Planned production date: 21.08.2019
Content of this release:
Breaking out of iframe and improved responsiveness on bank selection page
This release includes two user experience improvements. During the change from the old bank interface (between Nets and the bank) to the new interface, several of the banks will not allow the usage of iframe. To have a consistent user experience all bank clients will break out of the iframe after the user has selected his/her bank.
Previously (in iframe - Aktia used as example):
Now (Aktia as sample):
Note: The Aktia UI has been updated by the bank and the new UI will be seen the days after release.
In addition, the bank selection page has been updated to be fully responsive.
New claims (OIDC) / attributes (SAML)
Nets is currently changing the interface between the E-Ident / FTN service and the Finnish banks from Tupas to OIDC/SAML. In the new interface, we will from some banks get more information about the user's name such as the given name and the family name (surname). This is information that we will return as new claims in the ID Token (OIDC) and as new attributes in the assertion (SAML). The values will be returned from the time that we change your configuration. The change will happen pr bank. The first five (Aktia, Handelsbanken, Pop pankki, Säästöpankki and OMA SP) will be done in the days after this release. The rest of the banks will come one by one when they are made available.
The new claim/attribute values are:
See also the
SAML specification pages.
OIDC compliance fix
When an error occurs during authentication, E-Ident returns a specific code. After an earlier change, E-Ident returned this code in the "error" parameter. This is not compliant with the OIDC standard. After this change, E-Ident will return either "cancel" or "server_error" in the error parameter. The specific error code is still returned in the "code" parameter.
Content of this release:
Control the CPR number handling
For NemID to a private person, the handling of CPR number can now be controlled for each identification request. To do this, you need to do one of following (dependent on protocol you use):
OIDC: Set the scope parameter to ssn (in addition to other values)
SAML: Append the returnssn=true parameter to the identification request.
When this is set, the user will be prompted for their CPR number and this will be returned in the ID Token (OIDC) and Assertion (SAML).
Up until now the handling of CPR number has been a configuration setting on the customer configuration. To be backward compatible, this setting is still set for all existing customers. To turn off this setting, please contact support.