Information for Integrator Relying Parties
Overview
Identification of Relying Parties towards Freja eID services is achieved through TLS with client authentication. This, however, may present an issue for Relying Parties that act on behalf of their own customers, i.e. other organisations, with their own branding and the requirement that the end users, consuming their services, are aware of the organisation they are interacting with.
In order to avoid the complexities of having such Relying Parties manage multiple TLS certificates, one per customer organisation, Freja eID allows annotation of such Relying Parties as "Integrators". Integrator Relying Parties are allowed to act on behalf of their customer organisations by utilising a single TLS client certificate while passing the identity of the customer organisation as a parameter to API calls. Consequently, given the branding and presentation requirements towards end users within Freja eID, organisations on whose behalf Integrator Relying Parties act on must be registered with Freja eID as ''Integrated Relying Parties''. They cannot make use of Freja eID services directly but rather through the Integrator RP they are associated with.
For each Integrated Relying Party, as well for the Integrator Relying Party itself, Freja eID generates a unique identifier called relyingPartyId. When initiating authentication and signature request, the Integrator Relying Party needs to pass relyingPartyId as an additional POST parameter in the request.
Go back to: