Enterprise Electronic signatures
This page outlines changes related to Norwegian BankID for Enterprise Electronic signatures, including how results are generated, what changes to expect across different signature types, and how these changes affect the structure of the LTV-SDO (long-term validation signed data object)and associated tokens.
All customers using Norwegian BankID for document signing will be affected.
Any mention of BankID OIDC refers to the internal connection Signicat maintains with Norwegian BankID. This does not restrict or change the available integration options for our signing or authentication services.
PAdES
The PAdES result will remain unchanged, as it is a PDF container with all the PDFs along with a front page and a closing page. The signature will also be included in this bundle, and the signature itself may differ from the result produced by the BankID Server. For more information, see the sections on LTV-SDO and Tokens.
LTV-SDO (long-term validation signed data object)
After the decommissioning, the LTV-SDO will be built to match the version produced by the current signing solution as closely as possible. However, some returned parameters may differ.
LTV-SDO for authentication-based signing (included in Signicat PAdES)
The authentication parameters are mapped into a SAML token that is included in the LTV-SDO. This SAML token contains information about the digest, the signature value and the certificates.
Differences in parameters
There are differences in the attributes returned by Norwegian BankID OIDC compared with BankID Server. In particular, BankID OIDC leaves out several authentication attributes present in the BankID Server response, so an authentication-based signing will return a reduced set of attributes. Note that this does not apply to signed statements.
For a comparison of the tokens and the attributes that change, see the Token for authentication-based and signed-statement signing section below.
SAML token inside LTV-SDO for signed statement
The equivalent in the new solution will be an LTV-SDO that includes the result from the CSC signing.
CSC result for PDF signing
When using the updated Norwegian BankID OIDC connection, the service generates an LTV-SDO (long-term validation signed data object) containing the result from the CSC signing. This LTV-SDO simulates both the SAML token and other required parameters based on the information received from the CSC signing.
Additionally, we display a screen showing a signed statement as visible text in our signing UI. This is necessary because from 1 May 2026, the BankID mobile app and desktop UI will no longer support displaying text. The signed statement consists of a short text statement, such as "I have read and understood the attached documents and hereby accept and approve of their contents with my signature".
LTV-SDO based on a native signature (including SEID-SDO)
The result will include the result from the CSC signing instead of using the SEID-SDO format.
CSC result for PDF signing
Changes after using the updated Norwegian BankID OIDC connection
After updating the connection to Norwegian BankID CSC, the SEID-SDO will no longer be included in the signed object. The result of the CSC signing will be either XAdES for text documents or PAdES for PDF documents. The parameters in the XAdES will continue to be populated as before, where the information is available; however, this is subject to change. Further details are provided below, including an overview of the parameters that are no longer supplied by STØ.
Tokens
The tokens representing the signature will change when moving from BankID Server to the OIDC and CSC integrations.
Below is a comparison of the new and old tokens across different use cases.
Token for authentication-based signing
For authentication-based signing, the difference in the token will be as for authentication itself, since the same token is used.
Norwegian BankID OIDC response
Norwegian BankID Server response
Token for signed statement
Result for PDF
CSC result for PDF signing
Result for native signing
For native signing, the previous SEID-SDO format returned by Norwegian BankID will be replaced with either XAdES, implemented as LTV-SDO (for text signing) or PAdES (for PDF signing), both generated according to the eIDAS standard using the DSS library.
Result for PDF
CSC result for PDF signing
Iframes
Restrictions for iframes
Norwegian BankID OIDC cannot be displayed within an iframe. If you initiate the signing flow inside an iframe, the BankID landing page may break out of it and take over the entire browser window. As a result, the end-user will be redirected to the configured ontaskcomplete or failed URL at the top level, rather than within the iframe.
There may also be dependencies that cause this breakout to fail, which can lead to additional user-facing issues. For this reason, we strongly recommend removing the iframe flow on your side to ensure a more reliable experience for your customers.