SITHS
About SITHS
SITHS by Inera is a Swedish smartcard-based eID solution for professional use. It is used by healthcare professionals and other employees in the Swedish healthcare sector, as well as other employees in the Swedish public sector. SITHS is approved as a Swedish eID (svensk e-legitimation) by the Swedish authority DIGG for assurance level substantial (Swedish level 3).
Key features
- LoA 3 (regular cards) / LoA 2 (replacement cards)
- Public key infrastructure (PKI)-based eID with two pairs of certificates. One certificate holds the Swedish national ID number (personnummer) and the other one holds a Swedish HSA-ID (an identification number for health personnel).
- The smartcards include a Telia eID.
The primary use of SITHS is authentication and signing in local systems in the user’s organisation, e.g. in an electronic patient journal system. While this functionality is out of scope for Signicat, Signicat supports online authentication with SITHS through the TLS protocol with client authentication. Authentication-based signing with SITHS is also supported. Other existing solutions are not supported unless otherwise stated.
LoA configuration and replacement cards
Signicat’s default configuration is for an LoA3 service, which means that replacement cards cannot be used for authentication (see Key features above). However, you can ask for a configuration that also includes LoA2, which will make it possible to use replacement cards. Whichever choice, there is no way to dynamically accept LoA3 or LoA2, so the chosen configuration will be used in all cases. Furthermore, keep in mind that LoA checks can only be done after the authentication is done. Thus, in the default configuration, end-users with a replacement card will go through authentication and then be denied access afterwards.
Client side requirements
The end-user needs a SITHS card with certificates, a card reader, and (usually) a specific software (browser plug-in or similar). The user is expected to obtain all of these from their employer, for instance, a health service provider. The following requirements apply:
- Support for Javascript and cookies is required.
- Windows systems:
- Browsers: Edge, Internet Explorer, or Chrome.
- A version of Net iD Enterprise that supports SITHS cards (see “Mer om tjänsten” on the Inera website, in Swedish)
- Linux systems:
- Browsers: Chrome or Firefox.
- No additional software is required. The browser’s own pkcs11 handles SITHS.
- Mac OS X:
- These operating systems have not been tested yet, but installing Net iD Enterprise is recommended.
Get started with the integration
Integration with SITHS is done similarly to other Signicat's eID methods. This section describes how to get started with setting up SITHS.
For more general information on how to integrate with Signicat, see the Quick start guide.
Initial preparations
- Sign up to the Signicat Dashboard.
- In the Signicat Dashboard, set up an organisation, an account and a domain.
We recommend that you create a sandbox account to test our services before implementing them in production.
Add SITHS
Once your Dashboard account is configured, you must add SITHS to the list of supported ID methods.
Before you can add SITHS to the Dashboard, you need to configure SITHS access with an onboarding manager. To get help with this, please contact us.
To add SITHS:
- In the Signicat Dashboard, go to eID Hub > ID Methods.
- Click Add new.
- Choose SITHS and click Save.
Certificate
Usage of a specific certificate for authentication is not enforced, which means that you cannot ensure that, for instance, HSA-ID is always returned. The certificate that is returned after an authentication process is the one selected by the end-user. Due to this, you must find a way to ensure that end-users select the appropriate certificate if necessary, for example, by displaying a warning text before the authentication process begins.
Mapping HSA-ID with national identification number (personnummer)
It is possible to map HSA-ID and "personnummer" by performing a lookup in the HSA catalogue, a service provided by Inera. You can find more information about the service on the Inera website: “Katalogtjänst HSA” (in Swedish). Signicat has no integration to the HSA catalogue, so you must assume the responsibility for integrating towards the HSA catalogue if mapping is needed.
Test information
You can order test cards on the Inera website (in Swedish). Bear in mind that only test SITHS cards can be used for testing in Signicat's sandbox environment, and not real ones. On the other hand, SITHS test cards do not work in Signicat's production environment, where real SITHS cards must be used.
Other sources
- Further information about SITHS: https://www.inera.se/tjanster/identifieringstjanst-siths/mer-om-tjansten/
- Governing documents: https://www.inera.se/kundservice/dokument-och-lankar/tjanster/identifieringstjanst-siths/siths-repository/
Support
Are there any features you think are missing? Anything you'd like to see on our site? You can share your thoughts on our community pages:
If you have questions, you can contact us by creating a support ticket in the Signicat Dashboard: