Enable MitID in your services
MitID is the new eID in Denmark, and it will replace NemID from the Autumn 2021.
More information about MitID:
MitID signing will be available in E-Signing through NemLog-in3.
Migrating from NemID to MitID
In the migration phase from NemID to MitID it is recommended to support both NemID and MitID for document signing as users will be migrated from October 2021 until around first half of 2022.
Timeline for MitID in E-Signing:
- Customer test:
- First version with support for SDO: planned the 9th July 2021
- Second version supporting MitID PAdES and Private MitID for companies: Planned in Q3 2021.
- Production: No release date set. December 2021 at the latest.
Note: In the first version of signing, you will need to use the "Test login" signing offered at NemLog-in. MitID signing will be available in a coming release from NemLog-in 3.
The identification before signing functionality supported for NemID and other eIDs is currently not supported for MitID
SSN (CPR) is currently not supported as a SignerID element for MitID.
There is no connection between the MitID CPR UUID and NemID PID.
Two signing formats
MitID offers two different signing formats:
In the E-Signing service, the XAdES signature will be packaged in a SDO. By using this signing format, E-Signing continues to support that several users can sign one document and that the user can sign with either MitID or NemID (or any other eID supported by E-Signing). The XAdES signature can be extracted from the SDO using the
MitID will also support PAdES as an output format directly. This can't be used in combination with NemID and it only supports one signature on each document.
Read more about MitID PAdES.
Note: E-Signing still supports a PAdES generated based on a SDO where the last page will include all signers of the document.
Read more about PAdES generated from SDO.
E-Signing offers a functionality to define the signer that will sign a specific document using a SignerID. For NemID, the SignerID is either CPR or the PID from the user's NemID certificate. For MitID, the unique SignerID is currently only the user's CPR UUID. The CPR UUID can be found in the user's signature when using the
Note: CPR is currently not supported as the SignerID as we are not getting the CPR number during the signing. We are working and investigating options so that we can support CPR number as a SignerID. We are also investigating if the MitID UUID can be set as a SignerID.
Step 1 - eID selection
The eID selection page is displayed if there are more than one possible eID to display to the user. The usage of the AcceptedPKIs element in the sign order or adding the forcepkivendor parameter to the sign URL can control the number of eIDs to display to the user.
Step 2 - read document
The document is opened in an iframe. The minimum recommended iframe height is 600px. The document title displayed is the value from the
Document -> Title element in the sign order. The reference code is set by NemLog-in3 and this is also displayed when the user authenticates.
Step 3 - authentication
The user is redirected to NemLog-in for authentication. The NemLog-in page opens in a new browser window. In the first test version of MitID signing, the customers must use the Test login tab to authenticate.
See the test users page for test users.
Step 4 - sign as private user
Select the user and sign as private user. The document title and reference code is following the transaction.
Step 5 - accept terms
The user must accept the terms to complete the signing.
Step 6 - finalizing document signing
The NemLog-in browser window is closed and the user is directed back to the document signing page. The document is now being signed and the user is directed to the wanted exit url.
Note: The reference code in this step is the same as the reference code for the entire section, but this image is taken from another signing than the above images.
Document types and sizes
The following document formats are supported using NemID:
Note: XML/XSL and HTML may be available later. If you need signing with these formats, please contact
firstname.lastname@example.org to inform us about your need.
The size limit of a document in E-Signing is set to 5 MB base64 encoded document. An encoded document adds approximately 30 % extra to a non-encoded document.
The supported PDF format is based on the PDF format supported by the NemID Signing Client with some exceptions.
See appendix D in
MitID offers PAdES as an output format when signing PDF documents and this is supported in the E-Signing service. Each PAdES may only include one signature, and if the sign order includes more than one signer of a document, E-Signing will return one PAdES for each signature.
The MitID PAdES functionality will be supported in E-Signing in the end of Q3. This documentation will be updated closer to that release.
Note: MitID PAdES can't be used in combination with NemID signing.
The E-Signing service offers the possibility to sign a document based on an authentication. To create a sign order with authentication-based signing, please have a look at the
authentication-based signing page.
The MitID specific values are listed in the table below:
|AuthenticationID||This element can be used to indicate that MitID is one of the eID's the signer can sign with. ||mitid|
The SignerID element can specify which user that will sign the document. For authentication-based signing with MitID, this is the user's CPR number.
IDValue: User CPR number
|forcepkivendor||The forcepkivendor parameter can be used to point the user directly to this eID.
Read more about forcepkivendor. ||abs:mitid|