Enable Bank ID in your services
The Finnish Bank ID consists of a set of Finnish banks. These are:
- Danske Bank
- POP Pankki
- Oma Säästöpankki
Signing with Bank ID
Bank ID is mainly an authentication service. To enable signing, Nets is utilizing the Advanced electronic signature functionality in E-Signing.
The user Bank ID short-term certificate
The short-term signing certificate used for Bank ID will have these values:
- CN = Name
- UID = Session token
- SerialNumber = SSN
- OU = User authenticated by Finnish bank: <Bank // fixed value from authentication>
- O = Nets Branch Norway - 996 345 734
- C = NO
SDO seal and customer signature
To seal signed documents (SDOs) and to enable merchant signing for customer using Bank ID, a certificate will be created for the purpose. This certificate will be issued from a Nets internal utility CA and will be added during customer on-boarding.
To use the merchant signing feature with this certificate for some or all of your documents, add the below to your sign order:
Handling of SSN
The SSN will be incorporated as the subject serial number in the signing certificate and included as a part of the SDO if this has been a part of the authentication response. This may however differ from bank to bank. It also requires that the customer are allowed to get SSN in return.
How to find the SSN?
The SSN of a signer can be fetched from E-Signing using the
GetSignature call. This requires that the SignerID was set in the sign order. The SSN is returned in the SignerID / IDValue element of the response.
Use the GetSDODetails function to inspect the content of the SDO and return the SSN. For Bank ID this can be found in the UniqueId element in SDOSignature / SignerCertificateInfo.
See the SDOSignatures element.
Direct the user directly to a bank - skip step 2
The "Step 2" page where the user select the bank to sign with can be skipped if you already know which bank the user will sign with. This can be done by appending the forcebank parameter to the sign URL. Read more about the different sign URL parameters.
Document types and sizes
The following document formats are supported using BankID:
The size limit of a document is set to 3MB base64 encoded document or approximately 2,2 MB non-encoded.