SITHS eID

SITHS eID is a certificate-based authentication service (often used with a smart card), that enables employees (such as medical professionals) of authorities, municipalities, and county councils in Sweden to electronically identify themselves.

NOTE
In the case of Specops Authentication used with a SITHS eID smart card, the card contains two certificates. One certificate is linked to specific person’s Swedish personal number. The other is linked to a HSA ID. The HSA ID is an identification number that is specific to a person and this is stored in Active Directory. There are also other certificates, such as ones that enable logging in with Telia.

Configuring SITHS eID

  1. Sign in to Specops Authentication Web.
  2. Click Identity Services.
  3. Select SITHS eID from the list to enter the configuration page.
  4. In the General Configuration section, enter the Active Directory user attribute name where the SITHS eID user identifier is stored in the AD attribute name field.
  5. In the Select Protocol field, use the dropdown to select either Web Services Federation (WS-Federation) or Secure Assertion Markup Language (SAML, depending on the protocol your organization uses).
  6. In the Configuration for WS-Federation or SAML section (depending on which protocol was chosen), enter the URL for the metadata file from your identity provider in the Metadata URL field.
  7. Click Download metadata. Once the metadata is downloaded, additional options will appear, depending on which protocol was selected.
    1. WS-federation
      Attribute: choose in the dropdown the attribute that matches the attribute entered above
      NOTE
      If the attribute is not present in the metadata file, the field can be populated manually.
    2. SAML
      Attribute: choose in the dropdown the attribute that matches the attribute entered above
      NOTE
      If the attribute is not present in the metadata file, the field can be populated manually.
      Binding: choose between HTTP-POST and HTTP-Redirect
      Response Type: choose between A signed SAML Response with a signed Assertion, A signed SAML Response with an unsigned Assertion, and An unsigned SAML Response with a signed Assertion
      NOTE
      If HTTP-POST is selected as the Binding, only A signed SAML Response with an unsigned Assertion is available as Response Type.
      Authentication Request Signing Details: mark this checkbox if the authentication request needs to be signed.
      NOTE
      If the metadata file includes this information, this box will automatically be checked.
  8. Save the metadata file for upload to your identity provider.
  9. Click Save.