Swedish BankID - SSO
Introduction
Swedish BankID is a strong personal identification method used in Sweden by individuals to authenticate and to conclude agreements on the Internet. Individuals having Swedish personal identity (personal number) and are registered in Sweden can have Swedish BankID through their bank. Client applications exist for mobile and desktop. For more information, refer to Welcome to BankID.
Ubisecure SSO is capable of acting as a relying party and authenticating Swedish BankID users via an external authentication adapter which is also covered under these pages.
Current Ubisecure SSO supports the following use cases via authentication method, Unregistered Device Swedish BankID:
- BankID authenticate on the same device
- BankID authenticate on another device by scanning an animated QR code
Complete list of Swedish BankID use cases can be found in Use cases (bankid.com).
The following diagram illustrates components participating in the BankID authentication. The end-user needs to download either a desktop or mobile BankID app in order to use this method.
Terminology
| Term | Description |
|---|---|
| Relying Party (RP) | A party that uses the BankID web service to provide authentication and signing functionality to the end user. |
| Animated QR code | A QR code being continuously updated, thereby making remote fraud more difficult, for details see QR codes (bankid.com) |
Authentication flow
Swedish BankID authentication flow with two options is the following:
- After BankID authentication method has been selected an authentication request is directly sent to the Swedish BankID service and waiting page is shown to the user
- On the waiting page, the animated QR code is shown to the user for authentication on another device i.e. Mobile BankID app
- For authenticating on the same device the user can click Start the BankID app link to open BankID app and identify with it
- If user chooses to scan the QR code with Mobile BankID app after scanning he/she identifies either with security code, fingerprint or facial recognition in the Mobile BankID app.
- After successful authentication user is redirected to the application
You may customize the default SSO views, see Login user interface customization - SSO.
The intent text: "Logging in to Swedish BankID Application" in the BankID app can be customized like explained in Configuration of User Visible Data per application.
Technical information
Ubisecure SSO and related components act as a Relying Party to BankID service provider. This concept is strictly specified in Integration guide (bankid.com). It is highly suggested to read through the guidelines before proceeding to enable the authentication method.
BankID Web service API version
Obtaining test and production certificates
In order to access Swedish BankID environments you have to obtain certificates for the access. A relying party needs two certificates:
- CA root certificate to trust the BankID service provider servers
- A client certificate for authenticating to the BankID service provider
Swedish BankID provider provides two environment; production and test. For test, you can get pre-defined certificates from the Relying Party guidelines page. For production you have to obtain the client certificate from the bank you purchase the service from. For more information, please refer to Integration guide (bankid.com).
Creating test accounts
Swedish BankID Relying Party info provides a document and instructions for obtaining a test BankID. You can find this document on the Integration guide page mentioned above or use the direct link to Test (bankid.com) .
Installing and configuring
Please refer to Installing and configuring Swedish BankID - SSO for more details on how to install, configure and deploy the authentication method.