Link copied to clipboard
SITHS eID
SITHS eID is a certificate-based authentication service (often used with a smart card), that enables employees (such as medical professionals) of authorities, municipalities, and county councils in Sweden to electronically identify themselves.
In the case of Specops Authentication used with a SITHS eID smart card, the card contains two certificates. One certificate is
linked to specific person’s Swedish personal number. The other is linked
to a HSA ID. The HSA ID is an identification number that is specific to
a person and this is stored in Active Directory. There are also other certificates, such as ones that enable logging in with Telia.
Configuring SITHS eID
- Sign in to Specops Authentication Web.
- Click Identity Services.
- Select SITHS eID from the list to enter the configuration page.
- In the General Configuration section, enter the Active Directory user attribute name where the SITHS eID user identifier is stored in the AD attribute name field.
- In the Select Protocol field, use the dropdown to select either Web Services Federation (WS-Federation) or Secure Assertion Markup Language (SAML, depending on the protocol your organization uses).
- In the Configuration for WS-Federation or SAML section (depending on which protocol was chosen), enter the URL for the metadata file from your identity provider in the Metadata URL field.
- Click Download metadata. Once the metadata is downloaded, additional options will appear, depending on which protocol was selected.
- WS-federation
Attribute: choose in the dropdown the attribute that matches the attribute entered aboveIf the attribute is not present in the metadata file, the field can be populated manually. - SAML
Attribute: choose in the dropdown the attribute that matches the attribute entered aboveBinding: choose between HTTP-POST and HTTP-RedirectIf the attribute is not present in the metadata file, the field can be populated manually.
Response Type: choose between A signed SAML Response with a signed Assertion, A signed SAML Response with an unsigned Assertion, and An unsigned SAML Response with a signed AssertionAuthentication Request Signing Details: mark this checkbox if the authentication request needs to be signed.If HTTP-POST is selected as the Binding, only A signed SAML Response with an unsigned Assertion is available as Response Type.If the metadata file includes this information, this box will automatically be checked.
- WS-federation
- Save the metadata file for upload to your identity provider.
- Click Save.