User experience

​The user experience can be modified and customized based on different needs. 

Here you will find these topics:

​There are three different user presentation modes in E-Ident: pop-upstandalone​ and embedded. The E-Ident service displays the user interface in either of these modes.

Pop-up user interface

The pop-up option allows customers to present E-Ident service UI in a window partly covering their own web UI. This is modern and recommended option, giving the best user experience on both desktop and mobile devices.

Note: On mobile devices, the window will cover the entire screen.

Here is a sample of how it looks:

Pop-up UI_2.PNG

A simple pop-up can be setup with similar JavaScript code as below. The pop-up has to be opened by a user action. The example assumes that a button with id “open-popup-button” is used to start the identification flow.

<script>
  document.addEventListener("DOMContentLoaded", function() {
    document.getElementById("open-popup-button").addEventListener("click", openCenteredPopup);
  });

  window.addEventListener("focus", keepPopupInFocus);
  window.addEventListener("click", keepPopupInFocus); // Workaround for Firefox

  let popup;

  function keepPopupInFocus() {
    if (popup && !popup.closed) {
      popup.focus();
    }
  }

  function openCenteredPopup() {
    let width = 800;
    let height = 700;
    let x = window.outerWidth/2 - width/2 + window.screenX;
    let y = window.outerHeight/2 - height/2 + window.screenY;
    openPopup(x, y, width, height);
  }

  function openPopup(x, y, width, height) {
    popup = window.open("<eidentUrl>", "eident", "width=" + width + ",height=" + height + ",top=" + y + ",left=" + x);
  }
</script>

In the page given by redirect_uri parameter, closing the pop-up can be done with similar JavaScript code as below. The returned parameters like authorisation code or error message are in this example returned to the customer’s page in the main window.

<script>
  window.opener.location.href = "<get token url>" + window.location.search;
  window.close();
</script>

​Standalone user interfac​​​​e

As the name indicates, Standalone UI is designed to "stand alone on its own feet". This UI may in some cases be easiest implementation choice, as all identification UI will be handled separated at nets.eu. You will not have to make a lot of integration on you own web site, just forward the user to E-Ident, and our service will make sure the user is returned back to your site after completed authentication.

Note: You may not embed E-Ident standalone UI into an iframe on your own page.

To access the standalone UI, the following URL can be used (for customer test):

https://www.ident-preprod1.nets.eu​/its/index.html?scope=openid&response_type=code&client_id=<clientid>&redirect_uri=<redirect_uri>&state=<state>&nonce=<nonce>

The resulting page from the above URL does not require any further styling from you i.e. the end user can be directly taken to the standalone user interface E-Ident URL.​ Your logo and information text are set upon configuration in E-Ident.

E-Ident standalone UI.PNG

​​​Embedded user interface

As the name indicates, Embedded UI allows the customer to embed the identification page into a customer controlled web page. This will allow you to show the users an interface that the users are familiar with and which is associtated with your company and service.

Note: Embedded UI is no longer recommended due to various browser security restrictions when using iframe with content from a different origins than the page itself. Customer with existing services utilizing Embedded UI should consider migrating over to Pop-up UI which will give a much better user experience and flexibility.

To access the embedded UI, the following URL can be used (for customer test):

https://www.ident-preprod1.nets.eu/its/index.html?scope=openid&response_type=code&client_id=<clientid>&redirect_uri=<redirect_uri>&state=<state>&nonce=<nonce>&wi=r

​Note: The parameter wi is set with the value r for embedded user interface.

The page that is returned by the above URL can be styled with your own look-and-feel to fit your web UI. One example is to display the response from embedded UI E-Ident URL into an iframe in the customer’s web UI.

A simple iframe can be setup with similar HTML code as below.

 <iframe name="E-Ident"
     src="https://www.ident-preprod1.nets.eu/its/index.html?scope=openid&response_type=code&client_id=<clientid>&redirect_uri=<redirect_uri>&state=<state>&nonce=<nonce>&wi=r" 
     height="512" width="640">
 </iframe>

embedded ui.png

CSS styling

All CSS style elements from the CSS can be customized through the embedded UI. ​The default E-Ident CSS file can be downloaded from here: https://www.ident.nets.eu/idpp/css/default.css. ​ 

eID selection page​​​

E-Ident displays the eID selection page if the customer supports more than one eID. This page is skipped if there is only one valid eID for the current request (see description above for usage of identification request parameters). 

eID selection - css_ny.png

​Element​Description ​Defaults
​BODY: iframe​HTML body tag (root element for styling)​Width: 100%
​DIV: ipage​Page parent tag contains all other content items.
​SPAN: headerPki #h2​HTML span tag with h2 as CSS id and headerPki as class.
​FORM​A form houses all listed eIDs.
INPUT: idpchoice
#pki<1>
​Each eID provider element is an HTML input tag with pki<eID provider number> as CSS id.  
​INPUT: idpchoice_hover​The idpchoice_hover class is invoked when the mouse passes over an item in the eID provider list​

Status page​​

The status page is shown when an unexpected event occurs if you are using the SAML protocol and have not set the status URL.

Status page - css (002)_ny.png

​Element​Description
​DIV: error_logo​Icon next to status message
​DIV: error_main​Container for error messages and buttons
​DIV: ipageheader​Message heading just above the status message (some messages do not have headings)
​DIV: error​Status message text
​DIV: formcontrols​​Form control elements (input buttons and submit buttons)
​FORM #error_form​Form for input buttons
​INPUT: formcontrol​Input buttons​

CSS style sheet elements

List o the general style sheet elements. In addition, there are some eID specific elements. Those can be seen in the default CSS.
​Style sheet elements​​Description/usage
​.iframe​This class is assigned to all HTML body tags in E-Ident
​.ipage​Each page has a master div tag with an ipage class
​.idpchoice​The eID provider selection page displays each eID as a form button. Each button uses this class
​.idpchoice:hover, .idpchoice_hover​Class used for eID choices that are in focus (onMouseOver)
​.form_a​HTML links within a form
​.formcontrols​Parent class for form controls (all form controls are placed within a single div using this class)
​.formcontrol​Each form control is assigned this class
​.formcontrol:hover​Class used for form controls that are in focus
​.error_main​Alert box for displaying status messages
​.error​Status message or error message
​.error_logo​Icon next to status message
​.info​Info box
​#h0 #h1 #h2 #h3 #h4​Heading text classes (number grows as the heading size decreases. Normal heading size is h3)
​#t0 #t1 #t2 #t3 #t4​Normal text classes (number grows as the text size decreases. Normal text size is t3)
​#w0 #w1 #w2 #w3 #w4​Warning text classes (number grows as the warning size decreases. Normal text size is w3)
​#n0 #n1 #n2 #n3 #n4​Highlighted text classes (number grows as the highlight text size decreases. Highlight text size is n3)
​.main​Main container for  page
​.ipageheader​Header inside iframe
​.logo​eID logo container
​.formheader​Header inside form
​.status​Status messages inside form
​.info_body​DIV container for information to the user and input fields.
​.body​Information text
​.text​Input fields with text or number input​

Recommended IFRAME sizes

​eID ​Minimum dimension in pixels (weight x height)
​BankID (NO)​400 x 280
​BankID on mobile phones (NO)

​480 x 280 (regular GUI will be shown)

479 (or lower) x 280 (a smaller, responsive GUI will be shown)

​NemID JS client (DK)

​200 x 250 (limited mode)

500 x 450 (standard mode)

​NemID CodeFile client (DK)​500 x 200

Customer controlled user interface

Above, the three different user interface options for E-Ident has been described. There is also a possibility to use parameters appended to the identification request to control the user experience for some eIDs.

eID selection page

As a customer you may choose to create your own eID selection page. You can choose to display the eID name and the logo or similar on your own page. When the user selects the eID on your page, you need to append the amr_values (OIDC) or forcepkivendor (SAML) parameter to the identification request. Links to logo files can be found on the eID specific page.

See below for more information about the eID selection page.

eID specific user interface parameters

eID selection page​​

For customers enabled with more than one eID, end users can choose between the available eIDs.

eID selection page - updated.PNG 

​The eID selection page pictured above is an illustration of the UI of standalone and pop-up presentation modes.

The default order of eIDs is as given in the picture above. Only those eIDs that are configured on your configuration will be displayed, but then in the order as above.

Both the order and the set of eIDs can be modified using the amr_values and forcepkivendor parameter for OIDC and SAML identification requests respectively. The order the eIDs are listed when using the parameter is the order the eIDs will be displayed. The parameter may consist of all or just some of the eIDs configured on your E-Ident configuration. It is only the eIDs listed that will be displayed. If there is only one value, the page will not be shown and the end user is routed directly to the specified eID's identification page.

Status pag​e​ (only when using the SAML protocol)

Whenever an unexpected event occurs, a status page with a status message can be displayed to the end user. The status message provides the end user with a simple explanation of the cause. Sometimes a suitable remedial action is also provided. The default status page is provided by E-Ident. This can be overridden by providing a custom status page URL. The status page URL can be set either in the customer configuration or in the status parameter sent in the identification request.

error page.PNG

Note: For the OIDC protocol, the user is directed to the customer's redirect_uri with two parameters; an error_description and an error with an error code.

E-Ident in apps

E-Ident requires a web browser, so a native app will need a browser component to integrate it. The easiest way to implement this is to add a web view component to the app. On iOS you can use WkWebView, on Android you can use the standard WebView.

These classes allow you to intercept the HTTP requests. So in the OpenID Connect flow, you can intercept the redirect after authentication. This contains the authorization code, which you can extract and then send to your own backend system. Your backend can then retrieve the ID token from E-Ident. In the PKCE flow, it will also be possible to retrieve the ID token directly from a native app. Using SAML flow is also possible.

Example iOS code which intercepts the auth code and displays it in the web view and example Android code using SAML:

import android.app.Activity;
import android.graphics.Color;
import android.net.UrlQuerySanitizer;
import android.os.Bundle;
import android.webkit.WebResourceRequest;
import android.webkit.WebResourceResponse;
import android.webkit.WebView;
import android.webkit.WebViewClient;


import java.io.ByteArrayInputStream;
import java.io.InputStream;

public class MainActivity extends Activity {
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        WebView webView = prepareWebView();
        webView.loadUrl("https://www.ident-preprod1.nets.eu/its/index.html?mid=MER2&TARGET=test&wi=r");
    }


    private WebView prepareWebView() {
        WebView webView = findViewById(R.id.webview);
        webView.setWebViewClient(new WebViewClient() {

            @Override
            public boolean shouldOverrideUrlLoading(WebView view, WebResourceRequest request) {
                return false;
            }

            @Override
            public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {
                UrlQuerySanitizer sanitiser = new UrlQuerySanitizer(request.getUrl().toString());
                if (sanitiser.hasParameter("TARGET") && sanitiser.hasParameter("urt")) {

                    runOnUiThread(() -> {
                        findViewById(R.id.bg).setBackgroundColor(Color.GREEN);
                    });

                    StringBuilder content = new StringBuilder("<html><body>");
                    content.append("<html><body><h1>OK!</h1>");
                    content.append("<p><b>SAML Artifact:</b><br/>").append(sanitiser.getValue("urt")).append("</p>");
                    content.append("<p><b>Resolver URL:</b><br/>").append(request.getUrl().toString()).append("</p>");
                    content.append("</body></html>");

                    InputStream data = new ByteArrayInputStream(content.toString().getBytes());
                    return new WebResourceResponse("text/html", "UTF-8", data);
                }
                return super.shouldInterceptRequest(view, request);
            }

        });
        webView.clearCache(true);
        webView.clearHistory();
        return webView;
    }
}
import UIKit
import WebKit
import SwiftUI
 
class WebViewController: UIViewController, WKNavigationDelegate {
 
    var webView: WKWebView!
    
    override func loadView() {
        webView = WKWebView()
        webView.navigationDelegate = self
        view = webView
        
        let url = URL(string: "https://www.ident-preprod1.nets.eu/its/index.html?client_id=MER2&scope=openid&response_type=code&redirect_uri=https://www-dev-ident.bbsas.no/ti2_merchant/return.html?env=preprod&wi=r&amr_values=no_bankid")!
        webView.load(URLRequest(url: url))
    }
    
    func webView(_ webView: WKWebView, decidePolicyFor
          navigationAction: WKNavigationAction,
          decisionHandler: @escaping (WKNavigationActionPolicy) -> Swift.Void) {
 
        let url = navigationAction.request.url!
        print("url: ", url.absoluteString)
        
        let c = URLComponents(url: url, resolvingAgainstBaseURL: false)
        let code = c?.queryItems?.first(where: { $0.name == "code" })?.value
 
        if let c = code {
               //do stuff
            print("code: ", c)
 
            //this tells the webview to cancel the request
            decisionHandler(.cancel)
            
            let header = "<head><meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no'></head>"
 
            let body = "<h1>Got code</h1><p>code: " + c + "</p>"
            
            webView.loadHTMLString(header + body, baseURL: nil)
            return
       }
 
       //this tells the webview to allow the request
       decisionHandler(.allow)
 
   }
    
}

Language support

E-Ident supports the following languages:

  • English
  • Norwegian (both "bokmål" and "nynorsk" )
  • Swedish
  • Danish
  • Finnish

The standalone UI supports all these by default, but the customer may be set up with only a subset of the languages. This is set upon customer configuration.

The language presented to the end user is based on these criteria:

  • If the ui_locales (OIDC) or the locale (SAML) parameter is added to the identification request, the language specified as the value will be presented to the end user.
  • If the language parameter is not used, the language in the end user's web browser are presented.
  • If no supported languages are available in the browser or the language parameter is not used, then English as default will be displayed.

Read more about the ui_locales parameter under the Optional identification parameters for OIDC and the locale parameter under the Optional identification parameters for SAML.