Skip to main content

Attributes reference

You use FTN to verify the end-user's identity and obtain relevant personal details about them. This page summarises user information you can request and receive for the different protocols:

To control the providers available to your end-users for authentication, see the IdP discovery section.

OIDC claims and scopes

You can use the following scopes to request user information from an end-user using FTN:

ScopeOIDC ClaimExampleDescription
idp-ididp_id070770-905DPersonal identifier set by the identity provider.
profilenameVäinö TunnistusFull name of the end-user.
given_nameVäinöFirst name of the end-user.
family_nameTunnistusSurname of the end-user.
birthdate1970-07-07Date of birth of the end-user.
ninnin070770-905DNational identification number (HETU) of the end-user.
nin_typePERSONType of national identity number.
nin_issuing_countryFIIssuing country of the national identity.
ftn-extraftn_idpfi-opCode name of the specific eID method in FTN. In this example, the Finnish OP Bank Group.
ftn_hetu070770-905DEnd-user's personal identity code (HETU: henkilötunnus). For information about the format, see for example https://dvv.fi/en/reform-of-personal-identity-code.
ftn_satu100000001NFinnish unique identification number (SATU: sähköinen asiointitunnus).
Important

To return nin, ensure you have set Id Token User data to All in the Dashboard > OIDC clients > Advanced > Security tab.

Response example

Scope: openid profile nin ftn-extra

{
"idp_id": "070770-905D",
"name": "Väinö Tunnistus",
"family_name": "Tunnistus",
"given_name": "Väinö",
"birthdate": "1970-07-07",
"nin": "070770-905D",
"nin_type": "PERSON",
"nin_issuing_country": "FI",
"ftn_idp": "fi-op",
"ftn_hetu": "070770-905D"
}

SAML 2.0 attributes

You can use the following attributes to request user information from an end-user using FTN:

AttributesExampleDescription
idtPrysd7qtFvlSEBh7sYG0R8LXYYIgnZ5RmlR-Vl9IEs=Stable per-organisation identifier for the authenticated end-user. Can be used to recognise the end-user across authentication sessions. Note: This attribute will always be returned and does not need to be requested.
idpId070770-905DPersonal identifier set by the identity provider.
nameVÄINÖ TUNNISTUSFull name of the end-user.
firstNameVÄINÖFirst name of the end-user.
lastNameTUNNISTUSSurname of the end-user.
dateOfBirth1970-07-07Date of birth of the end-user.
nin070770-905DNational identification number (HETU) of the end-user.
nin.issuingCountryFIIssuing country of the national identity.
nin.typePERSONType of national identity number.
ftnIdpfi-opIdentifier for the specific eID method in FTN. In this example, the Finnish OP Bank Group. For a full overview, see the About page.
ftnHetu070770-905DEnd-user's personal identity code (HETU: henkilötunnus). For information about the format, see for example https://dvv.fi/en/reform-of-personal-identity-code.
ftnSatu100000001NFinnish unique identification number (SATU: sähköinen asiointitunnus).

Response examples

FTN requires message encryption

For FTN, you are required to receive encrypted responses. If you do not set this up correctly, FTN will fail and you will not be able to obtain any FTN authentication results. For details about how to set this up, see the general protocol description, Advanced URL configuration fields.

Here are two examples showing the user information as encrypted and decrypted.

Example assertions

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://<YOUR_DOMAIN>/saml/acs" ID="_65db6fa76b80419aeee276b374370852" InResponseTo="_94c0124495547cd8550ae8afc2e11953" IssueInstant="2023-10-24T12:44:32.894Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://<YOUR_SIGNICAT_DOMAIN>/auth/saml</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_8831dd37777ceedb0825c971f5bc78a1" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey Id="_b29d08297631f9a2985cec1d70ab52c6" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<xenc11:MGF xmlns:xenc11="http://www.w3.org/2009/xmlenc11#" Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1"/>
</xenc:EncryptionMethod>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>aVMsVjf+G9R5eBqNHbOewME+xM2yPxCLtfmheKTNCql5+SmZ1YNtH/hCTvEber7TVSAgdKX29p4M7/tFFjs4rYS4tU369mye8BmTFaLPmozKYrZUXWo/yL6so16XpN357ayDuDO0+80aE75s/uGzyWSuSVvKf4dH8RXLuEhlIi1VGkmc+2e79FShKzPLKJTY/L9BTqYf/z1nZGExglUzPUp5f3uUs652ofKBKUdPOlmdGvMcflN7Crdy1+sH64GlWZ+AhodcaO/29ICu+MtHbc5QWYzRGuDhnKw7g0sHpg3EkWQA/ggiRL+tkYKrwtwrbCusnSXJH70CbWTLz+bkPpe3ZE6n0adlCkwFl2ffK5ewApp4dAqK0SCywjejtI8ywrJo/X9QI1HoZ0hPUfbZhMsXMwVxsw3EBOD/uF7rBxhmSJg+IQU0GC3AKNWX/2jWvW+OvJ1Sv10E5IHNKBDnWTuNawafUPd1+yulQrkWSYo/O2aHb4EQU3z04Txr4HLLiDK/ApzV5M27ezz+DuDuqMf3cziEVXwHcufcOD4KnRl5RB8PjWDQQxv23QHdudC0sYdkkwJAXx4cLFF42VCxDkORNd7rJCX5Il0zMyqksgw8zpzGaDBYBvH8Nc1tzGhgR5vGatRY0ptHAujK3MCZrzmYVLwAzqfAFbu3wMj7c8w=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>3/ma3IYCkmvnGNGqtCqpfXfNvgsSUJfIwYYz6PXuuPcNM/SY6LqQdUbwSYvYaNAqpyVUJ2wFl5dMpD6W/ojWe+ZQMO67zXcfONtnTF4qcdm0Adg3Pw1swmH2jEbap9eQqHGXEZKY9fE6ajWHbdNOF7ZW+gTr08hp2dnNS6QgR7HHfzDo8fQ4CA5qb1vQ9rnlqiq2/NnVG2JPELxfZSFb1JmnlSqu/qtOLIyAEKgh4zst4M0q0li0Am3G6me4GdON9sGoFoFfd7JAadGPeglGO5Ozzb8Y+ODOj1I7FSec43lln3FuZJ23Btm8145z0oGsJ7st6qEVYz3KCVn6WJmSeZ5/x3o5yDysDEcKLHz6DQxrkslMreg8xVlIRwmtFb0RVH6tq+JOEes4qAu9En0tLUH1UMAk6Y3fkonkEhKkIhSTzAoLQpRuaMXGHeA+tapLEhag013dfi/NA8nOys814Qe5SJJUDfOe5C6gWhHi3ebAporaxJ5WQ49BZmvjXWgnmw5OqcCKLe6jLFcTpx1GfcZy5KkS1Oot8B7POUJ0i9nWYpLfHRFONo0xFquFR6OexAEHozdkFvUjjm52i4zXyWVfS8O5cI/wFbLS8vcsj99Vf1H9weh01irmpt5Kkt77GfR3Z10qGYkehpVPMgHwXhGyfIM/RatwDlm7YUdbfdTkvMqcHVrC1bmY3g/IRJ33sdAMGvS0+ONLpJlNqyCdtzcMaJ27fiXqlyrzied+EDi1qAcsORV4LN21DmQe7jPXYIdDn5oDgC+PGznrRC/a44EiWWEKWKFf2qft9d40woda6p++EXvvVEUaLc2aiQuAaGPJTZXro6zxa/OzUQ/VKTS0UaPI4sUWcWJBWNRupqelsM8g/Bf4Sye4uONzjdhI4RW65VQzbJ5P8S+5c6jz0P46RrQZyeEgfLzm7sV4Jm4KqskNz+FCd6hKeTNjMG1WMBn8WudGl9Y54p2oL3EgmvTECjyi1e3lBDc94wLtyiMkXAxVEDWnO4Dv2TugndaN/VxVh74sAvRnlgC9+hJoe6wheQuckpqlqkWOgZM04nj7y57tDeveNQlVY8Wc8SPlMw4tAcgHINHS200qT0f0yZgU4gqmwpC46frItyTV6dcrvS2tHXzCwXpqXA03uIdzj8KY8WZkVfSgK8duKc8c6tUL9buvNo5Jz68zV7nCY54/Qf32Tc38fUP4MdbTM612ARNT18GbBJ+l5pvnYykqP8luzJUjB2kTulKuU613IDGTl7DayfZqMxMbkaXstrJ0z/v7LkoehCbgP+WHEmgfylkXKcLDOxes7l+S2tBN51ZqUKbhe0YO+lveKry2ctiMmGLo7ARnjaVJ4Ne9GH0bdbL1ECw14RcLkffWFP6Ag9lLw77SSE8F6GhS7u9IBqfxEJu+hBeSmCaTOOdSS5PeKv8e3yOt9Cc4cGRxkvmnNiur2Y4jHWcYx8bfwmUK8bA9I8HoFEBzcpv9rpp7ZHKA/1t3U0baRKBVdfFUSGAN2HEsIvazeHcvXtM3/vDBqBAk0nFmVuCdFTxrU9s1wn0cJLEsJ/RG8bk/d22p/57k5mDVtQDV1uZWe1svv0HTN7upcwVfxFnWg+Md2YSFJuT+/axnysZKvUwOTOVeO/1orLeOrf89bOwAycuMR2m//Kjijzy135ZjhXU7C9WKnYUi0yT2ofMlLkyNuwH871zFbL/1osUdQzOauuwBJ8TrwNq1uqyeORcxX77uYslKHjOMx+fjyTN7uE2a/Op9Vw6sRISHY65RhA5X2lrQy37u2k2A4G+XsKOlcvAxWilJHi355OSwh15v56NAu/VKo/gETSCl5mUR7YvteJrjwlqHcFtP2lRylN2mRSidYpYU/412wBaB5rF/daPiPZ7VY+4oRxGA3jhj3Pw3ZAbH3StPaQKRBzy61dG6JR2VZWk4bUtQ2vpzrzaE31xjxkIBvwLBxzlLKRKJ/GhM3J1bsVdZMRzQso4drvsSeHZ1ijlcz0h6MzbFpWMlmtLfNmJI2UO3B4G9USio7LaW8dfPUv3NAg8CDWd2fLFytFCJFD4IrF3L4FoV6ypUX0xj6AYEodBcDyXiskkDKt6B2Q9GHEdrW8WNr5PDM9Jb5JYfWEnb1dJTfiItBvhgiusdI/LmJRBOzr2b5HXNhkEX1odzb8tiVCdjYjOlV6KhZqRmHzz9vNnr6zx+iTl2h7iOnhoC0E5BxakVJq5nwJ783UGG/R1H9a10sXquzSODg9kpd0CkeMWLE390nDVDIBfPbVBh/hkj2xRjahZVfWd5DIpILRBovuMzJE9sGrQPfaIFXyptH3uLx/4BLdVy/UVoi4c5IPrBVPNVq2Gk38YQYmKBGcW9+7I3VaOos3vK+Y8xQkbI2zYLe0Jrdae2gqDz0pb9D6AdWwxLf9UkUi+FYzXkZK6dFdYEEYiHqZuUCodbQacWwPprJIRv6B3NuS2B4OnOCRgdLGji0QloiDMs9U/iKCaJy+CFHb8cPnEW2tfNWts/VOgRsyFrlEPr6QK8pdkFufTDEfujCJuk5bNByYNI1+s8Sn0GZat6LyYPhSnAUNOIrqkZHT5sKdfrgUfw5dwdSaTvSnJYpLvABPCeVoJwomaZsto2Mao8I4qVnhLUkGOe8ayHd1IxC/ukAtvSNV+soLngxAHNu9JtrLRJfHzjDsCOGBQbghf0MAULt28lbiypcJi23ZZkm8OBo0P5by/QBYlS/ZvaJZXtbeNJZigYHcMORO5woBtpQFNevx7aCoBZTrrEg3JJ+QPjBKWnS0ey5HGMQq7qBXF8RhTKRp4HrIoEjWZ87PSU11ZKHlDJMW4Zu0jnrfVPKCzKFfTSLMXlvbomTxgD0xX4hsToKNluO2c5mbafK4orX7k1uXRkJQdZee0OZr+M8pVKKz79i/T9Nx4td3QRm/3WyuoulaxIM6/WELKmqLAfb5cfaUKUvUGkQJWekWayzfIWR/g3EflFuyL/2IU60wXocbeNUVvwIuNBkQQro5QwvRPiGXuRzzfsPNxfpXztPA24bur5oZNS8jmBJLNcWK2hQit0Z0PYBWMfOSXI+riwEG5WmJzVFuXKYgtc9eS1YChCuf7e7Q8PqeXquP1ZuvefGisU9abp9N7v7tV95sU5JIk9ZKULmkdaxOJB1y44md+0VdX/qJgYIRSV7dwNq9kfp3HdFYZcph2/8LIls63OSxF8uqylTnp50ut9KCj94XoItJhEoyo6fEbnJhLLfXqPxdc/Y9Ia0G4244nzidW6QM3PqqxvUa7lttbOn1gFl5zpto8/hxG2TYeocLYs/j3dR+2hDjqtj751l19SYcLzwSJ1zPa8UgfHo4VsUQff6FBHIUtT7wzMY/9poPR7OkGBz61SVrY88gDTuFDWgBuCNNLPoc+k9jqy2o1lZowzGBG9Mv9q87nhXWoAmSzlTPVUF966ZiwpJN2VNKw/iUKvfoOFSyPSnFiuFNDZ2N5xp/MhUCaxBJ5ckbscZWU5JJ2fKkKWTwaLtaUjiOb2Vn2+Vts6CTAl5fHzxlbDXj83QWkVKJIeIHQvdaCrFCey6gjTkXYR9C16526SPT3PQGGjGUgSrgUWKHsF+2drkMWLOjmryaXiJYniwss57mW9d81GKS2zvLw1wM6YxHNuVpugYA8cLgn1Ti6VIyI7SMdCD2ag0GpQ6U5SL1/6MI0z2JbElJJAelV/fIyay+qOIdvz3wBceQ6SfRjAFWW69DcF3u60Uv/yPyY/oP5A75IEdAWzVB16th598AW4P+DX3xvKkTJ9GE/l+o3JwdY2t7uI4Hh3hbVfzvf/5kvYnRmE4+eVFF5YZ8zgJD7d9b5Rxl/lMHx2fTaDcXG18RfpJeQRtf68vO4YV01Vu5026Y6ziYq3CBxW2Cg3QH6Lp5stgBPp+4m16eS6HQC7GEG0HDhpjjApCbQMiMjqymwYid+A+g8waIK+59VlpAVkzPFfGOVDo0QtPpVOsLU0kRZ7BqfLL/2vw9A765Ant5XYWGt0AOVjKGZKPUGYSMnHx46DlnaqiGLfqu0fHnTKDM1CWd5wQy3sWhnxJ1QSYJkOuVxWdR3OHCIthUGI/LQGBwqcEu7ShWmi//osjgl9v6iX7ARMLoQPfvjdws5JV/pa4Oy9Gz11S/YkwSZK4FJIBcANs5L/yctLs/hR2FadLkDRMmm14I2eiM/8fDkoKwN/iPi4r9TvbFXmZu82qH10/iaPvSkuCPw4ZaO3C3CcJpeTm6BMjWaPrlCASVh0APqnuJ5EGCU1KzCsi569qZLAmM7DbAoctnMute6lh1i1KwB0b0iWvT8dkNYB8bwr+ybRKD9B7cZQOMevNUGfwfg0kQy/roKR063xZ6YJFxOeMrs+KsB2jGdGKeAs1iYslO9KfYzEmLzUOiTZuPzEkPgvpe7bMSpaZdzEjlXFKM8fGcdHyaSYL/exxpYOqFrMA9TtGJS9fMobinX7jAKvUXRyvI1wXF3ZE3FJKTdn6wfGUMvsy+IgLDhDhw+5O3zPzctZsrtenMZSsjqD5WeYf01329MboA/py0gBM60C91kF15cQOF69uwkfeDRKVYJKolGK2uC/aXMAbkJv4pYKvTETwdRW4VfaYSKrp4bfX6HI7snatXtTd1bUhGLRVB/V2wQrWfari8zTfgyOSx3uRGmi8soHY1BmxGMzxGMMs+rtj9zs4zz9K/b5x2LUJBo05Wwf13YhiMnj3AKyCg9Dvr1jZCRN8p2R7Quf+VkkaTewFP/OxNOv1KEzDMhJ46YsyktlWdsKb+ILdS3xrNfDhFmVi5fG9Mtm63eATjzHZLHO0ZRGr7POGDOf8J8fhhIhkaynk9pehV2dzK3RZWxcTeukm6zK8jMZvQQnp8C4xWToKjp8os91eDPKAL8UWQYQskl3b/XyvbIpeYM4qpnRr9yNi30P3QGk/CH/LbloKVqIRmrysFL6XMhmzfXeIWPRMRQI1epfhupIfIZBiZsNgvN/mpAHJjvdMKK2JSyFjFZYhgHd2Tqectw/EY6ePaFI5GhUCv69QIZ3RxYcmn6wMg1S1U5vOk9M2rwjEGA1yR0QdDSknrgi7qIt3vPOJ5cYGY3xIj7qT73elT+4b6NvXOojYpBKtV+EXYteDENeGvTV8TvywoRP1FTsJbFYw3BQTc7rmZ7BPSaSxESVWBGlfPrd8oMiD2hZRjmep3J9wCk4WyR/yIJbYIipV1cyQp734t6/vOGxPne/yCeQvwoxnDcViNDNvFYwLICv9YxoF+HpcY8bgZ712axPV1D0/8s5sQwzX7drlb+xaBu99OidPrKAhiL32Jk3r5cnNHZUCRVPosV1Lr5mIAL50ZI9n/AVpaEgUeD+kwKCsGlTmRnaoN662Hf8+JMfqMJdE9Dn5IxhLLOQ0THq/8cM+kQYuxyl0ZO6ISI+G/tQsL6gyLMVhiFs4D8xiRCW5FHz4gmLKHUzuSjILKJ6+x19VBrbTLyZG6Ax4AEum2zE0lNSJujylvzrSfIVTCJ8DVH7TOM8Vh2xkLcOqTsXR2X3TAncwPbRtXHeOeJGWmuI8Tofe+DjokucMOBI7joK7byKKFbMh/pDl/JypFA82IK2OagPj+Pfi0r8spe6C++FfyyVe/V2X56K7K+7dS07Zq/FLxRGYsnbh9NXqeS++9jg7mkNtZakOWImuLvvIU266h1wXrizSaASyHIQxdcuFR5n9cqCEpYGyRR3xfH2t9iwQrzcQmnio5BuTLrcGDrJENPx2ztZ0iF6x5bD5Jg+UL9Oq3YDkwFWi3H6FLWJEDSOHbGt1cbxaDpS5A+T9gBeoLJL4xViENXydMmkyzDbSmD/+w6HuWajiu/BI3CW1we2T0idQYnfEza5sP/ODVXmDve3QBKokJLGe91XTYQGaBq6BDWa/7hCYfbySRSeMX/lEt5KBjaJx3QSCr+IXudAvcli8E1jB/99dz49i1Zu9rZ8VDrwz5M3hs3z1w+5pwmEOWQ3ENrFVDX891GVZjqKqJ7DxKKVfdADEi8Yt50N/I/TYR/uyf0hqd7k5ntK6RXsEWxPFMwjj4oHp+84/1NJ23Cbl5xbpPStFb5ogeSh0G1SORNrMRu8CiotR16ej08i/MVw85A4tLqiHrGn7AMzHWpgAegu+vbmnXjygddiyY5372iJMtMtA+/1CXVVPsFDiINRM6Bqzm1TXt2/2aLy7vYT1yk2LhgdoiYs1stDNv+6rPdg5KoS4Eo5kpJg9xJgay5drAqe+mDomrga2XIUYznUr1kdP/VD6fA2OCkQxO7NTIevPGnLG/9b3pGt5SNsWTvsO1GTEC1nXdvQ16zxdOeKefDcNoD2uVQULbsyT0n7lFG80ia+uICBOz8o7vkv3hrNiaaQwUxpU3GRFKTvsNEtca5Wps5MM+THz/qqc9N/27CpKpCp6waN7rloJUtJ8pYVQPV5BAmuXm+cNvNzPyblNRmqI0B1nEuY7sqZX9n9SoXFA9Z70qRL0PTsDlBgHzKBQCWlImKDF4By24CztBzQht08Gc4M1GEe1GnrpBGKrAvEbA0cnNYIP/Ltbk2s7i/KP8TL4mRONyPkvrGoYNTdgMZSx7jlQtjiZvgI6d5I3EiH8+GF3U7HRrVi3DJDxGx/N203zGsHtaQ3sGRu3NX/gccpIg++gU7WwlOPxREYl4zWxVi/UbnoC7wwlBqYoRHfS/qB+ny0fPmzACpsLDz/tu3Fpep90Kz8iEKIkQ3AjeRSCgSHs2zhhH/x2CqYVt8uqauzLqAk7X1xKUi7ujSm+QVVuK6A/vqNy/RV/SGY0KWeSQnh59rn/4euDGML9xdCVKYmz8ngdH+16qZSJHCGB/46JJBtoe6uf0NeWGFSAJWSiSb3cN9qayrPvkvtMhhVm/mkZMK52rBEKsKgwdkdovujVn8XE7G7ed5aWmoBdgwbk1oHHRKMR2znUc9u0cVGsJmvPeNAjT7U+pjRRZvv3RWrSeE151WrrEPmSKE4H1LrBQqyq0ASTC/uSxawPdajgWW5TcOgdgonSm6ktutmWv17crMhAJdAVuweGIlfG2clHsx3fAyv1WLiJXgqUTR1Pp0dhYOjLNRCPUR4wYFvfZxi542BV5c4ua+uNdghc0JwhWK+KPEhB8L0u5lcUnkF/5OHEus91W2ip53PukXZ4fqowSFgjjlzMdsFqqWURbdkXenf640OVbgMbg2JLpI7HhHPHjZLMwmlXo4H7nbJw1PnC1Qtey6U4eJRpbBK7ZCXuPaVO08wjXT+p95sqio73BgOnrSjKvh9veqJ+c9fQ2FuI9gzcuR0jAt0Oqr1EN1o1w+AvdCqsJMP1tc1qKFnnpEabf+Mw1CG6jerBlIWpSl2S7mqVydBBL7JUcWkkJRArwcLRTkx+KOITptkWkCtqyX0xYCBBKVoD6sOVEaWr23Au7uu4UUaF8UX5qe7nPPNM/wLb7OYbkxglXkNihaYSuDJkU3Bv60k2+uV7pwK3Usbb4ijCuMbcUltWu2cPUgCg/5vndqB/Rwwvn9ZxlnMEkkkjehCt3ZL71NJRldLlx+bvbXIm34u/7mVI/efUHokpENd/ql1XLqsK9Fiok6b2k2361usrmSQ0FByGhUHh6CIu922wODwX9LIJJD7ROJVNXiv9aoGwIxhUgGqg0kO4YOE5TxSdK9AbxDPlCN7U9u02nZYN2VK7SoKGsaOX4Qf/hS+AmJw2dScag1e+UpRAQsgSiRX4YkY4f8KOVo69v2KJfLewFB8K3o0D5lBgPRsGby9jjWxBi10u1VkHXJQhmR3Eg2JFxdXpLJPPS6zzJMcHeFeOG3ROd1++ejK68va6qqSIcjG2DvFKvOLafX6uwY6iQZ9N6Va5vYvgkH6PyFkBCwTVeZxFX26/dDGfd2SN4Z4v2DnDaHyGIlRs/gfY8ealitfOhrPx+7Moob3Hux3fqPAcxJgDrdyguB+/MaI5hfKtXc49vSPue861ZQmDLrlgBJvzVFywQXD+DXtU8ygy/vITjVoNtQ7sS9c/xZQ8C27ydeN4AyxuxU+AvFmWV+C76dzSCjICCQ0XJrcuFH0qyo3NqzTfGKNYDBDYj05AACNx678CFXwar++rIgJNdXXL4Qxcg1oWIv5PRTMnT5QLV4Nd4q0blrmr0gHDf2DGNULxu8SDQPRd5QnV0SsDA4e3704GRDlK2zHmgKmHxCPhnd/zKTp+YZomKRy8JEo6GWQPXqyFjwJbl5aqjT32S1K6qqYwUMcEnof4YElre84PvbZ+6lk+enS/Ert/EFjN2YTBVo1TM7tMr0LjGGai+bb6Jg4hnkEG/Ok6B6AcvJaYKkH/LBQ8XUKTMgdm7xXztqWZ67dLtO/C7H7Oa4B4Mg0S6fxJJ79z5XAXKrAoYE8SWalFr8T7ZqK3F+/t2fRJOvePToppkNlm7Gohun/AWDZkp22T1IjW/d08d6Lh05GCQr9zXOjoViWzvyz6elVPyl6hEU7QMqqYhlE3aMO9RjCe5BYPgn6skinpAn9JcWdQsyHyHF8vWPHWKm4iUDmwR2WgQncf1XOXjVthT3QeVxH0GuwDj/f8/NJPi2ZG0wG4PsLGFQGOx+by43Yw9fjQsc5ZwSECCmZVwg5Rt1+WNih58Zzz+bjRD0W6FaAGPPbP6zI9A9HTVLBY95owz7QJk7oXs9ak9+cLSj4Aq8itgsS/l3ceuIaIcI74momLZh2JAVOvQQAZ/fjVxlji0oLV67zSojhBItMtqQz4LsLvfJgWxySma1rZPFUyKYZ18bkv48CZNPr01/84JyQw1opPYQR1fKpSsAODAcsoz6GSSBJCuKK84Wci7PUYzkLfvu13OWX2CRcJIvpMcArMBz81D2qiRqjZvSxx2zCR7N7ZQqx21/e1liSL1k0jh7oaMXgjIz9SUkA93IpfXQephUQ1JPXatb63wZKN7CRDspmnjB2yPHxunYFdAZYYPO32uKusspS4E+6qtbTSryLsEiAY6BXORBnW9AZj8w/VeaRcZuCK3UTjxZfX2rk8ujzrrEdpT49CnSrWkzNZ0T6sU7LXpv79T51R2E8N2UbLNlMbu4Q5+nbISSbRMggvFmM2oCpiyp1nMkVMnEeQtAHa7+0AYvCc270wYNLus6kRkuRRcg0RgE4nWlHI55kmOD3hLfQ8Rc/Ub7tguVEGoRig44YyeaRf2gI5vOaOY/B89/tN13+cy7+XjWCjYtWShaR9yQRgKYFWJunGcoZdfLi2ARTkjZOmlUK8aDaY6IQpit/Xt5OZGif9C843QoBGIU0JIkfQ4FLwr0F3+cDdfgRgULAs0nKu1HdQztBVR8Zt5Hyt/mKujUXeGU//ZIc0vF/EdkFj28URaqqK6vB6/4EireP95HKkYJHJH7aB13fQBHQ6q8wYFAz3SuOiXCnjVVLG+joWnNSqJhv55q8q8I0sxSoTPCPy62yl3S/8Zfai3JtioCKGaRs87+TOrNMC8MccEY1fnAknKwVDcK8URo2p+M+OQ5s1iddRR/HsCo1mNZYLclKXy6VrotbjrnulVDqhJzU+7mJdhunjtaGqwdS5NtiMBFc0qLsCNRn4W1BET2lICavXEFSgPadUGn/RS7IQlNFsNqxe/dFDc4nkItGgA9ARCo21hI73wBHkdC/pplyVVJZeUDj4uRYuJSm+aNk71M+qPSW0qRWFsu0x2C4q4U0MZgCk6XbQqObYVLKVXikRzvBu68PZ3f1YLVNCz4aeZHIINliRQeazpS892bsgwkXNrEPJpXEevACWYNhWLv60g5msEKq2Jg1wDs2CIa8+11iVTP2jQRkaX+S4rpLzbtfS9cVw9JsmbFsF7JhJatBWR/pmUsrH8bxJUIzvOfz+EiE+LH/QLeEdOtRVUkUzU1KUBoAOC7q6qPkzlsr/zY2AtzKEQaz+U22P+MSyP966ey3gulEAkT96vMymRS7W57l8PpoW3BWNdL2QuIrGbRMTRgbJSCxgwtNHPXh5OIqz3zRihG081eTcNOQpXBA6HJegmB3zH01L4rcAiOaktDNFBjWH1Ltr7i1gwrh2X7PRa8Drs3JGG+BT2C8XJURChYVsrsOZqmwblvk4JcIrJ2VKobDS2Ob9bCl0/KntiH9KEx4EPQWTWu02XuscWjZPxdS0iZ9c6Su7Fx6ngJWR7n6Pmg=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml2:EncryptedAssertion>
</saml2p:Response>

Authentication REST API attributes

The Signicat Authentication REST API supports the following request and response attributes for FTN:

AttributesSub-fieldExampleDescription
idpId070770-905DPersonal identifier set by the identity provider.
nameVäinö TunnistusFull name of the end-user.
firstNameVäinöFirst name of the end-user.
lastNameTunnistusSurname of the end-user.
dateOfBirth1970-07-07Date of birth of the end-user.
ninvalue070770-905DNational identification number (HETU) of the end-user.
issuingCountryFIIssuing country of the national identity.
typePERSONType of national identity number.
ftnIdpfi-opIdentifier for the specific eID method in FTN. In this example, the Finnish OP Bank Group. For a full overview, see the About page.
ftnHetu070770-905DEnd-user's personal identity code (HETU: henkilötunnus). For information about the format, see for example https://dvv.fi/en/reform-of-personal-identity-code.
ftnSatu100000001NFinnish unique identification number (SATU: sähköinen asiointitunnus).

Response example

Here is a section of the response showing the user information attributes:

"subject": {
"id": "tPrysd7qtFvlSEBh7sYG0R8LXYYIgnZ5RmlR-Vl9IEs=",
"idpId": "070770-905D",
"name": "Väinö Tunnistus",
"firstName": "Väinö",
"lastName": "Tunnistus",
"dateOfBirth": "1970-07-07",
"nin": {
"value": "070770-905D",
"issuingCountry": "FI",
"type": "PERSON"
},
"ftnHetu": "070770-905D",
"ftnIdp": "fi-op"
}
FTN requires message encryption

For FTN, you are required to receive encrypted responses. If you do not set this up correctly, FTN will fail and you will not be able to obtain any FTN authentication results. For details about how to set this up, see the general protocol description, Encrypted responses from Signicat.

IdP discovery

When authenticating end-users with the Finnish Trust Network (FTN), you can restrict which providers/banks to include in the authentication process.

The table below shows the parameters that you can use to restrict the list of providers for FTN:

ParameterProviderValue
ftn_idpAktiafi-aktia
ftn_idpBank of Ålandfi-alandsbanken
ftn_idpDanske Bankfi-danskebank
ftn_idpNordeafi-nordea
ftn_idpOmaSPfi-omasp
ftn_idpOP Bank Groupfi-op
ftn_idpPOP Bankfi-pop
ftn_idpS-Bankfi-spankki
ftn_idpHandelsbankenfi-handelsbanken
ftn_idpSäästöpankkifi-saastopankki
ftn_idpTelia/Mobiilivarmennefi-telia
DNAn/a
Elisan/a

Learn more about IdP discovery (provider) functionality in the respective protocol documentation:

Example with OIDC

With OIDC, you specify which FTN providers to show with the ftn_idp parameter in the ACR values. For example, to only make available for authentication Aktia and Bank of Åland, pass the following query parameter in your authorization request:

acr_values=ftn_idp:fi-aktia,fi-alandsbanken