omniauth-suomifi 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 3bba7a20e137303ea20efd3d2d829c9e37e103b5c47d864188b50a16cce7d758
4
+ data.tar.gz: 481a5fe89956132db550b05d7ffd9e997ae377b6dafb4ba096c4e011edaf0fed
5
+ SHA512:
6
+ metadata.gz: 5e58186eca6d49643657a3e421a5417b9caf988d212c78230224ca1e0e7e0819a46c04adf19f3e94554730cb7090c1cdc786cc4e6cdac61cffe96b9ab3cccd5e
7
+ data.tar.gz: 4cac68f67dab309856e7919c2b894322dcb90370968ec2772b5b19d738486afd0b8977ec4ece944c653e65fc862372e881f9553e94ea64afceaa77cd7bd6b876
data/LICENSE ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2019 Mainio Tech Ltd.
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,656 @@
1
+ # OmniAuth Suomi.fi
2
+
3
+ [![Build Status](https://travis-ci.com/mainio/omniauth-suomifi.svg?branch=master)](https://travis-ci.com/mainio/omniauth-suomifi)
4
+ [![codecov](https://codecov.io/gh/mainio/omniauth-suomifi/branch/master/graph/badge.svg)](https://codecov.io/gh/mainio/omniauth-suomifi)
5
+
6
+ This is an unofficial OmniAuth strategy for authenticating with the Suomi.fi
7
+ e-Identification service. This is mostly a configuration wrapper around
8
+ [`omniauth-saml`](https://github.com/omniauth/omniauth-saml) which uses
9
+ [`ruby-saml`](https://github.com/onelogin/ruby-saml) for SAML 2.0 based
10
+ authentication implementation with identity providers, such as Suomi.fi.
11
+
12
+ The gem can be used to hook Ruby/Rails applications to the Suomi.fi
13
+ e-Identification service. It does not provide any strong authorization features
14
+ out of the box, as it does not know anything about the application users, but
15
+ those can be implemented using this gem and the data provided by the Suomi.fi
16
+ identification responses.
17
+
18
+ The gem has been developed by [Mainio Tech](https://www.mainiotech.fi/).
19
+
20
+ The development has been sponsored by the
21
+ [City of Helsinki](https://www.hel.fi/).
22
+
23
+ The Population Register Centre (VRK) or the Suomi.fi maintainers are not related
24
+ to this gem in any way, nor do they provide technical support for it. Please
25
+ contact the gem maintainers in case you find any issues with it.
26
+
27
+ ## Preparation
28
+
29
+ ### Permit and Legal Basis for Using Suomi.fi e-Identification
30
+
31
+ Suomi.fi requires all its users to apply for a permit to use the
32
+ e-Identification system. All production users need to have a legal basis for
33
+ using the Suomi.fi e-Identification.
34
+
35
+ The legal basis are defined in 5 § of the "Laki hallinnon yhteisistä sähköisen
36
+ asioinnin tukipalveluista" law. Please read further from Finlex:
37
+
38
+ https://www.finlex.fi/fi/laki/alkup/2016/20160571#Pidp448960448
39
+
40
+ You are allowed use the Suomi.fi e-Identification system's testing enviroment
41
+ for testing and development purposes also when you do not have a legal basis for
42
+ using it in production.
43
+
44
+ Please reserve enough time for applying the permit to use the service and plan
45
+ the introduction of the feature accordingly.
46
+
47
+ ### Join Suomi.fi Service Management
48
+
49
+ Create a Suomi.fi Service Management account at:
50
+
51
+ https://palveluhallinta.suomi.fi
52
+
53
+ After signing up, make sure your user has "edit" rights for the e-Identification
54
+ service. More about managing user rigts (in Finnish):
55
+
56
+ https://palveluhallinta.suomi.fi/fi/tuki/artikkelit/59ddee7381d2f300670b9597
57
+
58
+ ### Define the Scope of Data
59
+
60
+ Each service needs to define the scope of data and reason why they need specific
61
+ information about the identified users in case they need more than the basic
62
+ details.
63
+
64
+ The scopes of data are limited (suppea), medium-extensive (keskilaaja) and
65
+ extensive (laaja). The following list describes which information is provided
66
+ with each of these scopes, starting from the limited scope:
67
+
68
+ - No scope required (included with the "Limited" scope)
69
+ * Katso-ID (`:katso_id`), only when identifying using a Katso-ID
70
+ * Foreign person identifier (`:foreign_person_identifier`)
71
+ * eIDAS person identifier (`:eidas_person_identifier`)
72
+ * eIDAS first names (`:eidas_first_names`)
73
+ * eIDAS family names (`:eidas_family_name`)
74
+ * eIDAS date of birth (`:eidas_date_of_birth`)
75
+ - Limited
76
+ * Electronic identification number (`:electronic_identification_number`)
77
+ * National identification number (`:national_identification_number`)
78
+ * Full "common" name (`:common_name`)
79
+ * Display name (`:display_name`)
80
+ * First names (`:first_names`)
81
+ * Last name / family name (`:last_name`)
82
+ - Medium-extensive
83
+ * Email address (`:email`)
84
+ * Home municipality number (`:home_municipality_number`)
85
+ * Home municipality name in Finnish (`:home_municipality_name_fi`)
86
+ * Home municipality name in Swedish (`:home_municipality_name_sv`)
87
+ * Address information
88
+ - Permanent domestic address (`:permanent_domestic_address_street_fi`,
89
+ `:permanent_domestic_address_street_sv`,
90
+ `:permanent_domestic_address_postal_code`,
91
+ `:permanent_domestic_address_locality_fi`,
92
+ `:permanent_domestic_address_locality_sv`)
93
+ - Permanent foreign address (`:permanent_foreign_address_street`,
94
+ `:permanent_foreign_address_locality_state_fi`,
95
+ `:permanent_foreign_address_locality_state_sv`,
96
+ `:permanent_foreign_address_locality_state_plain`,
97
+ `:permanent_foreign_address_state_code`)
98
+ - Temporary domestic address (`:temporary_domestic_address_street_fi`,
99
+ `:temporary_domestic_address_street_sv`,
100
+ `:temporary_domestic_address_postal_code`,
101
+ `:temporary_domestic_address_locality_fi`,
102
+ `:temporary_domestic_address_locality_sv`)
103
+ * Information security denial (`:information_security_denial`)
104
+ - Extensive
105
+ * Finnish citizenship information (`:finnish_citizenship`)
106
+
107
+ With the more extensive scopes, also the information in the less extensive
108
+ scopes are included.
109
+
110
+ ### Prepare the Metadata
111
+
112
+ Create a certificate that you will need for the Suomi.fi metadata. For example,
113
+ the following command would create a self signed certificate that is valid for
114
+ 10 years:
115
+
116
+ ```
117
+ $ openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 \
118
+ -keyout private.key -out certificate.crt
119
+ ```
120
+
121
+ For production environments, you will need a certificate signed by a trusted CA
122
+ and it should not be the same one you use for the test environment.
123
+
124
+ Then download the sample metadata from Suomi.fi in order to prepare it according
125
+ to your environment. You will find this from the service management panel of
126
+ Suomi.fi.
127
+
128
+ Change at least the following information in the sample metadata:
129
+
130
+ - Define the `entityID` attribute for the EntityDescriptor element. This can
131
+ be e.g. `https://test.city.fi/users/auth/suomifi/metadata`
132
+ - Paste the certificate you created above to the corresponding certificate
133
+ element inside the `KeyDescriptor` element.
134
+ - Change the SAML URLs as follows:
135
+ * `<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://test.city.fi/users/auth/suomifi/slo"/>`
136
+ * `<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.city.fi/users/auth/suomifi/slo"/>`
137
+ * `<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.city.fi/users/auth/suomifi/callback" index="1" isDefault="true"/>`
138
+ - Define the scope of data according to your requirements and the instructions
139
+ in the Suomi.fi service management panel.
140
+ - Fill in all other missing details marked with `TODO`, such as service name,
141
+ description, links and logo. Refer to the Suomi.fi's own documentation for
142
+ more information.
143
+
144
+ Note that you will need to use the HTTPS URLs in your application's return URLs
145
+ because otherwise the Suomi.fi endpoints will not work. The testing mode and the
146
+ Suomi.fi testing endpoints will work correctly also using the unsecured HTTP
147
+ URLs.
148
+
149
+ ### Register the Service and Send the Metadata
150
+
151
+ Sign in to Suomi.fi Service Management and register the new service there for
152
+ testing purposes. Submit the metadata through the service registration section.
153
+
154
+ Suomi.fi maintainers will check the metadata and will approve it for test use
155
+ in case everything is OK with the data. This will take some time to complete as
156
+ it needs manual interaction from the Suomi.fi maintainers.
157
+
158
+ ## Installation and Configuration
159
+
160
+ This gem has been only tested and used with Rails applications using Devise, so
161
+ this installation guide only covers that part. In case you are interested to
162
+ learn how you can use this with other frameworks, please refer to the
163
+ [`omniauth-saml`](https://github.com/omniauth/omniauth-saml) documentation and
164
+ apply it to your needs (changing the strategy name to `:suomifi` and strategy
165
+ class to `OmniAuth::Strategies::Suomifi`).
166
+
167
+ To install this gem, add the following to your Gemfile:
168
+
169
+ ```ruby
170
+ gem 'omniauth-suomifi'
171
+ ```
172
+
173
+ For configuring the strategy for Devise, add the following in your
174
+ `config/initializers/devise.rb` file:
175
+
176
+ ```ruby
177
+ # Define the path where you have stored the certificate files.
178
+ cert_path = "/path/to/certificates/you/created"
179
+
180
+ Devise.setup do |config|
181
+ config.omniauth :suomifi,
182
+ # The mode needs to be either :production or :test depending on which
183
+ # Suomi.fi enviroment you want to hook into. Please note that you will need
184
+ # to complete most of the preparation phases even for the test environment.
185
+ mode: :test, # :production (default, can be omitted) or :test
186
+ # This can be :limited, :medium_extensive or :extensive depending on your
187
+ # needs. Refer to the documentation for more information.
188
+ scope_of_data: :medium_extensive,
189
+ # The service provider entity ID that needs to match the metadata sent to
190
+ # Suomi.fi.
191
+ sp_entity_id: 'https://www.service.fi/users/auth/suomifi/metadata',
192
+ # The certificate and its corresponding private key. The certificate (public
193
+ # part) needs to be provided to Suomi.fi as part of the metadata.
194
+ certificate_file: "#{cert_path}/certificate.crt",
195
+ private_key_file: "#{cert_path}/private.key",
196
+ # Define a salt for hashing the OmniAuth `uid` value from the personal
197
+ # identifiers. The OmniAuth `uid` should always be unique per person, which
198
+ # is why it is generated from the personal identity codes. That code may,
199
+ # however, contain personal data such as date of birth or gender, which is
200
+ # why it is hashed using this salt. For Rails, this defaults to
201
+ # `Rails.application.secrets.secret_key_base` and does not need to be
202
+ # specifically configured.
203
+ uid_salt: 'abcdef123'
204
+ end
205
+ ```
206
+
207
+ ## Identification Responses
208
+
209
+ The user's data is transmitted from Suomi.fi in the SAML authentication
210
+ response. This data will be available in the OmniAuth
211
+ [extra hash](https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema#schema-10-and-later).
212
+
213
+ In order to access the response data, you can fetch the OmniAuth extra has and
214
+ the corresponding user data in the OmniAuth callback handler, e.g. in Rails
215
+ Devise controllers as follows:
216
+
217
+ ```ruby
218
+ def saml_attributes
219
+ raw_hash = request.env["omniauth.auth"]
220
+ extra_hash = raw_hash[:extra]
221
+
222
+ # :saml_attributes contains the user's data.
223
+ # :search_success defines whether the user data was queried correctly.
224
+ extra_hash[:saml_attributes] if extra_hash[:search_success]
225
+ end
226
+ ```
227
+
228
+ ### Population Information System Search Success State
229
+
230
+ When identifying the users with the Suomi.fi e-Identification service, the
231
+ identity provider will do an external query to the population information system
232
+ about the user to fetch their personal information. In some special occasions,
233
+ this query can fail in which case the user's personal information is not
234
+ transmitted in the SAML response.
235
+
236
+ To determine whether the search was successful or not, you can fetch the
237
+ `:search_success` key from the OmniAuth extra hash. This contains a boolean
238
+ value indicating whether the search was successful or not.
239
+
240
+ This information is transmitted as a SAML attribute in the authentication
241
+ response with the name `urn:oid:1.2.246.517.3002.111.2`.
242
+
243
+ ### Personal Information Transmitted From Suomi.fi
244
+
245
+ The user's personal information transmitted from Suomi.fi can be found under
246
+ the `:saml_attributes` key in the OmniAuth extra hash described above.
247
+
248
+ This attributes hash will contain the keys described in this following
249
+ sub-sections.
250
+
251
+ Scopes of data, according to the requested scope when registering the service
252
+ with Suomi.fi:
253
+
254
+ - Limited (suppea)
255
+ - Medium-extensive (keskilaaja)
256
+ - Extensive (laaja)
257
+
258
+ #### `:electronic_identification_number`
259
+
260
+ - SAML URI: urn:oid:1.2.246.22
261
+ - SAML FriendlyName: electronicIdentificationNumber
262
+ - Scope of data: Limited
263
+
264
+ The electronic identification number (sähköinen asiointitunnus, SATU/FINUID) is
265
+ a unique electronic ID bound to the person. The ID itself does not reveal any
266
+ personal information of the person holding it unlike the national identifiers
267
+ can do.
268
+
269
+ This number is only assigned to real people and cannot be therefore determined
270
+ e.g. in the Suomi.fi testing environment. Also the non-person identities (such
271
+ as organizations) may not always hold this information.
272
+
273
+ More information available at:
274
+
275
+ https://vrk.fi/sahkoinen-henkilollisyys-ja-varmenteet
276
+
277
+ https://vrk.fi/en/electronic-identity-and-certificates
278
+
279
+ #### `:national_identification_number`
280
+
281
+ - SAML URI: urn:oid:1.2.246.21
282
+ - SAML FriendlyName: nationalIdentificationNumber
283
+ - Scope of data: Limited
284
+
285
+ The national identification number (henkilötunnus, HETU) which identifies the
286
+ Finnish citizen.
287
+
288
+ #### `:katso_id`
289
+
290
+ - SAML URI: urn:oid:1.2.246.517.3003.113.4
291
+ - SAML FriendlyName: kid
292
+ - Scope of data: Not required
293
+
294
+ User ID bound to the Katso-ID which is used to identify organizations, such as
295
+ businesses. Will not be set unless the user identifies themselves using the
296
+ Katso-ID.
297
+
298
+ More information available at:
299
+
300
+ https://vrk.fi/katso-tunnistus1
301
+
302
+ https://yritys.tunnistus.fi/
303
+
304
+ #### `:foreign_person_identifier`
305
+
306
+ - SAML URI: urn:oid:1.2.246.517.3002.111.17
307
+ - SAML FriendlyName: foreignpersonIdentifier
308
+ - Scope of data: Not defined
309
+
310
+ In case the person is identifying themselves using a foreign identity provider,
311
+ they have a foreign person identifier. This matches the
312
+ `:eidas_person_identifier` attribute when set.
313
+
314
+ #### `:email`
315
+
316
+ - SAML URI: urn:oid:0.9.2342.19200300.100.1.3
317
+ - SAML FriendlyName: mail
318
+ - Scope of data: Medium-extensive
319
+
320
+ The email address of the person in case it is stored in the Population Register
321
+ Centre database.
322
+
323
+ #### `:common_name`
324
+
325
+ - SAML URI: urn:oid:2.5.4.3
326
+ - SAML FriendlyName: cn
327
+ - Scope of data: Limited
328
+
329
+ The name of the person formatted as last name + all first names. In case the
330
+ identified entity is using a Katso-ID, contains the name of the identified
331
+ entity, e.g. the organization name.
332
+
333
+ Example:
334
+ Suomalainen Sari Säde
335
+
336
+ #### `:display_name`
337
+
338
+ - SAML URI: urn:oid:2.16.840.1.113730.3.1.241
339
+ - SAML FriendlyName: displayName
340
+ - Scope of data: Limited
341
+
342
+ The display name of the person formatted as given name + last name. This is the
343
+ format of the name that is most commonly used in real life.
344
+
345
+ Example:
346
+ Sari Suomalainen
347
+
348
+ #### `:first_names`
349
+
350
+ - SAML URI: http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName
351
+ - SAML FriendlyName: FirstName
352
+ - Scope of data: Limited
353
+
354
+ All first names of the person separated with a space character.
355
+
356
+ Example:
357
+ Sari Säde
358
+
359
+ #### `:given_name`
360
+
361
+ - SAML URI: urn:oid:2.5.4.42
362
+ - SAML FriendlyName: givenName
363
+ - Scope of data: Limited
364
+
365
+ The given name of the person, i.e. the first name of the person that is
366
+ generally used when referring to the person. Also known as "calling name"
367
+ ("kutsumanimi" in Finnish).
368
+
369
+ Example:
370
+ Sari
371
+
372
+ #### `:last_name`
373
+
374
+ - SAML URI: urn:oid:2.5.4.4
375
+ - SAML FriendlyName: sn
376
+ - Scope of data: Limited
377
+
378
+ The last name or the family name of the person.
379
+
380
+ Example:
381
+ Suomalainen
382
+
383
+ #### `:home_municipality_number`
384
+
385
+ - SAML URI: urn:oid:1.2.246.517.2002.2.18
386
+ - SAML FriendlyName: KotikuntaKuntanumero
387
+ - Scope of data: Medium-extensive
388
+
389
+ The number of the home locality (municipality) of the person.
390
+
391
+ These numbers are defined at:
392
+
393
+ http://tilastokeskus.fi/meta/luokitukset/kunta/001-2017/index.html
394
+
395
+ http://tilastokeskus.fi/meta/luokitukset/kunta/001-2017/index_en.html
396
+
397
+ #### `:home_municipality_name_fi`
398
+
399
+ - SAML URI: urn:oid:1.2.246.517.2002.2.19
400
+ - SAML FriendlyName: KotikuntaKuntaS
401
+ - Scope of data: Medium-extensive
402
+
403
+ The name of the home locality (municipality) in Finnish.
404
+
405
+ #### `:home_municipality_name_sv`
406
+
407
+ - SAML URI: urn:oid:1.2.246.517.2002.2.20
408
+ - SAML FriendlyName: KotikuntaKuntaR
409
+ - Scope of data: Medium-extensive
410
+
411
+ The name of the home locality (municipality) in Swedish.
412
+
413
+ #### `:permanent_domestic_address_street_fi`
414
+
415
+ - SAML URI: urn:oid:1.2.246.517.2002.2.4
416
+ - SAML FriendlyName: VakinainenKotimainenLahiosoiteS
417
+ - Scope of data: Medium-extensive
418
+
419
+ Street address (street name in Finnish) of the person's permanent domestic
420
+ address.
421
+
422
+ This contains the street name in Finnish, the street number of the building and
423
+ the apartment number in case of an apartment building.
424
+
425
+ Example:
426
+ Veneentekijäntie 4 A62
427
+
428
+ Maximum of 100 characters.
429
+
430
+ #### `:permanent_domestic_address_street_sv`
431
+
432
+ - SAML URI: urn:oid:1.2.246.517.2002.2.5
433
+ - SAML FriendlyName: VakinainenKotimainenLahiosoiteR
434
+ - Scope of data: Medium-extensive
435
+
436
+ Street address (street name in Swedish) of the person's permanent domestic
437
+ address.
438
+
439
+ Same as `:permanent_domestic_address_street_fi` but the street name is in
440
+ Swedish.
441
+
442
+ Example:
443
+ Båtbyggarvägen 4 A62
444
+
445
+ #### `:permanent_domestic_address_postal_code`
446
+
447
+ - SAML URI: urn:oid:1.2.246.517.2002.2.6
448
+ - SAML FriendlyName: VakinainenKotimainenLahiosoitePostinumero
449
+ - Scope of data: Medium-extensive
450
+
451
+ Postal code (street name in Swedish) of the person's permanent domestic address.
452
+
453
+ More information available at:
454
+
455
+ https://www.tilastokeskus.fi/tup/karttaaineistot/postinumeroalueet.html
456
+
457
+ #### `:permanent_domestic_address_locality_fi`
458
+
459
+ - SAML URI: urn:oid:1.2.246.517.2002.2.7
460
+ - SAML FriendlyName: VakinainenKotimainenLahiosoitePostitoimipaikkaS
461
+ - Scope of data: Medium-extensive
462
+
463
+ The locality name (in Finnish) of the person's permanent domestic address. This
464
+ is either city or municipality name.
465
+
466
+ #### `:permanent_domestic_address_locality_sv`
467
+
468
+ - SAML URI: urn:oid:1.2.246.517.2002.2.8
469
+ - SAML FriendlyName: VakinainenKotimainenLahiosoitePostitoimipaikkaR
470
+ - Scope of data: Medium-extensive
471
+
472
+ The locality name (in Swedish) of the person's permanent domestic address. This
473
+ is either city or municipality name.
474
+
475
+ #### `:permanent_foreign_address_street`
476
+
477
+ - SAML URI: urn:oid:1.2.246.517.2002.2.11
478
+ - SAML FriendlyName: VakinainenKotimainenLahiosoiteS
479
+ - Scope of data: Medium-extensive
480
+
481
+ Street address of the person's permanent foreign address.
482
+
483
+ #### `:permanent_foreign_address_locality_state_fi`
484
+
485
+ - SAML URI: urn:oid:1.2.246.517.2002.2.12
486
+ - SAML FriendlyName: VakinainenUlkomainenLahiosoitePaikkakuntaJaValtioS
487
+ - Scope of data: Medium-extensive
488
+
489
+ The postal code, locality name and state name (in Finnish) of the person's
490
+ permanent foreign address. The state name is separated with a comma from the
491
+ locality and postal code.
492
+
493
+ This element has information only when the person's state code is available in
494
+ the ISO 3166 standard.
495
+
496
+ #### `:permanent_foreign_address_locality_state_sv`
497
+
498
+ - SAML URI: urn:oid:1.2.246.517.2002.2.13
499
+ - SAML FriendlyName: VakinainenUlkomainenLahiosoitePaikkakuntaJaValtioR
500
+ - Scope of data: Medium-extensive
501
+
502
+ Same as `:permanent_foreign_address_locality_state_fi` but the state name is
503
+ in Swedish.
504
+
505
+ #### `:permanent_foreign_address_locality_state_plain`
506
+
507
+ - SAML URI: urn:oid:1.2.246.517.2002.2.14
508
+ - SAML FriendlyName: VakinainenUlkomainenLahiosoitePaikkakuntaJaValtioSelvakielinen
509
+ - Scope of data: Medium-extensive
510
+
511
+ In case the person's permanent foreign address state is not available in the
512
+ ISO 3166 standard, the address will be set in this attribute in plain text
513
+ format.
514
+
515
+ This is only set in case `:permanent_foreign_address_locality_state_fi` and
516
+ `:permanent_foreign_address_locality_state_sv` are empty.
517
+
518
+ #### `:permanent_foreign_address_state_code`
519
+
520
+ - SAML URI: urn:oid:1.2.246.517.2002.2.15
521
+ - SAML FriendlyName: VakinainenUlkomainenLahiosoiteValtiokoodi
522
+ - Scope of data: Medium-extensive
523
+
524
+ The state code (ISO 3166) of the person's permanent foreign address.
525
+
526
+ #### `:temporary_domestic_address_street_fi`
527
+
528
+ - SAML URI: urn:oid:1.2.246.517.2002.2.31
529
+ - SAML FriendlyName: TilapainenKotimainenLahiosoiteS
530
+ - Scope of data: Medium-extensive
531
+
532
+ Street address (street name in Finnish) of the person's temporary domestic
533
+ address.
534
+
535
+ This contains the street name in Finnish, the street number of the building and
536
+ the apartment number in case of an apartment building.
537
+
538
+ Example:
539
+ Veneentekijäntie 4 A62
540
+
541
+ Maximum of 100 characters.
542
+
543
+ #### `:temporary_domestic_address_street_sv`
544
+
545
+ - SAML URI: urn:oid:1.2.246.517.2002.2.32
546
+ - SAML FriendlyName: TilapainenKotimainenLahiosoiteR
547
+ - Scope of data: Medium-extensive
548
+
549
+ Street address (street name in Swedish) of the person's permanent domestic
550
+ address.
551
+
552
+ Same as `:temporary_domestic_address_street_fi` but the street name is in
553
+ Swedish.
554
+
555
+ Example:
556
+ Båtbyggarvägen 4 A62
557
+
558
+ #### `:temporary_domestic_address_postal_code`
559
+
560
+ - SAML URI: urn:oid:1.2.246.517.2002.2.33
561
+ - SAML FriendlyName: TilapainenKotimainenLahiosoitePostinumero
562
+ - Scope of data: Medium-extensive
563
+
564
+ Postal code (street name in Swedish) of the person's temporary domestic address.
565
+
566
+ More information available at:
567
+
568
+ https://www.tilastokeskus.fi/tup/karttaaineistot/postinumeroalueet.html
569
+
570
+ #### `:temporary_domestic_address_locality_fi`
571
+
572
+ - SAML URI: urn:oid:1.2.246.517.2002.2.34
573
+ - SAML FriendlyName: TilapainenKotimainenLahiosoitePostitoimipaikkaS
574
+ - Scope of data: Medium-extensive
575
+
576
+ The locality name (in Finnish) of the person's temporary domestic address. This
577
+ is either city or municipality name.
578
+
579
+ #### `:temporary_domestic_address_locality_sv`
580
+
581
+ - SAML URI: urn:oid:1.2.246.517.2002.2.35
582
+ - SAML FriendlyName: TilapainenKotimainenLahiosoitePostitoimipaikkaR
583
+ - Scope of data: Medium-extensive
584
+
585
+ The locality name (in Swedish) of the person's temporary domestic address. This
586
+ is either city or municipality name.
587
+
588
+ #### `:finnish_citizenship`
589
+
590
+ - SAML URI: urn:oid:1.2.246.517.2002.2.26
591
+ - SAML FriendlyName: SuomenKansalaisuusTietokoodi
592
+ - Scope of data: Extensive
593
+
594
+ Information whether the person is Finnish citizen. The value is `1` in case the
595
+ person is a Finnish citizen.
596
+
597
+ #### `:information_security_denial`
598
+
599
+ - SAML URI: urn:oid:1.2.246.517.2002.2.27
600
+ - SAML FriendlyName: Turvakielto
601
+ - Scope of data: Medium-extensive
602
+
603
+ Information whether the person has set an information security denial for the
604
+ Population Register Centre for providing their information to third parties. In
605
+ case this is the case, the value of this attribute will be `1`.
606
+
607
+ In case the information security denial is set, the address information will not
608
+ be transmitted over to the application with the identity response.
609
+
610
+ #### `:eidas_person_identifier`
611
+
612
+ - SAML URI: http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier
613
+ - SAML FriendlyName: PersonIdentifier
614
+ - Scope of data: Not defined
615
+
616
+ A person identifier according to the eIDAS regulation. The format depends the
617
+ issuing country and the number may be e.g. attached to the identity card and
618
+ change in case the card is changed. The identifier is unique per person, so no
619
+ two persons can hold the same identifier.
620
+
621
+ Only set for person identifying themselves using an eIDAS identity provider.
622
+
623
+ #### `:eidas_first_names`
624
+
625
+ - SAML URI: http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName
626
+ - SAML FriendlyName: FirstName
627
+ - Scope of data: Not defined
628
+
629
+ The same as `:first_names`. Duplicated for clarity that this attribute is passed
630
+ along with the other eIDAS attributes.
631
+
632
+ Only set for person identifying themselves using an eIDAS identity provider.
633
+
634
+ #### `:eidas_family_name`
635
+
636
+ - SAML URI: http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName
637
+ - SAML FriendlyName: FamilyName
638
+ - Scope of data: Not defined
639
+
640
+ The eIDAS family name of the person.
641
+
642
+ Only set for person identifying themselves using an eIDAS identity provider.
643
+
644
+ #### `:eidas_date_of_birth`
645
+
646
+ - SAML URI: http://eidas.europa.eu/attributes/naturalperson/DateOfBirth
647
+ - SAML FriendlyName: DateOfBirth
648
+ - Scope of data: Not defined
649
+
650
+ The eIDAS date of birth of the person.
651
+
652
+ Only set for person identifying themselves using an eIDAS identity provider.
653
+
654
+ ## License
655
+
656
+ MIT, see [LICENSE](LICENSE).
data/Rakefile ADDED
@@ -0,0 +1,17 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'rspec/core/rake_task'
4
+
5
+ # Run all tests, with coverage report
6
+ RSpec::Core::RakeTask.new(:coverage) do |t|
7
+ ENV['CODECOV'] = '1'
8
+ t.verbose = false
9
+ end
10
+
11
+ # Run all tests, include all
12
+ RSpec::Core::RakeTask.new(:spec) do |t|
13
+ t.verbose = false
14
+ end
15
+
16
+ # Default
17
+ task default: :coverage