Attributes reference
You use FTN to verify the end-user's identity and obtain relevant personal details about them. This page summarises the user information you can request and receive for the different protocols:
To control the providers available to your end-users for authentication, see the IdP scoping section.
OIDC claims and scopes
You can use the following scopes to request user information from an end-user using FTN:
To return nin
, ensure you have set ID Token User data to All in the Dashboard > OIDC clients > Advanced > Security tab.
For more information about how to control the returned claims, see Control the returned data in ID Token.
Response example
Scope: openid profile nin ftn-extra
{
"idp_id": "070770-905D",
"name": "Väinö Tunnistus",
"family_name": "Tunnistus",
"given_name": "Väinö",
"birthdate": "1970-07-07",
"nin": "070770-905D",
"nin_type": "PERSON",
"nin_issuing_country": "FI",
"ftn_idp": "fi-op",
"ftn_hetu": "070770-905D"
}
SAML 2.0 attributes
You can use the following attributes to request user information from an end-user using FTN:
Response examples
For FTN, you are required to receive encrypted responses. If you do not set this up correctly, FTN will fail and you will not be able to obtain any FTN authentication results. For details about how to set this up, see the general protocol description, Advanced URL configuration fields.
Here are two examples showing the user information as encrypted and decrypted.
Example assertions
- Encrypted
- Decrypted
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://*SP_APP_DOMAIN*/saml/acs" ID="_65db6fa76b80419aeee276b374370852" InResponseTo="_94c0124495547cd8550ae8afc2e11953" IssueInstant="2023-10-24T12:44:32.894Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://*YOUR_SIGNICAT_DOMAIN*/auth/saml</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_8831dd37777ceedb0825c971f5bc78a1" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey Id="_b29d08297631f9a2985cec1d70ab52c6" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<xenc11:MGF xmlns:xenc11="http://www.w3.org/2009/xmlenc11#" Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1"/>
</xenc:EncryptionMethod>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>aVMsVjf+G9R5eBqNHbOewME+xM2yPxCLtfmheKTNCql5+SmZ1YNtH/hCTvEber7TVSAgdKX29p4M7/tFFjs4rYS4tU369mye8BmTFaLPmozKYrZUXWo/yL6so16XpN357ayDuDO0+80aE75s/uGzyWSuSVvKf4dH8RXLuEhlIi1VGkmc+2e79FShKzPLKJTY/L9BTqYf/z1nZGExglUzPUp5f3uUs652ofKBKUdPOlmdGvMcflN7Crdy1+sH64GlWZ+AhodcaO/29ICu+MtHbc5QWYzRGuDhnKw7g0sHpg3EkWQA/ggiRL+tkYKrwtwrbCusnSXJH70CbWTLz+bkPpe3ZE6n0adlCkwFl2ffK5ewApp4dAqK0SCywjejtI8ywrJo/X9QI1HoZ0hPUfbZhMsXMwVxsw3EBOD/uF7rBxhmSJg+IQU0GC3AKNWX/2jWvW+OvJ1Sv10E5IHNKBDnWTuNawafUPd1+yulQrkWSYo/O2aHb4EQU3z04Txr4HLLiDK/ApzV5M27ezz+DuDuqMf3cziEVXwHcufcOD4KnRl5RB8PjWDQQxv23QHdudC0sYdkkwJAXx4cLFF42VCxDkORNd7rJCX5Il0zMyqksgw8zpzGaDBYBvH8Nc1tzGhgR5vGatRY0ptHAujK3MCZrzmYVLwAzqfAFbu3wMj7c8w=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>3/ma3IYCkmvnGNGqtCqpfXfNvgsSUJfIwYYz6PXuuPcNM/SY6LqQdUbwSYvYaNAqpyVUJ2wFl5dMpD6W/ojWe+ZQMO67zXcfONtnTF4qcdm0Adg3Pw1swmH2jEbap9eQqHGXEZKY9fE6ajWHbdNOF7ZW+gTr08hp2dnNS6QgR7HHfzDo8fQ4CA5qb1vQ9rnlqiq2/NnVG2JPELxfZSFb1JmnlSqu/qtOLIyAEKgh4zst4M0q0li0Am3G6me4GdON9sGoFoFfd7JAadGPeglGO5Ozzb8Y+ODOj1I7FSec43lln3FuZJ23Btm8145z0oGsJ7st6qEVYz3KCVn6WJmSeZ5/x3o5yDysDEcKLHz6DQxrkslMreg8xVlIRwmtFb0RVH6tq+JOEes4qAu9En0tLUH1UMAk6Y3fkonkEhKkIhSTzAoLQpRuaMXGHeA+tapLEhag013dfi/NA8nOys814Qe5SJJUDfOe5C6gWhHi3ebAporaxJ5WQ49BZmvjXWgnmw5OqcCKLe6jLFcTpx1GfcZy5KkS1Oot8B7POUJ0i9nWYpLfHRFONo0xFquFR6OexAEHozdkFvUjjm52i4zXyWVfS8O5cI/wFbLS8vcsj99Vf1H9weh01irmpt5Kkt77GfR3Z10qGYkehpVPMgHwXhGyfIM/RatwDlm7YUdbfdTkvMqcHVrC1bmY3g/IRJ33sdAMGvS0+ONLpJlNqyCdtzcMaJ27fiXqlyrzied+EDi1qAcsORV4LN21DmQe7jPXYIdDn5oDgC+PGznrRC/a44EiWWEKWKFf2qft9d40woda6p++EXvvVEUaLc2aiQuAaGPJTZXro6zxa/OzUQ/VKTS0UaPI4sUWcWJBWNRupqelsM8g/Bf4Sye4uONzjdhI4RW65VQzbJ5P8S+5c6jz0P46RrQZyeEgfLzm7sV4Jm4KqskNz+FCd6hKeTNjMG1WMBn8WudGl9Y54p2oL3EgmvTECjyi1e3lBDc94wLtyiMkXAxVEDWnO4Dv2TugndaN/VxVh74sAvRnlgC9+hJoe6wheQuckpqlqkWOgZM04nj7y57tDeveNQlVY8Wc8SPlMw4tAcgHINHS200qT0f0yZgU4gqmwpC46frItyTV6dcrvS2tHXzCwXpqXA03uIdzj8KY8WZkVfSgK8duKc8c6tUL9buvNo5Jz68zV7nCY54/Qf32Tc38fUP4MdbTM612ARNT18GbBJ+l5pvnYykqP8luzJUjB2kTulKuU613IDGTl7DayfZqMxMbkaXstrJ0z/v7LkoehCbgP+WHEmgfylkXKcLDOxes7l+S2tBN51ZqUKbhe0YO+lveKry2ctiMmGLo7ARnjaVJ4Ne9GH0bdbL1ECw14RcLkffWFP6Ag9lLw77SSE8F6GhS7u9IBqfxEJu+hBeSmCaTOOdSS5PeKv8e3yOt9Cc4cGRxkvmnNiur2Y4jHWcYx8bfwmUK8bA9I8HoFEBzcpv9rpp7ZHKA/1t3U0baRKBVdfFUSGAN2HEsIvazeHcvXtM3/vDBqBAk0nFmVuCdFTxrU9s1wn0cJLEsJ/RG8bk/d22p/57k5mDVtQDV1uZWe1svv0HTN7upcwVfxFnWg+Md2YSFJuT+/axnysZKvUwOTOVeO/1orLeOrf89bOwAycuMR2m//Kjijzy135ZjhXU7C9WKnYUi0yT2ofMlLkyNuwH871zFbL/1osUdQzOauuwBJ8TrwNq1uqyeORcxX77uYslKHjOMx+fjyTN7uE2a/Op9Vw6sRISHY65RhA5X2lrQy37u2k2A4G+XsKOlcvAxWilJHi355OSwh15v56NAu/VKo/gETSCl5mUR7YvteJrjwlqHcFtP2lRylN2mRSidYpYU/412wBaB5rF/daPiPZ7VY+4oRxGA3jhj3Pw3ZAbH3StPaQKRBzy61dG6JR2VZWk4bUtQ2vpzrzaE31xjxkIBvwLBxzlLKRKJ/GhM3J1bsVdZMRzQso4drvsSeHZ1ijlcz0h6MzbFpWMlmtLfNmJI2UO3B4G9USio7LaW8dfPUv3NAg8CDWd2fLFytFCJFD4IrF3L4FoV6ypUX0xj6AYEodBcDyXiskkDKt6B2Q9GHEdrW8WNr5PDM9Jb5JYfWEnb1dJTfiItBvhgiusdI/LmJRBOzr2b5HXNhkEX1odzb8tiVCdjYjOlV6KhZqRmHzz9vNnr6zx+iTl2h7iOnhoC0E5BxakVJq5nwJ783UGG/R1H9a10sXquzSODg9kpd0CkeMWLE390nDVDIBfPbVBh/hkj2xRjahZVfWd5DIpILRBovuMzJE9sGrQPfaIFXyptH3uLx/4BLdVy/UVoi4c5IPrBVPNVq2Gk38YQYmKBGcW9+7I3VaOos3vK+Y8xQkbI2zYLe0Jrdae2gqDz0pb9D6AdWwxLf9UkUi+FYzXkZK6dFdYEEYiHqZuUCodbQacWwPprJIRv6B3NuS2B4OnOCRgdLGji0QloiDMs9U/iKCaJy+CFHb8cPnEW2tfNWts/VOgRsyFrlEPr6QK8pdkFufTDEfujCJuk5bNByYNI1+s8Sn0GZat6LyYPhSnAUNOIrqkZHT5sKdfrgUfw5dwdSaTvSnJYpLvABPCeVoJwomaZsto2Mao8I4qVnhLUkGOe8ayHd1IxC/ukAtvSNV+soLngxAHNu9JtrLRJfHzjDsCOGBQbghf0MAULt28lbiypcJi23ZZkm8OBo0P5by/QBYlS/ZvaJZXtbeNJZigYHcMORO5woBtpQFNevx7aCoBZTrrEg3JJ+QPjBKWnS0ey5HGMQq7qBXF8RhTKRp4HrIoEjWZ87PSU11ZKHlDJMW4Zu0jnrfVPKCzKFfTSLMXlvbomTxgD0xX4hsToKNluO2c5mbafK4orX7k1uXRkJQdZee0OZr+M8pVKKz79i/T9Nx4td3QRm/3WyuoulaxIM6/WELKmqLAfb5cfaUKUvUGkQJWekWayzfIWR/g3EflFuyL/2IU60wXocbeNUVvwIuNBkQQro5QwvRPiGXuRzzfsPNxfpXztPA24bur5oZNS8jmBJLNcWK2hQit0Z0PYBWMfOSXI+riwEG5WmJzVFuXKYgtc9eS1YChCuf7e7Q8PqeXquP1ZuvefGisU9abp9N7v7tV95sU5JIk9ZKULmkdaxOJB1y44md+0VdX/qJgYIRSV7dwNq9kfp3HdFYZcph2/8LIls63OSxF8uqylTnp50ut9KCj94XoItJhEoyo6fEbnJhLLfXqPxdc/Y9Ia0G4244nzidW6QM3PqqxvUa7lttbOn1gFl5zpto8/hxG2TYeocLYs/j3dR+2hDjqtj751l19SYcLzwSJ1zPa8UgfHo4VsUQff6FBHIUtT7wzMY/9poPR7OkGBz61SVrY88gDTuFDWgBuCNNLPoc+k9jqy2o1lZowzGBG9Mv9q87nhXWoAmSzlTPVUF966ZiwpJN2VNKw/iUKvfoOFSyPSnFiuFNDZ2N5xp/MhUCaxBJ5ckbscZWU5JJ2fKkKWTwaLtaUjiOb2Vn2+Vts6CTAl5fHzxlbDXj83QWkVKJIeIHQvdaCrFCey6gjTkXYR9C16526SPT3PQGGjGUgSrgUWKHsF+2drkMWLOjmryaXiJYniwss57mW9d81GKS2zvLw1wM6YxHNuVpugYA8cLgn1Ti6VIyI7SMdCD2ag0GpQ6U5SL1/6MI0z2JbElJJAelV/fIyay+qOIdvz3wBceQ6SfRjAFWW69DcF3u60Uv/yPyY/oP5A75IEdAWzVB16th598AW4P+DX3xvKkTJ9GE/l+o3JwdY2t7uI4Hh3hbVfzvf/5kvYnRmE4+eVFF5YZ8zgJD7d9b5Rxl/lMHx2fTaDcXG18RfpJeQRtf68vO4YV01Vu5026Y6ziYq3CBxW2Cg3QH6Lp5stgBPp+4m16eS6HQC7GEG0HDhpjjApCbQMiMjqymwYid+A+g8waIK+59VlpAVkzPFfGOVDo0QtPpVOsLU0kRZ7BqfLL/2vw9A765Ant5XYWGt0AOVjKGZKPUGYSMnHx46DlnaqiGLfqu0fHnTKDM1CWd5wQy3sWhnxJ1QSYJkOuVxWdR3OHCIthUGI/LQGBwqcEu7ShWmi//osjgl9v6iX7ARMLoQPfvjdws5JV/pa4Oy9Gz11S/YkwSZK4FJIBcANs5L/yctLs/hR2FadLkDRMmm14I2eiM/8fDkoKwN/iPi4r9TvbFXmZu82qH10/iaPvSkuCPw4ZaO3C3CcJpeTm6BMjWaPrlCASVh0APqnuJ5EGCU1KzCsi569qZLAmM7DbAoctnMute6lh1i1KwB0b0iWvT8dkNYB8bwr+ybRKD9B7cZQOMevNUGfwfg0kQy/roKR063xZ6YJFxOeMrs+KsB2jGdGKeAs1iYslO9KfYzEmLzUOiTZuPzEkPgvpe7bMSpaZdzEjlXFKM8fGcdHyaSYL/exxpYOqFrMA9TtGJS9fMobinX7jAKvUXRyvI1wXF3ZE3FJKTdn6wfGUMvsy+IgLDhDhw+5O3zPzctZsrtenMZSsjqD5WeYf01329MboA/py0gBM60C91kF15cQOF69uwkfeDRKVYJKolGK2uC/aXMAbkJv4pYKvTETwdRW4VfaYSKrp4bfX6HI7snatXtTd1bUhGLRVB/V2wQrWfari8zTfgyOSx3uRGmi8soHY1BmxGMzxGMMs+rtj9zs4zz9K/b5x2LUJBo05Wwf13YhiMnj3AKyCg9Dvr1jZCRN8p2R7Quf+VkkaTewFP/OxNOv1KEzDMhJ46YsyktlWdsKb+ILdS3xrNfDhFmVi5fG9Mtm63eATjzHZLHO0ZRGr7POGDOf8J8fhhIhkaynk9pehV2dzK3RZWxcTeukm6zK8jMZvQQnp8C4xWToKjp8os91eDPKAL8UWQYQskl3b/XyvbIpeYM4qpnRr9yNi30P3QGk/CH/LbloKVqIRmrysFL6XMhmzfXeIWPRMRQI1epfhupIfIZBiZsNgvN/mpAHJjvdMKK2JSyFjFZYhgHd2Tqectw/EY6ePaFI5GhUCv69QIZ3RxYcmn6wMg1S1U5vOk9M2rwjEGA1yR0QdDSknrgi7qIt3vPOJ5cYGY3xIj7qT73elT+4b6NvXOojYpBKtV+EXYteDENeGvTV8TvywoRP1FTsJbFYw3BQTc7rmZ7BPSaSxESVWBGlfPrd8oMiD2hZRjmep3J9wCk4WyR/yIJbYIipV1cyQp734t6/vOGxPne/yCeQvwoxnDcViNDNvFYwLICv9YxoF+HpcY8bgZ712axPV1D0/8s5sQwzX7drlb+xaBu99OidPrKAhiL32Jk3r5cnNHZUCRVPosV1Lr5mIAL50ZI9n/AVpaEgUeD+kwKCsGlTmRnaoN662Hf8+JMfqMJdE9Dn5IxhLLOQ0THq/8cM+kQYuxyl0ZO6ISI+G/tQsL6gyLMVhiFs4D8xiRCW5FHz4gmLKHUzuSjILKJ6+x19VBrbTLyZG6Ax4AEum2zE0lNSJujylvzrSfIVTCJ8DVH7TOM8Vh2xkLcOqTsXR2X3TAncwPbRtXHeOeJGWmuI8Tofe+DjokucMOBI7joK7byKKFbMh/pDl/JypFA82IK2OagPj+Pfi0r8spe6C++FfyyVe/V2X56K7K+7dS07Zq/FLxRGYsnbh9NXqeS++9jg7mkNtZakOWImuLvvIU266h1wXrizSaASyHIQxdcuFR5n9cqCEpYGyRR3xfH2t9iwQrzcQmnio5BuTLrcGDrJENPx2ztZ0iF6x5bD5Jg+UL9Oq3YDkwFWi3H6FLWJEDSOHbGt1cbxaDpS5A+T9gBeoLJL4xViENXydMmkyzDbSmD/+w6HuWajiu/BI3CW1we2T0idQYnfEza5sP/ODVXmDve3QBKokJLGe91XTYQGaBq6BDWa/7hCYfbySRSeMX/lEt5KBjaJx3QSCr+IXudAvcli8E1jB/99dz49i1Zu9rZ8VDrwz5M3hs3z1w+5pwmEOWQ3ENrFVDX891GVZjqKqJ7DxKKVfdADEi8Yt50N/I/TYR/uyf0hqd7k5ntK6RXsEWxPFMwjj4oHp+84/1NJ23Cbl5xbpPStFb5ogeSh0G1SORNrMRu8CiotR16ej08i/MVw85A4tLqiHrGn7AMzHWpgAegu+vbmnXjygddiyY5372iJMtMtA+/1CXVVPsFDiINRM6Bqzm1TXt2/2aLy7vYT1yk2LhgdoiYs1stDNv+6rPdg5KoS4Eo5kpJg9xJgay5drAqe+mDomrga2XIUYznUr1kdP/VD6fA2OCkQxO7NTIevPGnLG/9b3pGt5SNsWTvsO1GTEC1nXdvQ16zxdOeKefDcNoD2uVQULbsyT0n7lFG80ia+uICBOz8o7vkv3hrNiaaQwUxpU3GRFKTvsNEtca5Wps5MM+THz/qqc9N/27CpKpCp6waN7rloJUtJ8pYVQPV5BAmuXm+cNvNzPyblNRmqI0B1nEuY7sqZX9n9SoXFA9Z70qRL0PTsDlBgHzKBQCWlImKDF4By24CztBzQht08Gc4M1GEe1GnrpBGKrAvEbA0cnNYIP/Ltbk2s7i/KP8TL4mRONyPkvrGoYNTdgMZSx7jlQtjiZvgI6d5I3EiH8+GF3U7HRrVi3DJDxGx/N203zGsHtaQ3sGRu3NX/gccpIg++gU7WwlOPxREYl4zWxVi/UbnoC7wwlBqYoRHfS/qB+ny0fPmzACpsLDz/tu3Fpep90Kz8iEKIkQ3AjeRSCgSHs2zhhH/x2CqYVt8uqauzLqAk7X1xKUi7ujSm+QVVuK6A/vqNy/RV/SGY0KWeSQnh59rn/4euDGML9xdCVKYmz8ngdH+16qZSJHCGB/46JJBtoe6uf0NeWGFSAJWSiSb3cN9qayrPvkvtMhhVm/mkZMK52rBEKsKgwdkdovujVn8XE7G7ed5aWmoBdgwbk1oHHRKMR2znUc9u0cVGsJmvPeNAjT7U+pjRRZvv3RWrSeE151WrrEPmSKE4H1LrBQqyq0ASTC/uSxawPdajgWW5TcOgdgonSm6ktutmWv17crMhAJdAVuweGIlfG2clHsx3fAyv1WLiJXgqUTR1Pp0dhYOjLNRCPUR4wYFvfZxi542BV5c4ua+uNdghc0JwhWK+KPEhB8L0u5lcUnkF/5OHEus91W2ip53PukXZ4fqowSFgjjlzMdsFqqWURbdkXenf640OVbgMbg2JLpI7HhHPHjZLMwmlXo4H7nbJw1PnC1Qtey6U4eJRpbBK7ZCXuPaVO08wjXT+p95sqio73BgOnrSjKvh9veqJ+c9fQ2FuI9gzcuR0jAt0Oqr1EN1o1w+AvdCqsJMP1tc1qKFnnpEabf+Mw1CG6jerBlIWpSl2S7mqVydBBL7JUcWkkJRArwcLRTkx+KOITptkWkCtqyX0xYCBBKVoD6sOVEaWr23Au7uu4UUaF8UX5qe7nPPNM/wLb7OYbkxglXkNihaYSuDJkU3Bv60k2+uV7pwK3Usbb4ijCuMbcUltWu2cPUgCg/5vndqB/Rwwvn9ZxlnMEkkkjehCt3ZL71NJRldLlx+bvbXIm34u/7mVI/efUHokpENd/ql1XLqsK9Fiok6b2k2361usrmSQ0FByGhUHh6CIu922wODwX9LIJJD7ROJVNXiv9aoGwIxhUgGqg0kO4YOE5TxSdK9AbxDPlCN7U9u02nZYN2VK7SoKGsaOX4Qf/hS+AmJw2dScag1e+UpRAQsgSiRX4YkY4f8KOVo69v2KJfLewFB8K3o0D5lBgPRsGby9jjWxBi10u1VkHXJQhmR3Eg2JFxdXpLJPPS6zzJMcHeFeOG3ROd1++ejK68va6qqSIcjG2DvFKvOLafX6uwY6iQZ9N6Va5vYvgkH6PyFkBCwTVeZxFX26/dDGfd2SN4Z4v2DnDaHyGIlRs/gfY8ealitfOhrPx+7Moob3Hux3fqPAcxJgDrdyguB+/MaI5hfKtXc49vSPue861ZQmDLrlgBJvzVFywQXD+DXtU8ygy/vITjVoNtQ7sS9c/xZQ8C27ydeN4AyxuxU+AvFmWV+C76dzSCjICCQ0XJrcuFH0qyo3NqzTfGKNYDBDYj05AACNx678CFXwar++rIgJNdXXL4Qxcg1oWIv5PRTMnT5QLV4Nd4q0blrmr0gHDf2DGNULxu8SDQPRd5QnV0SsDA4e3704GRDlK2zHmgKmHxCPhnd/zKTp+YZomKRy8JEo6GWQPXqyFjwJbl5aqjT32S1K6qqYwUMcEnof4YElre84PvbZ+6lk+enS/Ert/EFjN2YTBVo1TM7tMr0LjGGai+bb6Jg4hnkEG/Ok6B6AcvJaYKkH/LBQ8XUKTMgdm7xXztqWZ67dLtO/C7H7Oa4B4Mg0S6fxJJ79z5XAXKrAoYE8SWalFr8T7ZqK3F+/t2fRJOvePToppkNlm7Gohun/AWDZkp22T1IjW/d08d6Lh05GCQr9zXOjoViWzvyz6elVPyl6hEU7QMqqYhlE3aMO9RjCe5BYPgn6skinpAn9JcWdQsyHyHF8vWPHWKm4iUDmwR2WgQncf1XOXjVthT3QeVxH0GuwDj/f8/NJPi2ZG0wG4PsLGFQGOx+by43Yw9fjQsc5ZwSECCmZVwg5Rt1+WNih58Zzz+bjRD0W6FaAGPPbP6zI9A9HTVLBY95owz7QJk7oXs9ak9+cLSj4Aq8itgsS/l3ceuIaIcI74momLZh2JAVOvQQAZ/fjVxlji0oLV67zSojhBItMtqQz4LsLvfJgWxySma1rZPFUyKYZ18bkv48CZNPr01/84JyQw1opPYQR1fKpSsAODAcsoz6GSSBJCuKK84Wci7PUYzkLfvu13OWX2CRcJIvpMcArMBz81D2qiRqjZvSxx2zCR7N7ZQqx21/e1liSL1k0jh7oaMXgjIz9SUkA93IpfXQephUQ1JPXatb63wZKN7CRDspmnjB2yPHxunYFdAZYYPO32uKusspS4E+6qtbTSryLsEiAY6BXORBnW9AZj8w/VeaRcZuCK3UTjxZfX2rk8ujzrrEdpT49CnSrWkzNZ0T6sU7LXpv79T51R2E8N2UbLNlMbu4Q5+nbISSbRMggvFmM2oCpiyp1nMkVMnEeQtAHa7+0AYvCc270wYNLus6kRkuRRcg0RgE4nWlHI55kmOD3hLfQ8Rc/Ub7tguVEGoRig44YyeaRf2gI5vOaOY/B89/tN13+cy7+XjWCjYtWShaR9yQRgKYFWJunGcoZdfLi2ARTkjZOmlUK8aDaY6IQpit/Xt5OZGif9C843QoBGIU0JIkfQ4FLwr0F3+cDdfgRgULAs0nKu1HdQztBVR8Zt5Hyt/mKujUXeGU//ZIc0vF/EdkFj28URaqqK6vB6/4EireP95HKkYJHJH7aB13fQBHQ6q8wYFAz3SuOiXCnjVVLG+joWnNSqJhv55q8q8I0sxSoTPCPy62yl3S/8Zfai3JtioCKGaRs87+TOrNMC8MccEY1fnAknKwVDcK8URo2p+M+OQ5s1iddRR/HsCo1mNZYLclKXy6VrotbjrnulVDqhJzU+7mJdhunjtaGqwdS5NtiMBFc0qLsCNRn4W1BET2lICavXEFSgPadUGn/RS7IQlNFsNqxe/dFDc4nkItGgA9ARCo21hI73wBHkdC/pplyVVJZeUDj4uRYuJSm+aNk71M+qPSW0qRWFsu0x2C4q4U0MZgCk6XbQqObYVLKVXikRzvBu68PZ3f1YLVNCz4aeZHIINliRQeazpS892bsgwkXNrEPJpXEevACWYNhWLv60g5msEKq2Jg1wDs2CIa8+11iVTP2jQRkaX+S4rpLzbtfS9cVw9JsmbFsF7JhJatBWR/pmUsrH8bxJUIzvOfz+EiE+LH/QLeEdOtRVUkUzU1KUBoAOC7q6qPkzlsr/zY2AtzKEQaz+U22P+MSyP966ey3gulEAkT96vMymRS7W57l8PpoW3BWNdL2QuIrGbRMTRgbJSCxgwtNHPXh5OIqz3zRihG081eTcNOQpXBA6HJegmB3zH01L4rcAiOaktDNFBjWH1Ltr7i1gwrh2X7PRa8Drs3JGG+BT2C8XJURChYVsrsOZqmwblvk4JcIrJ2VKobDS2Ob9bCl0/KntiH9KEx4EPQWTWu02XuscWjZPxdS0iZ9c6Su7Fx6ngJWR7n6Pmg=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml2:EncryptedAssertion>
</saml2p:Response>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema" ID="_64dbbe51cdcbf0932243a7f9e4981689" IssueInstant="2023-10-24T12:59:54.900Z" Version="2.0">
<saml2:Issuer>https://*YOUR_SIGNICAT_DOMAIN*/auth/saml</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_64dbbe51cdcbf0932243a7f9e4981689">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xsd"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>qyBCtvNbVcq6pqDh3ZzzcuxplB5TqzMR8Gxsk2z9qJE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>DvBs/ct62ljf0ILU+vVvU9h5DWcQDGhAydrfb8GSY7NkGDr4bbCHB0tHz3pRbYfMhW2fTFllCH0GaUtHD45RvzLcehMsW4+F01TMFV++HgYlNnwtoBOX76d9OyJkXI3D9Eq9bLpqyquhLXl9AHz8foKDNSt46jVoZMzd1EJz5/0qrg/N2iR+qD9szt0MjLRy65jcoVhfupv5MElBpK9GCTIvSCbelqw3BeCWHU+NLQwlLEqNcfzbc2BU60EjR8tL9E2XLMT9hiAztT1fI8Jp9OC/VP9KAdVnLQbiOnIQEJtIcXbMRhFKu1JmZkVFzQpf5UgkFf2VyfBWxP3f6FpB08mLXuoAyO3ekFkUdieCGyHe/MfE/tCvJQfPNupMP+8oIdIxkAzClLLwJsgtc0goLcdrl9/Bnp+3eTFHK0qWVYlMbDU31I3YnVgqNcGgAq6M7ndp9lG0sG3v57lP+VEQmS5R0SUMaE893mQW0hRPnsp5l20HtBtXO7ZXCTniSXfjHMUdD5QMVcmLowPTYCMWPkm8YyYmbNw2NmRY+jUa56U+J9HEyYyqogN5ftb9KFGW9pDUaiI+tv/o9ioP1BN0qY00wRfeRc3A8k9t490sS7XlIHfA1GtiOYlGY+ThqABvjbgPf6x3iIXF7yJ1MPPcn8hHxyidmioFBc8hspG7o0k=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIILjCCBhagAwIBAgIUTHHk/KmVYAobZ0zz9JTbsdsW7oMwDQYJKoZIhvcNAQELBQAwgYAxCzAJBgNVBAYTAk5MMSAwHgYDVQQKDBdRdW9WYWRpcyBUcnVzdGxpbmsgQi5WLjEXMBUGA1UEYQwOTlRSTkwtMzAyMzc0NTkxNjA0BgNVBAMMLVF1b1ZhZGlzIFBLSW92ZXJoZWlkIFByaXZhdGUgU2VydmljZXMgQ0EgLSBHMTAeFw0yMjExMDEwOTI5NTlaFw0yNTExMDEwOTI0MDBaMIGFMQswCQYDVQQGEwJOTDErMCkGA1UECgwiQ29ubmVjdGVkIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEdMBsGA1UEBRMUMDAwMDAwMDMyNDQ0NDAwMTAwMDAxKjAoBgNVBAMMIXNpZ25pbmctZHRwLWRldi5icm9rZXIubmctdGVzdC5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIZBHYuIhSPA/nOioZe0kI1CH5LmTY5K4Q4WfeTBUjvca8PsmDrUIShdrG8ie596jYZqsUdXBw9YiJ4ZqUBHtbbN/eMBb8QBmnlLMJhPH8wXo+2LLGSdfwW0ltLkXz7vauvjdnLpdKqeCc/Sq5EFygU4nnMRbuhZV0gbV3PQ4iEUxIy1p+yHMqQKuJC1s3mM2fqkh5M30+P+3bdWCp8TSV3y0ffsuSSzi/V/BlIdN3Cw7GCgL1MvqIPZS279CjorsXftMgJRdi2boc9m22rBacF6E2Qc7Xh1Hotrfde3UDxT2+xdSVPN5LzIcCspnxrqEWeug7lID/c6+jkOrOOxk6on9Ba4JpoY/eN99YTl7Gbounw2cJvGuQJD1XyYloLgwmzrAi5jXatE/+/+zGi2Ij0H0VcCtP3I9fJM1Pkg/M5uqjGk2EPv/wymODxU308wRIsYArEUVdF06MEM+Z/nueRHhivRilgNFevoGA9XPwTlVKJ8Xz8SWxr+JtwWGEJ5qRnex31eiQgiLMRLWiQpWw1Uo7fDmyhc57hONkmvJuz+riA8ysCt++duTpbwZPrsmqLpZoDrT/Mpe0sLANBcbf1jlij+wFhEbCu1GSjUGst4+BmaPzp3mkTlBN6L6gN+RPcF5crixYZ82uUf7dUSOn5ynY3GsWLn0euTVYrBRuF5AgMBAAGjggKXMIICkzAfBgNVHSMEGDAWgBS5bKYTursvNGODMS75fkkd3wD1YzB9BggrBgEFBQcBAQRxMG8wPgYIKwYBBQUHMAKGMmh0dHA6Ly90cnVzdC5xdW92YWRpc2dsb2JhbC5jb20vcGtpb3ByaXZzZXJ2ZzEuY3J0MC0GCCsGAQUFBzABhiFodHRwOi8vc2wub2NzcC5xdW92YWRpc2dsb2JhbC5jb20wLAYDVR0RBCUwI4Ihc2lnbmluZy1kdHAtZGV2LmJyb2tlci5uZy10ZXN0Lm5sMIIBMAYDVR0gBIIBJzCCASMwggEfBgpghBABh2sBAggGMIIBDzA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5xdW92YWRpc2dsb2JhbC5jb20vcmVwb3NpdG9yeTCB1gYIKwYBBQUHAgIwgckMgcZSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHJlbGV2YW50IFF1b1ZhZGlzIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IGFuZCBvdGhlciBkb2N1bWVudHMgaW4gdGhlIFF1b1ZhZGlzIHJlcG9zaXRvcnkgKGh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tKS4wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwucXVvdmFkaXNnbG9iYWwuY29tL3BraW9wcml2c2VydmcxLmNybDAdBgNVHQ4EFgQUxNJtx1A2SisHfrPeIRZLKArb4C0wDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4ICAQAbZ1xC9Gy5GasdwegOXV2+WOEgjRBZQIwi4NcRUf323n2u90928z4ePw6l9By673LqyXmtGFFizdsc+AmdJneDo8KFKsq2QNzEZzNWSuEo0kNK/W6T2z8RreElfm78jHVtmMkFuUbAcyYNQX1LR3GnXlibkWdtnAQSIi+QoOhDovPYyQHmZp7ECnGoz4gRyVOHQ5LCldT+aHGtqnfRbhyYnB0Qdvd6xpvtiWRTd4hc3kzdYWlvzlObDKn0GPmlhbXqiPVgiHHAgee1mCgg3crzQLdl8LR2z6uzaPiKHcSI/LbrLau9hWtPzLOAJrmx+WpcZlVxlFhnEuOwVeupePs4HyktU7syB4KNpkSAijEzP2LPeHk0H0wy8M/XVE28OqIe+W+Shs6dcrQKsdNN6VyP/NrCJv58g7oQExpLGpN30+uOvSK4pZxovez+K6hi6J9h68T2tZor5ctbkBUfB8KgmDR6qBmcMVCgjJsj+3TmnaP/4Lmg5X65Y8uQgvfUokLZYWtsN3XXXQTaBwgESMLUaW7ToUBFITb87ChM/sOTWsPuJo8wLpRfqWqsQOe2hv7Cee5WihJftaMmkAdnRs/m8mPyM5zAVxlWviy7P9O6/QfVn6gov78nULfg+tm949xYJ0PSEZMODDmcbS5dcdyyRb+xlgTI+QQi1I4w1Na6Vg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="FTN">SPN8DoL016CEA5Uh4kSOc5u8mynlyGGFKyD0XMH3BI4=</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData InResponseTo="_ccf3677b6932589b330fb0cce2f2d4dd" NotOnOrAfter="2023-10-24T13:01:54.903Z" Recipient="https://*SP_APP_DOMAIN*/saml/acs"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2023-10-24T12:59:49.905Z" NotOnOrAfter="2023-10-24T13:01:54.905Z">
<saml2:AudienceRestriction>
<saml2:Audience>ENTITY_ID</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AttributeStatement>
<saml2:Attribute Name="dateOfBirth">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">2000-01-01</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="ftnHetu">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">010100A001N</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="name">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">TEEMU TESTAAJA</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="nin">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">010100A001N</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="nin.issuingCountry">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">FI</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="nin.type">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">PERSON</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="firstName">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">TEEMU</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="ftnIdp">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">fi-pop</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="lastName">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">TESTAAJA</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthnStatement AuthnInstant="2023-10-24T12:59:54.912Z" SessionIndex="b204887b-bd8b-4cfa-9cfa-52335aa94d3b">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract</saml2:AuthnContextClassRef>
<saml2:AuthenticatingAuthority>FTN</saml2:AuthenticatingAuthority>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
Authentication REST API attributes
The Signicat Authentication REST API supports the following request and response attributes for FTN:
Response example
Here is a section of the response showing the user information attributes:
"subject": {
"id": "tPrysd7qtFvlSEBh7sYG0R8LXYYIgnZ5RmlR-Vl9IEs=",
"idpId": "070770-905D",
"name": "Väinö Tunnistus",
"firstName": "Väinö",
"lastName": "Tunnistus",
"dateOfBirth": "1970-07-07",
"nin": {
"value": "070770-905D",
"issuingCountry": "FI",
"type": "PERSON"
},
"ftnHetu": "070770-905D",
"ftnIdp": "fi-op"
}
For FTN, you are required to receive encrypted responses. If you do not set this up correctly, FTN will fail and you will not be able to obtain any FTN authentication results. For details about how to set this up, see the general protocol description, Encrypted responses from Signicat.
IdP scoping
When authenticating end-users with the Finnish Trust Network (FTN), you can restrict which providers/banks to include in the authentication process.
The table below shows the parameters that you can use to restrict the list of providers for FTN:
To learn more about this, see the IdP scoping documentation.
Example with OIDC
With OIDC, you specify which FTN providers to show with the ftn_idp
parameter in the ACR values. For example, to only make available for authentication Aktia and Bank of Åland, pass the following query parameter in your authorization request:
acr_values=ftn_idp:fi-aktia,fi-alandsbanken