://ubisecuredev.atlassian.net/l/cp/cxk6skXX for details)from metadata:
client_name
field for OAuth2/OIDCDisplayName
field for SAML
hostname from request parameter:
redirect_uri
for OAuth2/OIDCassertionConsumerUrl
for SAML
BankID documentation
BankID /auth endpoint documentation
BankID userVisibleData - example