giosg Signicat

signicat logo

Info

This functionality is only available as separately sold product. Please contact us at sales@giosg.com in order to get more information.

Overview¶

giosg Signicat is a separately sold product, which allows our Customers to use Signicat identification. This means that you can reach a wider audience and provide your services more efficiently and conveniently.

Signicat introduction¶

Signicat authentication product allows you to verify the identity of users who log in to your online service(s). This is done by using electronic identity methods (ID methods). Integrating with Signicat gives you access to a hub of European ID methods through a single point of integration.

Prerequisites¶

Customer account must have Interaction Builder and Workflow Builder enabled and giosg script added to the website giosg - How does the v2 giosg script work.

...

Authentication¶

Log into the Signicat Dashboard
Create an OIDC client in Signicat Dashboard
In the Redirect URI field, enter https://signicat.giosgapps.com/identification/v2/auth/callback
Create a client secret. You'll need it later to create Signicat configuration in Giosg App settings.
In client settings > Advanced > Security set:
- User Info Response Type: SignedAndEncrypted
- Content encryption algorithm: A128CBC-HS256
- Requries Secret: checked
- Requries Request Object: checked
Create 2 key pairs, you'll need private keys for GiosgApp configuration. Go to client settings > Advanced > Public keys add 2 keys:
- Usage: Signing
- Usage: Encryption

Reference/demo Signicat implementation¶

Signicat demo at giosgdemo.com

Setting up Signicat¶

Install Signicat App¶

At first Giosg Signicat Identification Connector (id: 6055779c-78aa-11ee-9add-0242ac120008) app must be shared from Giosg Integrations and Apps account to Customer account. This is done by giosg. After this, you can find app as part of the Settings -> Apps.

After the installation, you should be able to configure your first Signicat setup:

Field	Description
Configuration ID	Automatically generated id
Name	Name of this configuration. Should be something which clearly defines the usecase.
Client ID	Cliend_Id from Signicat OIDC client
Signing Method	Default value is portal:ftn-auth
Signicat Host	The “Issuer URL for Client” given by Signicat, e.g. mycompany.app.signicat.com/auth/open
Scopes	`openid profile nin`
Authentication Success Workflow	Uuid of the workflow which is called after successfull identification
Authentication Fail Workflow	Uuid of the workflow which is called after failed identification
Client Secret	Cliend secret from Signicat OIDC client
Private Encryption Key	Private encryption key generated by Signicat
Private Signing Key	Private signing key generated by Signicat

Configure interaction¶

Signicat identification is activated from interaction. This interaction can be opened to the page or it can be sent by the chat agent during chat conversation.

Before chat identification example¶

Example interaction (account id: 2455)

Interaction has following custom js action configure to the button, which starts the identification:

(function signicatOpener(winParams) {
  window.open(
    "https://signicat.giosgapps.com/identification/v2/auth/login?identifier=" +
    encodeURIComponent(giosg.unpackedVisitorCid + ":" $ROOM_UUID) +
      "&" +
      Object.keys(winParams)
        .map(function (key) {
          return key + "=" + winParams[key];
        })
        .join("&"),
    "_top"
  );
})({
  config_id: $CONFIG_ID,
  referrer_url: document.location.href.split("#")[0]
});

Parameter	Description
config_id	This defines which Signicat environment is used
referrer_url	(Optional) Return url after identification. If this field is missing, default page will be used
identifier	Unique identifier for the user/session, which is passed to the workflows without changing the content. This could be for example chat_uuid & visitor_uuid.

In-chat identification example¶

Example interaction (account id: 2455)

Custom JS action on the button, which starts the identification:

(function signicatOpener(winParams) {
  window.open(
    "https://signicat.giosgapps.com/identification/v2/auth/login?identifier=" +
      document.location.search.match(/visitor_id=([a-z0-9]{32})/)[1] + ":" +
      document.location.search.match(/room_id=([\da-fA-F]{8}(\-[\da-fA-F]{4}){3}\-[\da-fA-F]{12}){1}/)[1] +
        "&" +
      Object.keys(winParams)
        .map(function (key) {
          return key + "=" + winParams[key];
        })
        .join("&"),
    "_blank"
  );
})({
  config_id: $CONFIG_ID,
  referrer_url: ""
});

Configure workflows¶

Following workflows can be used as reference for the Customer specific workflows (account id: 2455):

Succesfull authentication workflow will receive following trigger payload:

"idp_id": "070770-905D",
"name": "Väinö Tunnistus",
"family_name": "Tunnistus",
"given_name": "Väinö",
"birthdate": "1970-07-07",
"nin": "070770-905D",
"nin_type": "PERSON",
"nin_issuing_country": "FI",
"sub_legacy": "dOcYtskLo1v8uRgc4sUjbJPf6W01XbGBc87xwFCaA8A=",
"sub": "ScC-1rwMDf1-2pGBVWwLzrWH945a1KqZPNlbT75dfwM=",
"idp_issuer": "FTN",
"iss": "https://YourInstance.signicat.com/auth/open",
"aud": $client_id,
"org_id": "6747cf80-8caf-4ca7-a6d2-b589eec0fde8",
"identifier": $url_decoded_identifier_value

Failed authentication workflow will only receive indentifier and locale parameters as payload:

"identifier": $url_decoded_identifier_value,
"locale": $locale

Info

If you're using custom 'referrer_url' in your interaction, workflows should populate 'referrer_url_hash' variable. This variable is added to original 'referrer_url' provided by interaction.

Used domain(s)¶

giosg Signicat integrations uses signicat.giosgapps.com. See Giosg's Domains and IP addresses document for extra information.

Additional info¶

Please contact us at support@giosg.com in order to get more information.