SAML

An identification through E-Ident can be performed using the SAML v1.1 identification protocol. This page outlines the identification process, the identification parameters, single sign-on (SSO) functionality and how to perform a log out.

Content on this page

SAML v1.1 identification

The figure below illustrates the identification sequence for an E-Ident customer using SAML v1.1.

The end user accesses the E-Ident customer site with a request to log on.
The end user browser is redirected to E-Ident to begin identification. Sample identification request: https://www.ident-preprod1.nets.eu/its/index.html?mid= <value>&TARGET=<value>
Read more about the mandatory and optional identification request parameters below.
End user identification is initiated towards a selected eID. The end user supplies his/her credentials.
E-Ident redirects the end user to the E-Ident customer's artifact resolver URL with the ArtifactID. The artificat resolver URL is defined upon customer registration.
The customer sends a request directly to E-Ident to retrieve the user info based on the ArtifactID. E-Ident returns the SAML assertion containing all information about the user.
Read more about the content of the SAML assertion below.

Identification request parameters

The different identification request parameters are divided in these sections:

Mandatory

Parameter

Description

Constraints

mid

Customer identifier. This is an ID assigned to the customer upon configuration and must be used in subsequent requests to E-Ident.

NA

TARGET

Data sent back to the artifact receiver after identification. Customers can use this to carry session specific data tokens such as name or URL of resource user intended to access, or a session ID.

Parameter name must be in upper case.

URL encode following parameters: [? | & | #]

Optional

Parameter	Description	Constraints
additional_info	The additional info parameter can be used by any customer to enter their own information. The parameter value will be returned as it was entered in the corresponding claim in the ID Token or attribute in the SAML assertion. In addition, the information is added to E-Ident statistics and may be returned to the customers as part of statistics. The last part must be agreed with IN Groupe in each case.	Format: [A-Za-z0-9_\-åøæÅØÆ]{0,50} Max length: 50 characters
deflect	Where the artifact receiver should be opened. Options are to keep it in iframe (_self) or take over the page (_top).	Valid values: [_top, _self] Default: _top
forcepkivendor	A comma separated list of eIDs. The list limits the eIDs made available to the end user for identification. See the next table for a mapping between eID and the constraint.	One or more of: no_bankid, no_bidmob, no_buypass, mitid, mitid:mitid_erhverv, se_bankid, se_bankid:mobile, NetsID_Verifier, mobile_id, smart_id, verimi, nets_sms
locale	The language used to provide user with information during identification. If not provided, then E-Ident uses the language specified by the web browser. If no supported languages are available in the browser, or the parameter, then English is used by default.	Supported language codes: Supported language codes: [nb-NO \| nn-NO \| en-GB \| da-DK \| sv-SE \| fi-FI \| sv-FI]
start	A customer URL that points to a start page. The start page is used as an exit strategy for users that opt out of the identification sequence (for example, choosing to cancel the identification process midway or after a status message is displayed by E-Ident). The start URL is not used if a status URL is provided.	Format: URL Range: only URLs to trusted domains are allowed by E-Ident. Trusted domains are a part of the customer configuration setup. This parameter overrides the URL issued to E-Ident during configuration.
status	The URL is used to provide end users with clear messages in cases where an unexpected event occurs. Unexpected events can be errors during identification, change of status, or other relevant information not associated with a successful identification. E-Ident always appends a status code to the provided URL, so this URL must allow a status code to be appended to it. Example: If the event uid.expired occurs, and the URL is defined as being https://customer/statusurl.html?su= (notice how this URL works well with the appended status code), then the actual URL requested will be https://customer/statusurl.html?su=uid.expired	Format: URL Range: only URLs to trusted domains are allowed by E-Ident Trusted domains are a part of the customer configuration setup. This parameter overrides the URL issued to E-Ident during configuration.
style	A customer with a specific typographic, layout, or colour scheme can provide a URL to a CSS style sheet. If provided, the given style sheet will be used when rendering web pages in a browser. Note: style is ignored if the wi parameter is set to “n” or not used.	Format: URL Range: only URLs to trusted domains are allowed by E-Ident. Trusted domains are a part of the customer configuration setup. This parameter overrides the URL issued to E-Ident during configuration.
wi	The wi parameter is used to indicate that the user interface shall be embedded UI. Note: The wi parameter may also be set to n to indicate standalone UI. However, as this is default UI option it is not necessary to use the wi parameter.	Valid values: [ r ]

Mapping of eID to forcepkivendor parameters:

eID	forcepkivendor parameter
BankID (NO)	no_bankid
BankID (SE)	se_bankid
Belgian eID (BE)	be_cardreader
Buypass (NO)	no_buypass
MitID (DK)	mitid and/or mitid:mitid_erhverv
Mobile-ID	mobile_id
IN Groupe ID Verifier	passport_reader/or id_verifier
Smart-ID	smart_id
Verimi	verimi
AusweisApp	personalausweis

Optional eID specific parameters

Name	Description	Constraints	eID
aal_value	Specifies the requested Authentication Assurance Level.	One of: [ low \| substantial \| high ]	MitID (DK)
action_context	Specifies the action context for identification	One of: [LOG_ON \| APPROVE \| CONFIRM \|ACCEPT \| SIGN]	MitID (DK)(Currently supported)
acr_values	Used to set the minimum level of assurance for the identification.	Valid values: urn:eident:acrp:level:high\| urn:eident:acrp:level:substantial\| urn:eident:acrp:level:low	BankID (NO), BankID (SE), MitID DK, Finnish Bank ID (FI), Mobile-ID, IN Groupe One Time Code, Buypass, Verimi, IN Groupe ID Verifier
amr_values	Used to set the authentication method for the identification.	Valid values: See the eID specific page.	Verimi BankID (NO)
autostart	Used to inform the service if it shall try to start the eID client automatically. (If the end user is using the device where the eID client is located)	Values: [true \| false]	BankID (SE)
loa_value	Specifies the requested Level of Assurance.	One of: [ low \| substantial \| high ]	MitID (DK)
login_hint	A pre-selected user ID to improve user experience and reduce number of steps for a user.	See login_hint description on the eID specific pages.	BankID (NO), BankID (SE), MitID (DK), Mobile-ID, Smart-ID and Verimi
mobileid_display_te-xt_format	This parameter indicates the format to use for the display text. GSM-7 is default. UCS-2 supports all Cyrrillic characters.	Valid values: UCS-2: 20 characters GSM-7: 40 characters (default)	Mobile-ID
presetid	A pre-selected user ID to improve user experience and reduce number of steps for a user.	See presetid description on the eID specific pages.	BankID (NO), BankID (SE), MitID (DK) and Verimi
reference_text	Reference text displayed during MitID identification. The text is displayed in the MitID client or in the MitID app.	All characters allowed except: %< Max limit: 130	MitID (DK)
returnaddress	Specifies the requested Address	Valid values: See the dID specific page.	Verimi
returnorg	For MitID: This parameter is used to initiate the Private MitID - on behalf of companies function.	Values: [true\| false]	MitID (DK)
returnssn	Controls retrieval of SSN for customers that have SSN access. For BankID (NO), BankID on mobile (NO) the SSN will be returned if the parameter is not provided. For the other eIDs, SSN will not be returned if the parameter is not provided.	Values: [true\|false]	BankID (NO), MitID (DK), Mobile-ID and Smart-ID.
smartid_allowed-InteractionsOrderType	This parameter can be used to decide which text to display to the user and it may give him possibilities to choice a verification code.	Valid values: See the eID specific page.	Smart-ID
smartid_displayText60	Text to be displayed in the Smart-ID user app.	Max length: 60 characters	Mobile-ID
smartid_displayText200	Text to be displayed in the Smart-ID user app.	Max length: 200 characters	Mobile-ID
transactiontext	Transaction text displayed on end user’s app or phone in Mobile-ID, BankID SE and AusweisApp	Characters max length: 20 / 40 (Mobile-ID) 600 (BankID SE) 1800 (AusweisApp)	Mobile-ID,BankID (SE) and AusweisApp

SAML Assertion

The following table lists all available assertion attributes that may be returned in a SAML response. Not all attributes are available in all SAML responses. See the list of returned attributes below. The attributes is specific for the eID providers.

Attribute	Description/Usage	eID provider
AAL	Authentication Assurance Level One of https://data.gov.dk/concept/core/nsis/Low https://data.gov.dk/concept/core/nsis/Substantial https://data.gov.dk/concept/core/nsis/High	MitID (DK)
ACTION_CONTEXT	Specifies the action context for identification	MitID (DK) (Currently supported)
ACR	The level of assurance for the specific identification. Possible values are listed on the eID pages, which will be one of: [ urn:eident:cert:eidas:high\| urn:eident:cert:eidas:substantial\| urn:eident:cert:eidas:low ]	BankID (NO), BankID (SE), MitID DK, Finnish Bank ID (FI), Mobile-ID, IN Groupe One Time Code, Buypass, Verimi, IN Groupe ID Verifier
ADDRESS	Specifies the address of a user	Verimi, AusweisApp
AMR	Auth Method Ref. JSON array of strings that are identifiers for authentication methods used in the authentication.	Valid values: See the eID specific page for Verimi and BankID (NO)
ADDITIONAL_INFO	The value of the additional info parameter if used.	ALL
AUTHFILESURL	A URL to download authentication files. Read more about the authentication files.	IN Groupe ID Verifier
AUTHORIZED_TO_REPRESENT	The organisation number (Danish CVR number) the user has selected and is authorised to represent. The user can select a company when using the Private MitID - on behalf of companies functions.	MitID (DK)
C	Country code	All (Where available)
CARD_NUMBER	Card number of the end user	Belgian eID(BE)
CARD_EXPIRY_DATE	Expiry date of the end user's card	Belgian eID(BE)
CERTIFICATE	The X509 certificate of the identified end user.	ALL (where available)
CERTPOLICYOID	A policy identifier for the end user certificate.	ALL
CN	Common Name from end user certificate.	ALL
DK_SSN	Danish SSN.	MitID (DK)
DN	Distinguished Name from end user certificate.	ALL
DOB	Date of birth where available
FIRSTNAME	End user first name (from certificate).	ALL (where available).
FULLNAME	Name of identified user.	ALL (where available)
GIVENNAME	End user given name (from certificate)	ALL (where available).
IAL	Identity Assurance Level One of https://data.gov.dk/concept/core/nsis/Low https://data.gov.dk/concept/core/nsis/Substantial https://data.gov.dk/concept/core/nsis/High	MitID (DK)
IDENTITY_TYPE	Type of identification Possible values are: private professional Professional indicates Erhverv user	MitID (DK)
IDPROVIDER	The ID provider used for identification.	ALL. See valid values in a table below this table.
LOA	Level of Assurance One of https://data.gov.dk/concept/core/nsis/Low https://data.gov.dk/concept/core/nsis/Substantial https://data.gov.dk/concept/core/nsis/High	MitID (DK)
MITID_AMR	The list of authenticators used to achieve the resulting level of assurance for a MitID identification. Possible values for MitID are: password code_token code_reader code_app code_app_enchanced u2f_token Possible values for MitID Erhverv are: mitid:password mitid:code_token mitid:code_reader mitid:code_app mitid:code_app_enchanced mitid:u2f_token	MitID (DK)
MITID_UUID	Unique ID for MitID.	MitID (DK)
NEMLOGIN.AGE	Age of Erhverv user	MitID (DK)
NEMLOGIN.AUTH_TO_REPR	CVR number of the Organisation for which the MitID user is authorized to represent.	MitID (DK)
NEMLOGIN.CPR_UUID	Unique ID for Erhverv user	MitID (DK)
NEMLOGIN.CVR	Company CVR for Erhverv user	MitID (DK)
NEMLOGIN.DATE_OF_BIRTH	Date of birth for Erhverv user	MitID (DK)
NEMLOGIN.EMAIL	Email address for Erhverv user	MitID (DK)
NEMLOGIN.FAMILY_NAME	Family name for Erhverv user	MitID (DK)
NEMLOGIN.GIVEN_NAME	Given name for Erhverv user	MitID (DK)
NEMLOGIN.IAL	Identity Assurance Level One of https://data.gov.dk/concept/core/nsis/Low https://data.gov.dk/concept/core/nsis/Substantial https://data.gov.dk/concept/core/nsis/High	MitID (DK)
NEMLOGIN.NAME	Full name of Erhverv user	MitID (DK)
NEMLOGIN.NEMID.RID	Employee certificate RID from NemID migration (or assigned)	MitID (DK)
NEMLOGIN.ORG_NAME	Company name for Erhverv user	MitID (DK)
NEMLOGIN.P_NUMBER	Company P number for Erhverv user	MitID (DK)
NEMLOGIN.PERSISTENT _PROFESSIONAL_ID	MitID Erhverv’s Global UUID/ID from EIA MitIDMitID Erhverv’s Global UUID/ID from EIA

NEMLOGIN.SE_NUMBER	Company SE number for Erhverv user	MitID (DK)
NO_BP_BUYPASSID	Unique Buypass identifier.	Buypass
NO_BP_PID	Buypass user’s Personal identifier.	Buypass
NOTAFTER	Certificate validity end time.	ALL (where available)
NOTBEFORE	Certificate validity begin time.	ALL (where available)
NO_CEL8	8-digit mobile/cell number (provided by merchant or user).	Norwegian BankID Mobile.
NO_BID_PID	Norwegian BankID PID	Norwegian BankID
NO_DOB6	6-digit date of birth (provided by merchant or user)	Norwegian BankID Mobile
NO_SSN	Norwegian SSN.	Buypass and Norwegian BankID.
ORGANISATION_NAME	Private MitID: The name of the organisation the user logs in on behalf of.	Applicable eID: MitID (DK)
ORGANISATION_NUMBER	For MitID: The organisation number received when using the Private MitID - on behalf of companies function.	Applicable eID: MitID (DK)
REFERENCE_TEXT	Reference text from MitID and/or Erhverv transaction	MitID (DK)
SE_SSN	Swedish SSN	Swedish BankID
SMARTID_INTER-ACTION_FLOW_USED	This value returns information about the type of Smart-ID interaction flow that was used. This can be one of: displayTextAndPIN verificationCodeChoice confirmationMessage confirmationMessageAndVerificationCodeChoice	Smart-ID
SSN_ISSUING_COUNTRY	The country that issued the user's ssn.	Currently supported: Smart-ID, Mobile-ID and Buypass.
SURNAME	End user surname (from certificate).	ALL (where available).
DOCUMENTNUMBER	The Document Number	Verimi IDCard IN Groupe ID Verifier
DOCUMENTTYPE	The Document Type	Verimi IDCard IN Groupe ID Verifier, AusweisApp
PLACEOFBIRTH	Place of Birth	Verimi IDCard IN Groupe ID Verifier, AusweisApp
DATEOFEXPIRY	Date of Expiry of the document	Verimi IDCard IN Groupe ID Verifier, AusweisApp
CITIZENSHIP	Citizenship of the end user	Verimi IDCard, AusweisApp
ISSUE_DATE	The Document issue date	Verimi IDCard
ISSUING_AUTHORITY	The Document issuing authority	Verimi IDCard
VERIFICATION_METHOD	Verification Method	Verimi IDCard
VERIFICATION_DATE	Date of verification	Verimi IDCard

The following table gives the valid values for the IDPROVIDER attribute:

eID Provider	IDPROVIDER value
BankID (NO)	no_bankid
BankID (SE)	se_bankid
BankID on mobile (NO)	no_bidmob
Belgian eID (BE)	be_cardreader
Buypass (NO)	no_buypass
MitID (DK)	mitid
Mobile-ID	mobile_id
IN Groupe ID Verifier	passport_reader/id_verifier
AusweisApp	personalausweis
Smart-ID	smart_id
Verimi	verimi

Example SAML response

Copy to clipboard

.xml

CODE

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
                  xmlns:ns1="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"
                  xmlns:ns3="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Header/>
    <soapenv:Body>
        <ns1:Response xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
                      InResponseTo="76C4438E7CCFBA0E03B12014F6C99DF88CD08C33" IssueInstant="2019-01-03T14:27:50.906Z"
                      MajorVersion="1" MinorVersion="1" ResponseID="TI2-47A7F798E258169482197E2E7266DAAA0671D9AF">
            <ns1:Status>
                <ns1:StatusCode Value="ns1:Success"/>
            </ns1:Status>
            <ns3:Assertion AssertionID="TI2-878D39A6C769451CE67D4066603A6D87370A258D"
                           IssueInstant="2019-01-03T14:27:50.911Z" Issuer="https://www.ident-preprod1.nets.eu/saml1resp/"
                           MajorVersion="1" MinorVersion="1">
                <ns3:Conditions NotBefore="2019-01-03T15:27:50.000Z" NotOnOrAfter="2019-01-03T14:57:50.000Z"/>
                <ns3:AuthenticationStatement AuthenticationInstant="2019-01-03T14:27:50.911Z"
                                             AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:X509-PKI">
                    <ns3:Subject>
                        <ns3:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=Nilsen\, Åse,O=BankID - TestBank1,C=NO,SERIALNUMBER=9578-6000-4-201090</ns3:NameIdentifier>
                        <ns3:SubjectConfirmation>
                            <ns3:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ns3:ConfirmationMethod>
                        </ns3:SubjectConfirmation>
                    </ns3:Subject>
                </ns3:AuthenticationStatement>
                <ns3:AttributeStatement>
                    <ns3:Subject>
                        <ns3:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
                            CN=Nilsen\, Åse,O=BankID - TestBank1,C=NO,SERIALNUMBER=9578-6000-4-201090
                        </ns3:NameIdentifier>
                        <ns3:SubjectConfirmation>
                            <ns3:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ns3:ConfirmationMethod>
                        </ns3:SubjectConfirmation>
                    </ns3:Subject>
                    <ns3:Attribute AttributeName="IDPROVIDER" AttributeNamespace="urn:bbs:esec:adames:ti2:saml:1.1:attributeNamespace:uri">
                        <ns3:AttributeValue xsi:type="xs:string">no_bankid</ns3:AttributeValue>
                    </ns3:Attribute>
                    <ns3:Attribute AttributeName="DOB" AttributeNamespace="urn:bbs:esec:adames:ti2:saml:1.1:attributeNamespace:uri">
                        <ns3:AttributeValue xsi:type="xs:string">02.10.1958</ns3:AttributeValue>
                    </ns3:Attribute>
                    <ns3:Attribute AttributeName="DN" AttributeNamespace="urn:bbs:esec:adames:ti2:saml:1.1:attributeNamespace:uri">
                        <ns3:AttributeValue xsi:type="xs:string">CN=Nilsen\, Åse,O=BankID - TestBank1,C=NO,SERIALNUMBER=9578-6000-4-201090</ns3:AttributeValue>
                    </ns3:Attribute>
                    <ns3:Attribute AttributeName="CN" AttributeNamespace="urn:bbs:esec:adames:ti2:saml:1.1:attributeNamespace:uri">
                        <ns3:AttributeValue xsi:type="xs:string">Nilsen, Åse</ns3:AttributeValue>
                    </ns3:Attribute>
                    <ns3:Attribute AttributeName="NO_BID_PID" AttributeNamespace="urn:bbs:esec:adames:ti2:saml:1.1:attributeNamespace:uri">
                        <ns3:AttributeValue xsi:type="xs:string">9578-6000-4-201090</ns3:AttributeValue>
                    </ns3:Attribute>
                    <ns3:Attribute AttributeName="CERTPOLICYOID" AttributeNamespace="urn:bbs:esec:adames:ti2:saml:1.1:attributeNamespace:uri">
                        <ns3:AttributeValue xsi:type="xs:string">2.16.578.1.16.1.12.1.1</ns3:AttributeValue>
                    </ns3:Attribute>
                    <ns3:Attribute AttributeName="NO_SSN" AttributeNamespace="urn:bbs:esec:adames:ti2:saml:1.1:attributeNamespace:uri">
                        <ns3:AttributeValue xsi:type="xs:string">02105892090</ns3:AttributeValue>
                    </ns3:Attribute>
                    <ns3:Attribute AttributeName="CERTIFICATE" AttributeNamespace="urn:bbs:esec:adames:ti2:saml:1.1:attributeNamespace:uri">
                        <ns3:AttributeValue xsi:type="xs:string">
                            MIIFaTCCA1GgAwIBAgIDCxjZMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNVBAYTAk5PMRUwEwYDVQQKDAxUZXN0QmFuazEgQVMxEjAQBgNVBAsMCTEyMzQ1Njc4OTEjMCEGA1UEAwwaQmFua0lEIFRlc3RCYW5rMSBCYW5rIENBIDIwHhcNMTcxMDEwMTA1MjUwWhcNMTkxMDEwMTA1MjUwWjBeMRswGQYDVQQFExI5NTc4LTYwMDAtNC0yMDEwOTAxCzAJBgNVBAYTAk5PMRswGQYDVQQKDBJCYW5rSUQgLSBUZXN0QmFuazExFTATBgNVBAMMDE5pbHNlbiwgw4VzZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAODf+meT3z3qZOjjMZobh6XMd2C7zS5nTm742Af/3MNxTji2X9f0d7hhvc3RHuq50kiTSz99yGPha2TKGzr2ApuXWplkIZhhShxImlelsRROqOSiICYiNhM/pzxEldq7jkP+tIqpPDy4tM7baNFp+uV6G0DdJJO0QbB9mXTJ1wevmYC+qIJKhl3D1XCMDtkS8V+d0rCplPYEdQx0582OlArG94JcLRBOaAI5Qfn3XWWVNhlZd2b3xbXiLmj9UepOomW+kJrzAWmD/aRXa0hIUW7W+zLpM2AVGUbl9useJTpNFliqvMDSPgf3OVSQ1BqI9VSwDBzJzR28RdzUhcrY+gECAwEAAaOCAS8wggErMBYGA1UdIAQPMA0wCwYJYIRCARABDAEBMCgGA1UdCQQhMB8wHQYIKwYBBQUHCQExERgPMTk1ODEwMDIwMDAwMDBaMBMGB2CEQgEQAgEECDAGBAQ5OTgwMBQGB2CEQgEQAgIECTAHBAVCSU5BUzA5BggrBgEFBQcBAQQtMCswKQYIKwYBBQUHMAGGHWh0dHBzOi8vdmEtcHJlcHJvZDEuYmFua2lkLm5vMDEGCCsGAQUFBwEDBCUwIzAIBgYEAI5GAQEwFwYGBACORgECMA0TA05PSwIDAYagAgEAMA4GA1UdDwEB/wQEAwIDiDAfBgNVHSMEGDAWgBSx5ynedCftwfjDGbgmb15zO14m/jAdBgNVHQ4EFgQUlRl4WJDdJA5PFwftO6HQn5nDX1EwDQYJKoZIhvcNAQELBQADggIBADjkWp+KfciWYBHuDBonqpzAtymIuBfVGILLAwHqlg8moI2ujraVJNjWQk56i2CDUAW6zlAdGoErM90OyxoDBo/Fea3pzMhWYL0U0yaW93Y3dw4e6gbo10mcULJtoLnBAqpz3gSJo4VBcjP0rEvCndl1HEyCT3fkHYccx6FSgMPdyzLlM46lZkOEvQqdraokNMlYBruERNpegee51uCMCcpH/a1X/0ziZGiNkQCo+1X8pGf8axt3XC3/ASssrFLlfvCpZv/vOzGA8Jeva5FoZovsiVuwtv6e0rzaZm8FQB4xhzt2JwEm9TQCqehh6TrOp0Zx5xhVV0UCbUwRdgF2SCe37jX3U238AMPIN8nr6fv2rp3Sk7Rkc6TEkXXve69ph0vAVl/1FDO2KcDegvFkGogRK/p08f2+NFOtT+pzNhunHZcTL/gW2ScUE4Md5KVkF59Bha4BP6z9Fq4wEe/gnmcKhBmsfA9uKym559BvSS6HDeYGQ3+0WLjhVn0/h+I/9lSgLBjbEm927O3QW75QrOgd90Mrx1N6UUaMH/ATFZKY2VauziQT2XBT0SXnpI+iGbdcVsVHj8h08GuLIUTZrflrvsHVavPOl11rbO0n3n9twmZtWz5F672ynZwlDC966uH+3h1l24LI5uw3Z7LbqKDWVRvdV2veq5rSa0xuXEX2
                        </ns3:AttributeValue>
                    </ns3:Attribute>
                </ns3:AttributeStatement>
            </ns3:Assertion>
        </ns1:Response>
    </soapenv:Body>
</soapenv:Envelope>

Single sign-on (SSO)

Single sign-on allowed registered customer sites in a cluster to share asserted end user attributes without requiring the end users to identify themselves again. A SSO enable identification is transparent to the customer and requires no special treatment in the customer application. The request and valid parameters are identical to those in an ordinary identification request.

Log out

An end user session can be terminated using the log out functionality.

Invoke a log out by calling https://www.ident-preprod1.nets.eu/gls/logout.html
Read more about the log out parameters.

Log out parameters

Parameter

Description

Constraints

deflect

Where the nexturl should be opened. Options are to keep it in iframe (_self) or take over the page (_top).

Required: no

Valid values: [_top, _self]

Default: _top

mid

Merchant identifier. This is an ID assigned to the customer upon configuration and must be used in subsequent requests to E-Ident.

Required: yes

nexturl

After log out, the End user will be directed to the URL pointed to by the nexturl parameter.

If not provided, E-Ident presents the user with a generic log out page.

Required: no
Format: URL