Attributes reference
You use FTN to verify the end-user's identity and obtain relevant personal details about them. This page summarises user information you can request and receive for the different protocols:
To control the providers available to your end-users for authentication, see the IdP discovery section.
OIDC claims and scopes
You can use the following scopes to request user information from an end-user using FTN:
Scope | OIDC Claim | Example | Description |
---|---|---|---|
idp-id | idp_id | 070770-905D | Personal identifier set by the identity provider. |
profile | name | Väinö Tunnistus | Full name of the end-user. |
given_name | Väinö | First name of the end-user. | |
family_name | Tunnistus | Surname of the end-user. | |
birthdate | 1970-07-07 | Date of birth of the end-user. | |
nin | nin | 070770-905D | National identification number (HETU) of the end-user. |
nin_type | PERSON | Type of national identity number. | |
nin_issuing_country | FI | Issuing country of the national identity. | |
ftn-extra | ftn_idp | fi-op | Code name of the specific eID method in FTN. In this example, the Finnish OP Bank Group. |
ftn_hetu | 070770-905D | End-user's personal identity code (HETU: henkilötunnus). For information about the format, see for example https://dvv.fi/en/reform-of-personal-identity-code. | |
ftn_satu | 100000001N | Finnish unique identification number (SATU: sähköinen asiointitunnus). |
To return nin
, ensure you have set Id Token User data to All in the Dashboard > OIDC clients > Advanced > Security tab.
Response example
Scope: openid profile nin ftn-extra
{
"idp_id": "070770-905D",
"name": "Väinö Tunnistus",
"family_name": "Tunnistus",
"given_name": "Väinö",
"birthdate": "1970-07-07",
"nin": "070770-905D",
"nin_type": "PERSON",
"nin_issuing_country": "FI",
"ftn_idp": "fi-op",
"ftn_hetu": "070770-905D"
}
SAML 2.0 attributes
You can use the following attributes to request user information from an end-user using FTN:
Attributes | Example | Description |
---|---|---|
id | tPrysd7qtFvlSEBh7sYG0R8LXYYIgnZ5RmlR-Vl9IEs= | Stable per-organisation identifier for the authenticated end-user. Can be used to recognise the end-user across authentication sessions. Note: This attribute will always be returned and does not need to be requested. |
idpId | 070770-905D | Personal identifier set by the identity provider. |
name | VÄINÖ TUNNISTUS | Full name of the end-user. |
firstName | VÄINÖ | First name of the end-user. |
lastName | TUNNISTUS | Surname of the end-user. |
dateOfBirth | 1970-07-07 | Date of birth of the end-user. |
nin | 070770-905D | National identification number (HETU) of the end-user. |
nin.issuingCountry | FI | Issuing country of the national identity. |
nin.type | PERSON | Type of national identity number. |
ftnIdp | fi-op | Identifier for the specific eID method in FTN. In this example, the Finnish OP Bank Group. For a full overview, see the About page. |
ftnHetu | 070770-905D | End-user's personal identity code (HETU: henkilötunnus). For information about the format, see for example https://dvv.fi/en/reform-of-personal-identity-code. |
ftnSatu | 100000001N | Finnish unique identification number (SATU: sähköinen asiointitunnus). |
Response examples
For FTN, you are required to receive encrypted responses. If you do not set this up correctly, FTN will fail and you will not be able to obtain any FTN authentication results. For details about how to set this up, see the general protocol description, Advanced URL configuration fields.
Here are two examples showing the user information as encrypted and decrypted.
Example assertions
- Encrypted
- Decrypted
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://<YOUR_DOMAIN>/saml/acs" ID="_65db6fa76b80419aeee276b374370852" InResponseTo="_94c0124495547cd8550ae8afc2e11953" IssueInstant="2023-10-24T12:44:32.894Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://<YOUR_SIGNICAT_DOMAIN>/auth/saml</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_8831dd37777ceedb0825c971f5bc78a1" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey Id="_b29d08297631f9a2985cec1d70ab52c6" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<xenc11:MGF xmlns:xenc11="http://www.w3.org/2009/xmlenc11#" Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1"/>
</xenc:EncryptionMethod>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>aVMsVjf+G9R5eBqNHbOewME+xM2yPxCLtfmheKTNCql5+SmZ1YNtH/hCTvEber7TVSAgdKX29p4M7/tFFjs4rYS4tU369mye8BmTFaLPmozKYrZUXWo/yL6so16XpN357ayDuDO0+80aE75s/uGzyWSuSVvKf4dH8RXLuEhlIi1VGkmc+2e79FShKzPLKJTY/L9BTqYf/z1nZGExglUzPUp5f3uUs652ofKBKUdPOlmdGvMcflN7Crdy1+sH64GlWZ+AhodcaO/29ICu+MtHbc5QWYzRGuDhnKw7g0sHpg3EkWQA/ggiRL+tkYKrwtwrbCusnSXJH70CbWTLz+bkPpe3ZE6n0adlCkwFl2ffK5ewApp4dAqK0SCywjejtI8ywrJo/X9QI1HoZ0hPUfbZhMsXMwVxsw3EBOD/uF7rBxhmSJg+IQU0GC3AKNWX/2jWvW+OvJ1Sv10E5IHNKBDnWTuNawafUPd1+yulQrkWSYo/O2aHb4EQU3z04Txr4HLLiDK/ApzV5M27ezz+DuDuqMf3cziEVXwHcufcOD4KnRl5RB8PjWDQQxv23QHdudC0sYdkkwJAXx4cLFF42VCxDkORNd7rJCX5Il0zMyqksgw8zpzGaDBYBvH8Nc1tzGhgR5vGatRY0ptHAujK3MCZrzmYVLwAzqfAFbu3wMj7c8w=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>3/ma3IYCkmvnGNGqtCqpfXfNvgsSUJfIwYYz6PXuuPcNM/SY6LqQdUbwSYvYaNAqpyVUJ2wFl5dMpD6W/ojWe+ZQMO67zXcfONtnTF4qcdm0Adg3Pw1swmH2jEbap9eQqHGXEZKY9fE6ajWHbdNOF7ZW+gTr08hp2dnNS6QgR7HHfzDo8fQ4CA5qb1vQ9rnlqiq2/NnVG2JPELxfZSFb1JmnlSqu/qtOLIyAEKgh4zst4M0q0li0Am3G6me4GdON9sGoFoFfd7JAadGPeglGO5Ozzb8Y+ODOj1I7FSec43lln3FuZJ23Btm8145z0oGsJ7st6qEVYz3KCVn6WJmSeZ5/x3o5yDysDEcKLHz6DQxrkslMreg8xVlIRwmtFb0RVH6tq+JOEes4qAu9En0tLUH1UMAk6Y3fkonkEhKkIhSTzAoLQpRuaMXGHeA+tapLEhag013dfi/NA8nOys814Qe5SJJUDfOe5C6gWhHi3ebAporaxJ5WQ49BZmvjXWgnmw5OqcCKLe6jLFcTpx1GfcZy5KkS1Oot8B7POUJ0i9nWYpLfHRFONo0xFquFR6OexAEHozdkFvUjjm52i4zXyWVfS8O5cI/wFbLS8vcsj99Vf1H9weh01irmpt5Kkt77GfR3Z10qGYkehpVPMgHwXhGyfIM/RatwDlm7YUdbfdTkvMqcHVrC1bmY3g/IRJ33sdAMGvS0+ONLpJlNqyCdtzcMaJ27fiXqlyrzied+EDi1qAcsORV4LN21DmQe7jPXYIdDn5oDgC+PGznrRC/a44EiWWEKWKFf2qft9d40woda6p++EXvvVEUaLc2aiQuAaGPJTZXro6zxa/OzUQ/VKTS0UaPI4sUWcWJBWNRupqelsM8g/Bf4Sye4uONzjdhI4RW65VQzbJ5P8S+5c6jz0P46RrQZyeEgfLzm7sV4Jm4KqskNz+FCd6hKeTNjMG1WMBn8WudGl9Y54p2oL3EgmvTECjyi1e3lBDc94wLtyiMkXAxVEDWnO4Dv2TugndaN/VxVh74sAvRnlgC9+hJoe6wheQuckpqlqkWOgZM04nj7y57tDeveNQlVY8Wc8SPlMw4tAcgHINHS200qT0f0yZgU4gqmwpC46frItyTV6dcrvS2tHXzCwXpqXA03uIdzj8KY8WZkVfSgK8duKc8c6tUL9buvNo5Jz68zV7nCY54/Qf32Tc38fUP4MdbTM612ARNT18GbBJ+l5pvnYykqP8luzJUjB2kTulKuU613IDGTl7DayfZqMxMbkaXstrJ0z/v7LkoehCbgP+WHEmgfylkXKcLDOxes7l+S2tBN51ZqUKbhe0YO+lveKry2ctiMmGLo7ARnjaVJ4Ne9GH0bdbL1ECw14RcLkffWFP6Ag9lLw77SSE8F6GhS7u9IBqfxEJu+hBeSmCaTOOdSS5PeKv8e3yOt9Cc4cGRxkvmnNiur2Y4jHWcYx8bfwmUK8bA9I8HoFEBzcpv9rpp7ZHKA/1t3U0baRKBVdfFUSGAN2HEsIvazeHcvXtM3/vDBqBAk0nFmVuCdFTxrU9s1wn0cJLEsJ/RG8bk/d22p/57k5mDVtQDV1uZWe1svv0HTN7upcwVfxFnWg+Md2YSFJuT+/axnysZKvUwOTOVeO/1orLeOrf89bOwAycuMR2m//Kjijzy135ZjhXU7C9WKnYUi0yT2ofMlLkyNuwH871zFbL/1osUdQzOauuwBJ8TrwNq1uqyeORcxX77uYslKHjOMx+fjyTN7uE2a/Op9Vw6sRISHY65RhA5X2lrQy37u2k2A4G+XsKOlcvAxWilJHi355OSwh15v56NAu/VKo/gETSCl5mUR7YvteJrjwlqHcFtP2lRylN2mRSidYpYU/412wBaB5rF/daPiPZ7VY+4oRxGA3jhj3Pw3ZAbH3StPaQKRBzy61dG6JR2VZWk4bUtQ2vpzrzaE31xjxkIBvwLBxzlLKRKJ/GhM3J1bsVdZMRzQso4drvsSeHZ1ijlcz0h6MzbFpWMlmtLfNmJI2UO3B4G9USio7LaW8dfPUv3NAg8CDWd2fLFytFCJFD4IrF3L4FoV6ypUX0xj6AYEodBcDyXiskkDKt6B2Q9GHEdrW8WNr5PDM9Jb5JYfWEnb1dJTfiItBvhgiusdI/LmJRBOzr2b5HXNhkEX1odzb8tiVCdjYjOlV6KhZqRmHzz9vNnr6zx+iTl2h7iOnhoC0E5BxakVJq5nwJ783UGG/R1H9a10sXquzSODg9kpd0CkeMWLE390nDVDIBfPbVBh/hkj2xRjahZVfWd5DIpILRBovuMzJE9sGrQPfaIFXyptH3uLx/4BLdVy/UVoi4c5IPrBVPNVq2Gk38YQYmKBGcW9+7I3VaOos3vK+Y8xQkbI2zYLe0Jrdae2gqDz0pb9D6AdWwxLf9UkUi+FYzXkZK6dFdYEEYiHqZuUCodbQacWwPprJIRv6B3NuS2B4OnOCRgdLGji0QloiDMs9U/iKCaJy+CFHb8cPnEW2tfNWts/VOgRsyFrlEPr6QK8pdkFufTDEfujCJuk5bNByYNI1+s8Sn0GZat6LyYPhSnAUNOIrqkZHT5sKdfrgUfw5dwdSaTvSnJYpLvABPCeVoJwomaZsto2Mao8I4qVnhLUkGOe8ayHd1IxC/ukAtvSNV+soLngxAHNu9JtrLRJfHzjDsCOGBQbghf0MAULt28lbiypcJi23ZZkm8OBo0P5by/QBYlS/ZvaJZXtbeNJZigYHcMORO5woBtpQFNevx7aCoBZTrrEg3JJ+QPjBKWnS0ey5HGMQq7qBXF8RhTKRp4HrIoEjWZ87PSU11ZKHlDJMW4Zu0jnrfVPKCzKFfTSLMXlvbomTxgD0xX4hsToKNluO2c5mbafK4orX7k1uXRkJQdZee0OZr+M8pVKKz79i/T9Nx4td3QRm/3WyuoulaxIM6/WELKmqLAfb5cfaUKUvUGkQJWekWayzfIWR/g3EflFuyL/2IU60wXocbeNUVvwIuNBkQQro5QwvRPiGXuRzzfsPNxfpXztPA24bur5oZNS8jmBJLNcWK2hQit0Z0PYBWMfOSXI+riwEG5WmJzVFuXKYgtc9eS1YChCuf7e7Q8PqeXquP1ZuvefGisU9abp9N7v7tV95sU5JIk9ZKULmkdaxOJB1y44md+0VdX/qJgYIRSV7dwNq9kfp3HdFYZcph2/8LIls63OSxF8uqylTnp50ut9KCj94XoItJhEoyo6fEbnJhLLfXqPxdc/Y9Ia0G4244nzidW6QM3PqqxvUa7lttbOn1gFl5zpto8/hxG2TYeocLYs/j3dR+2hDjqtj751l19SYcLzwSJ1zPa8UgfHo4VsUQff6FBHIUtT7wzMY/9poPR7OkGBz61SVrY88gDTuFDWgBuCNNLPoc+k9jqy2o1lZowzGBG9Mv9q87nhXWoAmSzlTPVUF966ZiwpJN2VNKw/iUKvfoOFSyPSnFiuFNDZ2N5xp/MhUCaxBJ5ckbscZWU5JJ2fKkKWTwaLtaUjiOb2Vn2+Vts6CTAl5fHzxlbDXj83QWkVKJIeIHQvdaCrFCey6gjTkXYR9C16526SPT3PQGGjGUgSrgUWKHsF+2drkMWLOjmryaXiJYniwss57mW9d81GKS2zvLw1wM6YxHNuVpugYA8cLgn1Ti6VIyI7SMdCD2ag0GpQ6U5SL1/6MI0z2JbElJJAelV/fIyay+qOIdvz3wBceQ6SfRjAFWW69DcF3u60Uv/yPyY/oP5A75IEdAWzVB16th598AW4P+DX3xvKkTJ9GE/l+o3JwdY2t7uI4Hh3hbVfzvf/5kvYnRmE4+eVFF5YZ8zgJD7d9b5Rxl/lMHx2fTaDcXG18RfpJeQRtf68vO4YV01Vu5026Y6ziYq3CBxW2Cg3QH6Lp5stgBPp+4m16eS6HQC7GEG0HDhpjjApCbQMiMjqymwYid+A+g8waIK+59VlpAVkzPFfGOVDo0QtPpVOsLU0kRZ7BqfLL/2vw9A765Ant5XYWGt0AOVjKGZKPUGYSMnHx46DlnaqiGLfqu0fHnTKDM1CWd5wQy3sWhnxJ1QSYJkOuVxWdR3OHCIthUGI/LQGBwqcEu7ShWmi//osjgl9v6iX7ARMLoQPfvjdws5JV/pa4Oy9Gz11S/YkwSZK4FJIBcANs5L/yctLs/hR2FadLkDRMmm14I2eiM/8fDkoKwN/iPi4r9TvbFXmZu82qH10/iaPvSkuCPw4ZaO3C3CcJpeTm6BMjWaPrlCASVh0APqnuJ5EGCU1KzCsi569qZLAmM7DbAoctnMute6lh1i1KwB0b0iWvT8dkNYB8bwr+ybRKD9B7cZQOMevNUGfwfg0kQy/roKR063xZ6YJFxOeMrs+KsB2jGdGKeAs1iYslO9KfYzEmLzUOiTZuPzEkPgvpe7bMSpaZdzEjlXFKM8fGcdHyaSYL/exxpYOqFrMA9TtGJS9fMobinX7jAKvUXRyvI1wXF3ZE3FJKTdn6wfGUMvsy+IgLDhDhw+5O3zPzctZsrtenMZSsjqD5WeYf01329MboA/py0gBM60C91kF15cQOF69uwkfeDRKVYJKolGK2uC/aXMAbkJv4pYKvTETwdRW4VfaYSKrp4bfX6HI7snatXtTd1bUhGLRVB/V2wQrWfari8zTfgyOSx3uRGmi8soHY1BmxGMzxGMMs+rtj9zs4zz9K/b5x2LUJBo05Wwf13YhiMnj3AKyCg9Dvr1jZCRN8p2R7Quf+VkkaTewFP/OxNOv1KEzDMhJ46YsyktlWdsKb+ILdS3xrNfDhFmVi5fG9Mtm63eATjzHZLHO0ZRGr7POGDOf8J8fhhIhkaynk9pehV2dzK3RZWxcTeukm6zK8jMZvQQnp8C4xWToKjp8os91eDPKAL8UWQYQskl3b/XyvbIpeYM4qpnRr9yNi30P3QGk/CH/LbloKVqIRmrysFL6XMhmzfXeIWPRMRQI1epfhupIfIZBiZsNgvN/mpAHJjvdMKK2JSyFjFZYhgHd2Tqectw/EY6ePaFI5GhUCv69QIZ3RxYcmn6wMg1S1U5vOk9M2rwjEGA1yR0QdDSknrgi7qIt3vPOJ5cYGY3xIj7qT73elT+4b6NvXOojYpBKtV+EXYteDENeGvTV8TvywoRP1FTsJbFYw3BQTc7rmZ7BPSaSxESVWBGlfPrd8oMiD2hZRjmep3J9wCk4WyR/yIJbYIipV1cyQp734t6/vOGxPne/yCeQvwoxnDcViNDNvFYwLICv9YxoF+HpcY8bgZ712axPV1D0/8s5sQwzX7drlb+xaBu99OidPrKAhiL32Jk3r5cnNHZUCRVPosV1Lr5mIAL50ZI9n/AVpaEgUeD+kwKCsGlTmRnaoN662Hf8+JMfqMJdE9Dn5IxhLLOQ0THq/8cM+kQYuxyl0ZO6ISI+G/tQsL6gyLMVhiFs4D8xiRCW5FHz4gmLKHUzuSjILKJ6+x19VBrbTLyZG6Ax4AEum2zE0lNSJujylvzrSfIVTCJ8DVH7TOM8Vh2xkLcOqTsXR2X3TAncwPbRtXHeOeJGWmuI8Tofe+DjokucMOBI7joK7byKKFbMh/pDl/JypFA82IK2OagPj+Pfi0r8spe6C++FfyyVe/V2X56K7K+7dS07Zq/FLxRGYsnbh9NXqeS++9jg7mkNtZakOWImuLvvIU266h1wXrizSaASyHIQxdcuFR5n9cqCEpYGyRR3xfH2t9iwQrzcQmnio5BuTLrcGDrJENPx2ztZ0iF6x5bD5Jg+UL9Oq3YDkwFWi3H6FLWJEDSOHbGt1cbxaDpS5A+T9gBeoLJL4xViENXydMmkyzDbSmD/+w6HuWajiu/BI3CW1we2T0idQYnfEza5sP/ODVXmDve3QBKokJLGe91XTYQGaBq6BDWa/7hCYfbySRSeMX/lEt5KBjaJx3QSCr+IXudAvcli8E1jB/99dz49i1Zu9rZ8VDrwz5M3hs3z1w+5pwmEOWQ3ENrFVDX891GVZjqKqJ7DxKKVfdADEi8Yt50N/I/TYR/uyf0hqd7k5ntK6RXsEWxPFMwjj4oHp+84/1NJ23Cbl5xbpPStFb5ogeSh0G1SORNrMRu8CiotR16ej08i/MVw85A4tLqiHrGn7AMzHWpgAegu+vbmnXjygddiyY5372iJMtMtA+/1CXVVPsFDiINRM6Bqzm1TXt2/2aLy7vYT1yk2LhgdoiYs1stDNv+6rPdg5KoS4Eo5kpJg9xJgay5drAqe+mDomrga2XIUYznUr1kdP/VD6fA2OCkQxO7NTIevPGnLG/9b3pGt5SNsWTvsO1GTEC1nXdvQ16zxdOeKefDcNoD2uVQULbsyT0n7lFG80ia+uICBOz8o7vkv3hrNiaaQwUxpU3GRFKTvsNEtca5Wps5MM+THz/qqc9N/27CpKpCp6waN7rloJUtJ8pYVQPV5BAmuXm+cNvNzPyblNRmqI0B1nEuY7sqZX9n9SoXFA9Z70qRL0PTsDlBgHzKBQCWlImKDF4By24CztBzQht08Gc4M1GEe1GnrpBGKrAvEbA0cnNYIP/Ltbk2s7i/KP8TL4mRONyPkvrGoYNTdgMZSx7jlQtjiZvgI6d5I3EiH8+GF3U7HRrVi3DJDxGx/N203zGsHtaQ3sGRu3NX/gccpIg++gU7WwlOPxREYl4zWxVi/UbnoC7wwlBqYoRHfS/qB+ny0fPmzACpsLDz/tu3Fpep90Kz8iEKIkQ3AjeRSCgSHs2zhhH/x2CqYVt8uqauzLqAk7X1xKUi7ujSm+QVVuK6A/vqNy/RV/SGY0KWeSQnh59rn/4euDGML9xdCVKYmz8ngdH+16qZSJHCGB/46JJBtoe6uf0NeWGFSAJWSiSb3cN9qayrPvkvtMhhVm/mkZMK52rBEKsKgwdkdovujVn8XE7G7ed5aWmoBdgwbk1oHHRKMR2znUc9u0cVGsJmvPeNAjT7U+pjRRZvv3RWrSeE151WrrEPmSKE4H1LrBQqyq0ASTC/uSxawPdajgWW5TcOgdgonSm6ktutmWv17crMhAJdAVuweGIlfG2clHsx3fAyv1WLiJXgqUTR1Pp0dhYOjLNRCPUR4wYFvfZxi542BV5c4ua+uNdghc0JwhWK+KPEhB8L0u5lcUnkF/5OHEus91W2ip53PukXZ4fqowSFgjjlzMdsFqqWURbdkXenf640OVbgMbg2JLpI7HhHPHjZLMwmlXo4H7nbJw1PnC1Qtey6U4eJRpbBK7ZCXuPaVO08wjXT+p95sqio73BgOnrSjKvh9veqJ+c9fQ2FuI9gzcuR0jAt0Oqr1EN1o1w+AvdCqsJMP1tc1qKFnnpEabf+Mw1CG6jerBlIWpSl2S7mqVydBBL7JUcWkkJRArwcLRTkx+KOITptkWkCtqyX0xYCBBKVoD6sOVEaWr23Au7uu4UUaF8UX5qe7nPPNM/wLb7OYbkxglXkNihaYSuDJkU3Bv60k2+uV7pwK3Usbb4ijCuMbcUltWu2cPUgCg/5vndqB/Rwwvn9ZxlnMEkkkjehCt3ZL71NJRldLlx+bvbXIm34u/7mVI/efUHokpENd/ql1XLqsK9Fiok6b2k2361usrmSQ0FByGhUHh6CIu922wODwX9LIJJD7ROJVNXiv9aoGwIxhUgGqg0kO4YOE5TxSdK9AbxDPlCN7U9u02nZYN2VK7SoKGsaOX4Qf/hS+AmJw2dScag1e+UpRAQsgSiRX4YkY4f8KOVo69v2KJfLewFB8K3o0D5lBgPRsGby9jjWxBi10u1VkHXJQhmR3Eg2JFxdXpLJPPS6zzJMcHeFeOG3ROd1++ejK68va6qqSIcjG2DvFKvOLafX6uwY6iQZ9N6Va5vYvgkH6PyFkBCwTVeZxFX26/dDGfd2SN4Z4v2DnDaHyGIlRs/gfY8ealitfOhrPx+7Moob3Hux3fqPAcxJgDrdyguB+/MaI5hfKtXc49vSPue861ZQmDLrlgBJvzVFywQXD+DXtU8ygy/vITjVoNtQ7sS9c/xZQ8C27ydeN4AyxuxU+AvFmWV+C76dzSCjICCQ0XJrcuFH0qyo3NqzTfGKNYDBDYj05AACNx678CFXwar++rIgJNdXXL4Qxcg1oWIv5PRTMnT5QLV4Nd4q0blrmr0gHDf2DGNULxu8SDQPRd5QnV0SsDA4e3704GRDlK2zHmgKmHxCPhnd/zKTp+YZomKRy8JEo6GWQPXqyFjwJbl5aqjT32S1K6qqYwUMcEnof4YElre84PvbZ+6lk+enS/Ert/EFjN2YTBVo1TM7tMr0LjGGai+bb6Jg4hnkEG/Ok6B6AcvJaYKkH/LBQ8XUKTMgdm7xXztqWZ67dLtO/C7H7Oa4B4Mg0S6fxJJ79z5XAXKrAoYE8SWalFr8T7ZqK3F+/t2fRJOvePToppkNlm7Gohun/AWDZkp22T1IjW/d08d6Lh05GCQr9zXOjoViWzvyz6elVPyl6hEU7QMqqYhlE3aMO9RjCe5BYPgn6skinpAn9JcWdQsyHyHF8vWPHWKm4iUDmwR2WgQncf1XOXjVthT3QeVxH0GuwDj/f8/NJPi2ZG0wG4PsLGFQGOx+by43Yw9fjQsc5ZwSECCmZVwg5Rt1+WNih58Zzz+bjRD0W6FaAGPPbP6zI9A9HTVLBY95owz7QJk7oXs9ak9+cLSj4Aq8itgsS/l3ceuIaIcI74momLZh2JAVOvQQAZ/fjVxlji0oLV67zSojhBItMtqQz4LsLvfJgWxySma1rZPFUyKYZ18bkv48CZNPr01/84JyQw1opPYQR1fKpSsAODAcsoz6GSSBJCuKK84Wci7PUYzkLfvu13OWX2CRcJIvpMcArMBz81D2qiRqjZvSxx2zCR7N7ZQqx21/e1liSL1k0jh7oaMXgjIz9SUkA93IpfXQephUQ1JPXatb63wZKN7CRDspmnjB2yPHxunYFdAZYYPO32uKusspS4E+6qtbTSryLsEiAY6BXORBnW9AZj8w/VeaRcZuCK3UTjxZfX2rk8ujzrrEdpT49CnSrWkzNZ0T6sU7LXpv79T51R2E8N2UbLNlMbu4Q5+nbISSbRMggvFmM2oCpiyp1nMkVMnEeQtAHa7+0AYvCc270wYNLus6kRkuRRcg0RgE4nWlHI55kmOD3hLfQ8Rc/Ub7tguVEGoRig44YyeaRf2gI5vOaOY/B89/tN13+cy7+XjWCjYtWShaR9yQRgKYFWJunGcoZdfLi2ARTkjZOmlUK8aDaY6IQpit/Xt5OZGif9C843QoBGIU0JIkfQ4FLwr0F3+cDdfgRgULAs0nKu1HdQztBVR8Zt5Hyt/mKujUXeGU//ZIc0vF/EdkFj28URaqqK6vB6/4EireP95HKkYJHJH7aB13fQBHQ6q8wYFAz3SuOiXCnjVVLG+joWnNSqJhv55q8q8I0sxSoTPCPy62yl3S/8Zfai3JtioCKGaRs87+TOrNMC8MccEY1fnAknKwVDcK8URo2p+M+OQ5s1iddRR/HsCo1mNZYLclKXy6VrotbjrnulVDqhJzU+7mJdhunjtaGqwdS5NtiMBFc0qLsCNRn4W1BET2lICavXEFSgPadUGn/RS7IQlNFsNqxe/dFDc4nkItGgA9ARCo21hI73wBHkdC/pplyVVJZeUDj4uRYuJSm+aNk71M+qPSW0qRWFsu0x2C4q4U0MZgCk6XbQqObYVLKVXikRzvBu68PZ3f1YLVNCz4aeZHIINliRQeazpS892bsgwkXNrEPJpXEevACWYNhWLv60g5msEKq2Jg1wDs2CIa8+11iVTP2jQRkaX+S4rpLzbtfS9cVw9JsmbFsF7JhJatBWR/pmUsrH8bxJUIzvOfz+EiE+LH/QLeEdOtRVUkUzU1KUBoAOC7q6qPkzlsr/zY2AtzKEQaz+U22P+MSyP966ey3gulEAkT96vMymRS7W57l8PpoW3BWNdL2QuIrGbRMTRgbJSCxgwtNHPXh5OIqz3zRihG081eTcNOQpXBA6HJegmB3zH01L4rcAiOaktDNFBjWH1Ltr7i1gwrh2X7PRa8Drs3JGG+BT2C8XJURChYVsrsOZqmwblvk4JcIrJ2VKobDS2Ob9bCl0/KntiH9KEx4EPQWTWu02XuscWjZPxdS0iZ9c6Su7Fx6ngJWR7n6Pmg=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml2:EncryptedAssertion>
</saml2p:Response>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema" ID="_64dbbe51cdcbf0932243a7f9e4981689" IssueInstant="2023-10-24T12:59:54.900Z" Version="2.0">
<saml2:Issuer>https://<YOUR_SIGNICAT_DOMAIN>/auth/saml</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_64dbbe51cdcbf0932243a7f9e4981689">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xsd"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>qyBCtvNbVcq6pqDh3ZzzcuxplB5TqzMR8Gxsk2z9qJE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>DvBs/ct62ljf0ILU+vVvU9h5DWcQDGhAydrfb8GSY7NkGDr4bbCHB0tHz3pRbYfMhW2fTFllCH0GaUtHD45RvzLcehMsW4+F01TMFV++HgYlNnwtoBOX76d9OyJkXI3D9Eq9bLpqyquhLXl9AHz8foKDNSt46jVoZMzd1EJz5/0qrg/N2iR+qD9szt0MjLRy65jcoVhfupv5MElBpK9GCTIvSCbelqw3BeCWHU+NLQwlLEqNcfzbc2BU60EjR8tL9E2XLMT9hiAztT1fI8Jp9OC/VP9KAdVnLQbiOnIQEJtIcXbMRhFKu1JmZkVFzQpf5UgkFf2VyfBWxP3f6FpB08mLXuoAyO3ekFkUdieCGyHe/MfE/tCvJQfPNupMP+8oIdIxkAzClLLwJsgtc0goLcdrl9/Bnp+3eTFHK0qWVYlMbDU31I3YnVgqNcGgAq6M7ndp9lG0sG3v57lP+VEQmS5R0SUMaE893mQW0hRPnsp5l20HtBtXO7ZXCTniSXfjHMUdD5QMVcmLowPTYCMWPkm8YyYmbNw2NmRY+jUa56U+J9HEyYyqogN5ftb9KFGW9pDUaiI+tv/o9ioP1BN0qY00wRfeRc3A8k9t490sS7XlIHfA1GtiOYlGY+ThqABvjbgPf6x3iIXF7yJ1MPPcn8hHxyidmioFBc8hspG7o0k=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIILjCCBhagAwIBAgIUTHHk/KmVYAobZ0zz9JTbsdsW7oMwDQYJKoZIhvcNAQELBQAwgYAxCzAJBgNVBAYTAk5MMSAwHgYDVQQKDBdRdW9WYWRpcyBUcnVzdGxpbmsgQi5WLjEXMBUGA1UEYQwOTlRSTkwtMzAyMzc0NTkxNjA0BgNVBAMMLVF1b1ZhZGlzIFBLSW92ZXJoZWlkIFByaXZhdGUgU2VydmljZXMgQ0EgLSBHMTAeFw0yMjExMDEwOTI5NTlaFw0yNTExMDEwOTI0MDBaMIGFMQswCQYDVQQGEwJOTDErMCkGA1UECgwiQ29ubmVjdGVkIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEdMBsGA1UEBRMUMDAwMDAwMDMyNDQ0NDAwMTAwMDAxKjAoBgNVBAMMIXNpZ25pbmctZHRwLWRldi5icm9rZXIubmctdGVzdC5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIZBHYuIhSPA/nOioZe0kI1CH5LmTY5K4Q4WfeTBUjvca8PsmDrUIShdrG8ie596jYZqsUdXBw9YiJ4ZqUBHtbbN/eMBb8QBmnlLMJhPH8wXo+2LLGSdfwW0ltLkXz7vauvjdnLpdKqeCc/Sq5EFygU4nnMRbuhZV0gbV3PQ4iEUxIy1p+yHMqQKuJC1s3mM2fqkh5M30+P+3bdWCp8TSV3y0ffsuSSzi/V/BlIdN3Cw7GCgL1MvqIPZS279CjorsXftMgJRdi2boc9m22rBacF6E2Qc7Xh1Hotrfde3UDxT2+xdSVPN5LzIcCspnxrqEWeug7lID/c6+jkOrOOxk6on9Ba4JpoY/eN99YTl7Gbounw2cJvGuQJD1XyYloLgwmzrAi5jXatE/+/+zGi2Ij0H0VcCtP3I9fJM1Pkg/M5uqjGk2EPv/wymODxU308wRIsYArEUVdF06MEM+Z/nueRHhivRilgNFevoGA9XPwTlVKJ8Xz8SWxr+JtwWGEJ5qRnex31eiQgiLMRLWiQpWw1Uo7fDmyhc57hONkmvJuz+riA8ysCt++duTpbwZPrsmqLpZoDrT/Mpe0sLANBcbf1jlij+wFhEbCu1GSjUGst4+BmaPzp3mkTlBN6L6gN+RPcF5crixYZ82uUf7dUSOn5ynY3GsWLn0euTVYrBRuF5AgMBAAGjggKXMIICkzAfBgNVHSMEGDAWgBS5bKYTursvNGODMS75fkkd3wD1YzB9BggrBgEFBQcBAQRxMG8wPgYIKwYBBQUHMAKGMmh0dHA6Ly90cnVzdC5xdW92YWRpc2dsb2JhbC5jb20vcGtpb3ByaXZzZXJ2ZzEuY3J0MC0GCCsGAQUFBzABhiFodHRwOi8vc2wub2NzcC5xdW92YWRpc2dsb2JhbC5jb20wLAYDVR0RBCUwI4Ihc2lnbmluZy1kdHAtZGV2LmJyb2tlci5uZy10ZXN0Lm5sMIIBMAYDVR0gBIIBJzCCASMwggEfBgpghBABh2sBAggGMIIBDzA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5xdW92YWRpc2dsb2JhbC5jb20vcmVwb3NpdG9yeTCB1gYIKwYBBQUHAgIwgckMgcZSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHJlbGV2YW50IFF1b1ZhZGlzIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IGFuZCBvdGhlciBkb2N1bWVudHMgaW4gdGhlIFF1b1ZhZGlzIHJlcG9zaXRvcnkgKGh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tKS4wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwucXVvdmFkaXNnbG9iYWwuY29tL3BraW9wcml2c2VydmcxLmNybDAdBgNVHQ4EFgQUxNJtx1A2SisHfrPeIRZLKArb4C0wDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4ICAQAbZ1xC9Gy5GasdwegOXV2+WOEgjRBZQIwi4NcRUf323n2u90928z4ePw6l9By673LqyXmtGFFizdsc+AmdJneDo8KFKsq2QNzEZzNWSuEo0kNK/W6T2z8RreElfm78jHVtmMkFuUbAcyYNQX1LR3GnXlibkWdtnAQSIi+QoOhDovPYyQHmZp7ECnGoz4gRyVOHQ5LCldT+aHGtqnfRbhyYnB0Qdvd6xpvtiWRTd4hc3kzdYWlvzlObDKn0GPmlhbXqiPVgiHHAgee1mCgg3crzQLdl8LR2z6uzaPiKHcSI/LbrLau9hWtPzLOAJrmx+WpcZlVxlFhnEuOwVeupePs4HyktU7syB4KNpkSAijEzP2LPeHk0H0wy8M/XVE28OqIe+W+Shs6dcrQKsdNN6VyP/NrCJv58g7oQExpLGpN30+uOvSK4pZxovez+K6hi6J9h68T2tZor5ctbkBUfB8KgmDR6qBmcMVCgjJsj+3TmnaP/4Lmg5X65Y8uQgvfUokLZYWtsN3XXXQTaBwgESMLUaW7ToUBFITb87ChM/sOTWsPuJo8wLpRfqWqsQOe2hv7Cee5WihJftaMmkAdnRs/m8mPyM5zAVxlWviy7P9O6/QfVn6gov78nULfg+tm949xYJ0PSEZMODDmcbS5dcdyyRb+xlgTI+QQi1I4w1Na6Vg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="FTN">SPN8DoL016CEA5Uh4kSOc5u8mynlyGGFKyD0XMH3BI4=</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData InResponseTo="_ccf3677b6932589b330fb0cce2f2d4dd" NotOnOrAfter="2023-10-24T13:01:54.903Z" Recipient="https://<YOUR_DOMAIN>/saml/acs"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2023-10-24T12:59:49.905Z" NotOnOrAfter="2023-10-24T13:01:54.905Z">
<saml2:AudienceRestriction>
<saml2:Audience>https://<YOUR_SIGNICAT_DOMAIN>/saml</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AttributeStatement>
<saml2:Attribute Name="dateOfBirth">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">2000-01-01</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="ftnHetu">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">010100A001N</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="name">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">TEEMU TESTAAJA</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="nin">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">010100A001N</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="nin.issuingCountry">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">FI</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="nin.type">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">PERSON</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="firstName">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">TEEMU</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="ftnIdp">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">fi-pop</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="lastName">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">TESTAAJA</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthnStatement AuthnInstant="2023-10-24T12:59:54.912Z" SessionIndex="b204887b-bd8b-4cfa-9cfa-52335aa94d3b">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract</saml2:AuthnContextClassRef>
<saml2:AuthenticatingAuthority>FTN</saml2:AuthenticatingAuthority>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
Authentication REST API attributes
The Signicat Authentication REST API supports the following request and response attributes for FTN:
Attributes | Sub-field | Example | Description |
---|---|---|---|
idpId | 070770-905D | Personal identifier set by the identity provider. | |
name | Väinö Tunnistus | Full name of the end-user. | |
firstName | Väinö | First name of the end-user. | |
lastName | Tunnistus | Surname of the end-user. | |
dateOfBirth | 1970-07-07 | Date of birth of the end-user. | |
nin | value | 070770-905D | National identification number (HETU) of the end-user. |
issuingCountry | FI | Issuing country of the national identity. | |
type | PERSON | Type of national identity number. | |
ftnIdp | fi-op | Identifier for the specific eID method in FTN. In this example, the Finnish OP Bank Group. For a full overview, see the About page. | |
ftnHetu | 070770-905D | End-user's personal identity code (HETU: henkilötunnus). For information about the format, see for example https://dvv.fi/en/reform-of-personal-identity-code. | |
ftnSatu | 100000001N | Finnish unique identification number (SATU: sähköinen asiointitunnus). |
Response example
Here is a section of the response showing the user information attributes:
"subject": {
"id": "tPrysd7qtFvlSEBh7sYG0R8LXYYIgnZ5RmlR-Vl9IEs=",
"idpId": "070770-905D",
"name": "Väinö Tunnistus",
"firstName": "Väinö",
"lastName": "Tunnistus",
"dateOfBirth": "1970-07-07",
"nin": {
"value": "070770-905D",
"issuingCountry": "FI",
"type": "PERSON"
},
"ftnHetu": "070770-905D",
"ftnIdp": "fi-op"
}
For FTN, you are required to receive encrypted responses. If you do not set this up correctly, FTN will fail and you will not be able to obtain any FTN authentication results. For details about how to set this up, see the general protocol description, Encrypted responses from Signicat.
IdP discovery
When authenticating end-users with the Finnish Trust Network (FTN), you can restrict which providers/banks to include in the authentication process.
The table below shows the parameters that you can use to restrict the list of providers for FTN:
Parameter | Provider | Value |
---|---|---|
ftn_idp | Aktia | fi-aktia |
ftn_idp | Bank of Åland | fi-alandsbanken |
ftn_idp | Danske Bank | fi-danskebank |
ftn_idp | Nordea | fi-nordea |
ftn_idp | OmaSP | fi-omasp |
ftn_idp | OP Bank Group | fi-op |
ftn_idp | POP Bank | fi-pop |
ftn_idp | S-Bank | fi-spankki |
ftn_idp | Handelsbanken | fi-handelsbanken |
ftn_idp | Säästöpankki | fi-saastopankki |
ftn_idp | Telia/Mobiilivarmenne | fi-telia |
DNA | n/a | |
Elisa | n/a |
Learn more about IdP discovery (provider) functionality in the respective protocol documentation:
Example with OIDC
With OIDC, you specify which FTN providers to show with the ftn_idp
parameter in the ACR values. For example, to only make available for authentication Aktia and Bank of Åland, pass the following query parameter in your authorization request:
acr_values=ftn_idp:fi-aktia,fi-alandsbanken