omniauth-suomifi 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/LICENSE +22 -0
- data/README.md +656 -0
- data/Rakefile +17 -0
- data/lib/omniauth/strategies/suomifi.rb +608 -0
- data/lib/omniauth-suomifi/test/certificate_generator.rb +51 -0
- data/lib/omniauth-suomifi/test/templates/encrypted_data_template.xml +29 -0
- data/lib/omniauth-suomifi/test/utility.rb +65 -0
- data/lib/omniauth-suomifi/test/xml_encryptor.rb +90 -0
- data/lib/omniauth-suomifi/test.rb +12 -0
- data/lib/omniauth-suomifi/version.rb +7 -0
- data/lib/omniauth-suomifi.rb +4 -0
- metadata +158 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 3bba7a20e137303ea20efd3d2d829c9e37e103b5c47d864188b50a16cce7d758
|
4
|
+
data.tar.gz: 481a5fe89956132db550b05d7ffd9e997ae377b6dafb4ba096c4e011edaf0fed
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 5e58186eca6d49643657a3e421a5417b9caf988d212c78230224ca1e0e7e0819a46c04adf19f3e94554730cb7090c1cdc786cc4e6cdac61cffe96b9ab3cccd5e
|
7
|
+
data.tar.gz: 4cac68f67dab309856e7919c2b894322dcb90370968ec2772b5b19d738486afd0b8977ec4ece944c653e65fc862372e881f9553e94ea64afceaa77cd7bd6b876
|
data/LICENSE
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2019 Mainio Tech Ltd.
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,656 @@
|
|
1
|
+
# OmniAuth Suomi.fi
|
2
|
+
|
3
|
+
[](https://travis-ci.com/mainio/omniauth-suomifi)
|
4
|
+
[](https://codecov.io/gh/mainio/omniauth-suomifi)
|
5
|
+
|
6
|
+
This is an unofficial OmniAuth strategy for authenticating with the Suomi.fi
|
7
|
+
e-Identification service. This is mostly a configuration wrapper around
|
8
|
+
[`omniauth-saml`](https://github.com/omniauth/omniauth-saml) which uses
|
9
|
+
[`ruby-saml`](https://github.com/onelogin/ruby-saml) for SAML 2.0 based
|
10
|
+
authentication implementation with identity providers, such as Suomi.fi.
|
11
|
+
|
12
|
+
The gem can be used to hook Ruby/Rails applications to the Suomi.fi
|
13
|
+
e-Identification service. It does not provide any strong authorization features
|
14
|
+
out of the box, as it does not know anything about the application users, but
|
15
|
+
those can be implemented using this gem and the data provided by the Suomi.fi
|
16
|
+
identification responses.
|
17
|
+
|
18
|
+
The gem has been developed by [Mainio Tech](https://www.mainiotech.fi/).
|
19
|
+
|
20
|
+
The development has been sponsored by the
|
21
|
+
[City of Helsinki](https://www.hel.fi/).
|
22
|
+
|
23
|
+
The Population Register Centre (VRK) or the Suomi.fi maintainers are not related
|
24
|
+
to this gem in any way, nor do they provide technical support for it. Please
|
25
|
+
contact the gem maintainers in case you find any issues with it.
|
26
|
+
|
27
|
+
## Preparation
|
28
|
+
|
29
|
+
### Permit and Legal Basis for Using Suomi.fi e-Identification
|
30
|
+
|
31
|
+
Suomi.fi requires all its users to apply for a permit to use the
|
32
|
+
e-Identification system. All production users need to have a legal basis for
|
33
|
+
using the Suomi.fi e-Identification.
|
34
|
+
|
35
|
+
The legal basis are defined in 5 § of the "Laki hallinnon yhteisistä sähköisen
|
36
|
+
asioinnin tukipalveluista" law. Please read further from Finlex:
|
37
|
+
|
38
|
+
https://www.finlex.fi/fi/laki/alkup/2016/20160571#Pidp448960448
|
39
|
+
|
40
|
+
You are allowed use the Suomi.fi e-Identification system's testing enviroment
|
41
|
+
for testing and development purposes also when you do not have a legal basis for
|
42
|
+
using it in production.
|
43
|
+
|
44
|
+
Please reserve enough time for applying the permit to use the service and plan
|
45
|
+
the introduction of the feature accordingly.
|
46
|
+
|
47
|
+
### Join Suomi.fi Service Management
|
48
|
+
|
49
|
+
Create a Suomi.fi Service Management account at:
|
50
|
+
|
51
|
+
https://palveluhallinta.suomi.fi
|
52
|
+
|
53
|
+
After signing up, make sure your user has "edit" rights for the e-Identification
|
54
|
+
service. More about managing user rigts (in Finnish):
|
55
|
+
|
56
|
+
https://palveluhallinta.suomi.fi/fi/tuki/artikkelit/59ddee7381d2f300670b9597
|
57
|
+
|
58
|
+
### Define the Scope of Data
|
59
|
+
|
60
|
+
Each service needs to define the scope of data and reason why they need specific
|
61
|
+
information about the identified users in case they need more than the basic
|
62
|
+
details.
|
63
|
+
|
64
|
+
The scopes of data are limited (suppea), medium-extensive (keskilaaja) and
|
65
|
+
extensive (laaja). The following list describes which information is provided
|
66
|
+
with each of these scopes, starting from the limited scope:
|
67
|
+
|
68
|
+
- No scope required (included with the "Limited" scope)
|
69
|
+
* Katso-ID (`:katso_id`), only when identifying using a Katso-ID
|
70
|
+
* Foreign person identifier (`:foreign_person_identifier`)
|
71
|
+
* eIDAS person identifier (`:eidas_person_identifier`)
|
72
|
+
* eIDAS first names (`:eidas_first_names`)
|
73
|
+
* eIDAS family names (`:eidas_family_name`)
|
74
|
+
* eIDAS date of birth (`:eidas_date_of_birth`)
|
75
|
+
- Limited
|
76
|
+
* Electronic identification number (`:electronic_identification_number`)
|
77
|
+
* National identification number (`:national_identification_number`)
|
78
|
+
* Full "common" name (`:common_name`)
|
79
|
+
* Display name (`:display_name`)
|
80
|
+
* First names (`:first_names`)
|
81
|
+
* Last name / family name (`:last_name`)
|
82
|
+
- Medium-extensive
|
83
|
+
* Email address (`:email`)
|
84
|
+
* Home municipality number (`:home_municipality_number`)
|
85
|
+
* Home municipality name in Finnish (`:home_municipality_name_fi`)
|
86
|
+
* Home municipality name in Swedish (`:home_municipality_name_sv`)
|
87
|
+
* Address information
|
88
|
+
- Permanent domestic address (`:permanent_domestic_address_street_fi`,
|
89
|
+
`:permanent_domestic_address_street_sv`,
|
90
|
+
`:permanent_domestic_address_postal_code`,
|
91
|
+
`:permanent_domestic_address_locality_fi`,
|
92
|
+
`:permanent_domestic_address_locality_sv`)
|
93
|
+
- Permanent foreign address (`:permanent_foreign_address_street`,
|
94
|
+
`:permanent_foreign_address_locality_state_fi`,
|
95
|
+
`:permanent_foreign_address_locality_state_sv`,
|
96
|
+
`:permanent_foreign_address_locality_state_plain`,
|
97
|
+
`:permanent_foreign_address_state_code`)
|
98
|
+
- Temporary domestic address (`:temporary_domestic_address_street_fi`,
|
99
|
+
`:temporary_domestic_address_street_sv`,
|
100
|
+
`:temporary_domestic_address_postal_code`,
|
101
|
+
`:temporary_domestic_address_locality_fi`,
|
102
|
+
`:temporary_domestic_address_locality_sv`)
|
103
|
+
* Information security denial (`:information_security_denial`)
|
104
|
+
- Extensive
|
105
|
+
* Finnish citizenship information (`:finnish_citizenship`)
|
106
|
+
|
107
|
+
With the more extensive scopes, also the information in the less extensive
|
108
|
+
scopes are included.
|
109
|
+
|
110
|
+
### Prepare the Metadata
|
111
|
+
|
112
|
+
Create a certificate that you will need for the Suomi.fi metadata. For example,
|
113
|
+
the following command would create a self signed certificate that is valid for
|
114
|
+
10 years:
|
115
|
+
|
116
|
+
```
|
117
|
+
$ openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 \
|
118
|
+
-keyout private.key -out certificate.crt
|
119
|
+
```
|
120
|
+
|
121
|
+
For production environments, you will need a certificate signed by a trusted CA
|
122
|
+
and it should not be the same one you use for the test environment.
|
123
|
+
|
124
|
+
Then download the sample metadata from Suomi.fi in order to prepare it according
|
125
|
+
to your environment. You will find this from the service management panel of
|
126
|
+
Suomi.fi.
|
127
|
+
|
128
|
+
Change at least the following information in the sample metadata:
|
129
|
+
|
130
|
+
- Define the `entityID` attribute for the EntityDescriptor element. This can
|
131
|
+
be e.g. `https://test.city.fi/users/auth/suomifi/metadata`
|
132
|
+
- Paste the certificate you created above to the corresponding certificate
|
133
|
+
element inside the `KeyDescriptor` element.
|
134
|
+
- Change the SAML URLs as follows:
|
135
|
+
* `<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://test.city.fi/users/auth/suomifi/slo"/>`
|
136
|
+
* `<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.city.fi/users/auth/suomifi/slo"/>`
|
137
|
+
* `<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://test.city.fi/users/auth/suomifi/callback" index="1" isDefault="true"/>`
|
138
|
+
- Define the scope of data according to your requirements and the instructions
|
139
|
+
in the Suomi.fi service management panel.
|
140
|
+
- Fill in all other missing details marked with `TODO`, such as service name,
|
141
|
+
description, links and logo. Refer to the Suomi.fi's own documentation for
|
142
|
+
more information.
|
143
|
+
|
144
|
+
Note that you will need to use the HTTPS URLs in your application's return URLs
|
145
|
+
because otherwise the Suomi.fi endpoints will not work. The testing mode and the
|
146
|
+
Suomi.fi testing endpoints will work correctly also using the unsecured HTTP
|
147
|
+
URLs.
|
148
|
+
|
149
|
+
### Register the Service and Send the Metadata
|
150
|
+
|
151
|
+
Sign in to Suomi.fi Service Management and register the new service there for
|
152
|
+
testing purposes. Submit the metadata through the service registration section.
|
153
|
+
|
154
|
+
Suomi.fi maintainers will check the metadata and will approve it for test use
|
155
|
+
in case everything is OK with the data. This will take some time to complete as
|
156
|
+
it needs manual interaction from the Suomi.fi maintainers.
|
157
|
+
|
158
|
+
## Installation and Configuration
|
159
|
+
|
160
|
+
This gem has been only tested and used with Rails applications using Devise, so
|
161
|
+
this installation guide only covers that part. In case you are interested to
|
162
|
+
learn how you can use this with other frameworks, please refer to the
|
163
|
+
[`omniauth-saml`](https://github.com/omniauth/omniauth-saml) documentation and
|
164
|
+
apply it to your needs (changing the strategy name to `:suomifi` and strategy
|
165
|
+
class to `OmniAuth::Strategies::Suomifi`).
|
166
|
+
|
167
|
+
To install this gem, add the following to your Gemfile:
|
168
|
+
|
169
|
+
```ruby
|
170
|
+
gem 'omniauth-suomifi'
|
171
|
+
```
|
172
|
+
|
173
|
+
For configuring the strategy for Devise, add the following in your
|
174
|
+
`config/initializers/devise.rb` file:
|
175
|
+
|
176
|
+
```ruby
|
177
|
+
# Define the path where you have stored the certificate files.
|
178
|
+
cert_path = "/path/to/certificates/you/created"
|
179
|
+
|
180
|
+
Devise.setup do |config|
|
181
|
+
config.omniauth :suomifi,
|
182
|
+
# The mode needs to be either :production or :test depending on which
|
183
|
+
# Suomi.fi enviroment you want to hook into. Please note that you will need
|
184
|
+
# to complete most of the preparation phases even for the test environment.
|
185
|
+
mode: :test, # :production (default, can be omitted) or :test
|
186
|
+
# This can be :limited, :medium_extensive or :extensive depending on your
|
187
|
+
# needs. Refer to the documentation for more information.
|
188
|
+
scope_of_data: :medium_extensive,
|
189
|
+
# The service provider entity ID that needs to match the metadata sent to
|
190
|
+
# Suomi.fi.
|
191
|
+
sp_entity_id: 'https://www.service.fi/users/auth/suomifi/metadata',
|
192
|
+
# The certificate and its corresponding private key. The certificate (public
|
193
|
+
# part) needs to be provided to Suomi.fi as part of the metadata.
|
194
|
+
certificate_file: "#{cert_path}/certificate.crt",
|
195
|
+
private_key_file: "#{cert_path}/private.key",
|
196
|
+
# Define a salt for hashing the OmniAuth `uid` value from the personal
|
197
|
+
# identifiers. The OmniAuth `uid` should always be unique per person, which
|
198
|
+
# is why it is generated from the personal identity codes. That code may,
|
199
|
+
# however, contain personal data such as date of birth or gender, which is
|
200
|
+
# why it is hashed using this salt. For Rails, this defaults to
|
201
|
+
# `Rails.application.secrets.secret_key_base` and does not need to be
|
202
|
+
# specifically configured.
|
203
|
+
uid_salt: 'abcdef123'
|
204
|
+
end
|
205
|
+
```
|
206
|
+
|
207
|
+
## Identification Responses
|
208
|
+
|
209
|
+
The user's data is transmitted from Suomi.fi in the SAML authentication
|
210
|
+
response. This data will be available in the OmniAuth
|
211
|
+
[extra hash](https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema#schema-10-and-later).
|
212
|
+
|
213
|
+
In order to access the response data, you can fetch the OmniAuth extra has and
|
214
|
+
the corresponding user data in the OmniAuth callback handler, e.g. in Rails
|
215
|
+
Devise controllers as follows:
|
216
|
+
|
217
|
+
```ruby
|
218
|
+
def saml_attributes
|
219
|
+
raw_hash = request.env["omniauth.auth"]
|
220
|
+
extra_hash = raw_hash[:extra]
|
221
|
+
|
222
|
+
# :saml_attributes contains the user's data.
|
223
|
+
# :search_success defines whether the user data was queried correctly.
|
224
|
+
extra_hash[:saml_attributes] if extra_hash[:search_success]
|
225
|
+
end
|
226
|
+
```
|
227
|
+
|
228
|
+
### Population Information System Search Success State
|
229
|
+
|
230
|
+
When identifying the users with the Suomi.fi e-Identification service, the
|
231
|
+
identity provider will do an external query to the population information system
|
232
|
+
about the user to fetch their personal information. In some special occasions,
|
233
|
+
this query can fail in which case the user's personal information is not
|
234
|
+
transmitted in the SAML response.
|
235
|
+
|
236
|
+
To determine whether the search was successful or not, you can fetch the
|
237
|
+
`:search_success` key from the OmniAuth extra hash. This contains a boolean
|
238
|
+
value indicating whether the search was successful or not.
|
239
|
+
|
240
|
+
This information is transmitted as a SAML attribute in the authentication
|
241
|
+
response with the name `urn:oid:1.2.246.517.3002.111.2`.
|
242
|
+
|
243
|
+
### Personal Information Transmitted From Suomi.fi
|
244
|
+
|
245
|
+
The user's personal information transmitted from Suomi.fi can be found under
|
246
|
+
the `:saml_attributes` key in the OmniAuth extra hash described above.
|
247
|
+
|
248
|
+
This attributes hash will contain the keys described in this following
|
249
|
+
sub-sections.
|
250
|
+
|
251
|
+
Scopes of data, according to the requested scope when registering the service
|
252
|
+
with Suomi.fi:
|
253
|
+
|
254
|
+
- Limited (suppea)
|
255
|
+
- Medium-extensive (keskilaaja)
|
256
|
+
- Extensive (laaja)
|
257
|
+
|
258
|
+
#### `:electronic_identification_number`
|
259
|
+
|
260
|
+
- SAML URI: urn:oid:1.2.246.22
|
261
|
+
- SAML FriendlyName: electronicIdentificationNumber
|
262
|
+
- Scope of data: Limited
|
263
|
+
|
264
|
+
The electronic identification number (sähköinen asiointitunnus, SATU/FINUID) is
|
265
|
+
a unique electronic ID bound to the person. The ID itself does not reveal any
|
266
|
+
personal information of the person holding it unlike the national identifiers
|
267
|
+
can do.
|
268
|
+
|
269
|
+
This number is only assigned to real people and cannot be therefore determined
|
270
|
+
e.g. in the Suomi.fi testing environment. Also the non-person identities (such
|
271
|
+
as organizations) may not always hold this information.
|
272
|
+
|
273
|
+
More information available at:
|
274
|
+
|
275
|
+
https://vrk.fi/sahkoinen-henkilollisyys-ja-varmenteet
|
276
|
+
|
277
|
+
https://vrk.fi/en/electronic-identity-and-certificates
|
278
|
+
|
279
|
+
#### `:national_identification_number`
|
280
|
+
|
281
|
+
- SAML URI: urn:oid:1.2.246.21
|
282
|
+
- SAML FriendlyName: nationalIdentificationNumber
|
283
|
+
- Scope of data: Limited
|
284
|
+
|
285
|
+
The national identification number (henkilötunnus, HETU) which identifies the
|
286
|
+
Finnish citizen.
|
287
|
+
|
288
|
+
#### `:katso_id`
|
289
|
+
|
290
|
+
- SAML URI: urn:oid:1.2.246.517.3003.113.4
|
291
|
+
- SAML FriendlyName: kid
|
292
|
+
- Scope of data: Not required
|
293
|
+
|
294
|
+
User ID bound to the Katso-ID which is used to identify organizations, such as
|
295
|
+
businesses. Will not be set unless the user identifies themselves using the
|
296
|
+
Katso-ID.
|
297
|
+
|
298
|
+
More information available at:
|
299
|
+
|
300
|
+
https://vrk.fi/katso-tunnistus1
|
301
|
+
|
302
|
+
https://yritys.tunnistus.fi/
|
303
|
+
|
304
|
+
#### `:foreign_person_identifier`
|
305
|
+
|
306
|
+
- SAML URI: urn:oid:1.2.246.517.3002.111.17
|
307
|
+
- SAML FriendlyName: foreignpersonIdentifier
|
308
|
+
- Scope of data: Not defined
|
309
|
+
|
310
|
+
In case the person is identifying themselves using a foreign identity provider,
|
311
|
+
they have a foreign person identifier. This matches the
|
312
|
+
`:eidas_person_identifier` attribute when set.
|
313
|
+
|
314
|
+
#### `:email`
|
315
|
+
|
316
|
+
- SAML URI: urn:oid:0.9.2342.19200300.100.1.3
|
317
|
+
- SAML FriendlyName: mail
|
318
|
+
- Scope of data: Medium-extensive
|
319
|
+
|
320
|
+
The email address of the person in case it is stored in the Population Register
|
321
|
+
Centre database.
|
322
|
+
|
323
|
+
#### `:common_name`
|
324
|
+
|
325
|
+
- SAML URI: urn:oid:2.5.4.3
|
326
|
+
- SAML FriendlyName: cn
|
327
|
+
- Scope of data: Limited
|
328
|
+
|
329
|
+
The name of the person formatted as last name + all first names. In case the
|
330
|
+
identified entity is using a Katso-ID, contains the name of the identified
|
331
|
+
entity, e.g. the organization name.
|
332
|
+
|
333
|
+
Example:
|
334
|
+
Suomalainen Sari Säde
|
335
|
+
|
336
|
+
#### `:display_name`
|
337
|
+
|
338
|
+
- SAML URI: urn:oid:2.16.840.1.113730.3.1.241
|
339
|
+
- SAML FriendlyName: displayName
|
340
|
+
- Scope of data: Limited
|
341
|
+
|
342
|
+
The display name of the person formatted as given name + last name. This is the
|
343
|
+
format of the name that is most commonly used in real life.
|
344
|
+
|
345
|
+
Example:
|
346
|
+
Sari Suomalainen
|
347
|
+
|
348
|
+
#### `:first_names`
|
349
|
+
|
350
|
+
- SAML URI: http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName
|
351
|
+
- SAML FriendlyName: FirstName
|
352
|
+
- Scope of data: Limited
|
353
|
+
|
354
|
+
All first names of the person separated with a space character.
|
355
|
+
|
356
|
+
Example:
|
357
|
+
Sari Säde
|
358
|
+
|
359
|
+
#### `:given_name`
|
360
|
+
|
361
|
+
- SAML URI: urn:oid:2.5.4.42
|
362
|
+
- SAML FriendlyName: givenName
|
363
|
+
- Scope of data: Limited
|
364
|
+
|
365
|
+
The given name of the person, i.e. the first name of the person that is
|
366
|
+
generally used when referring to the person. Also known as "calling name"
|
367
|
+
("kutsumanimi" in Finnish).
|
368
|
+
|
369
|
+
Example:
|
370
|
+
Sari
|
371
|
+
|
372
|
+
#### `:last_name`
|
373
|
+
|
374
|
+
- SAML URI: urn:oid:2.5.4.4
|
375
|
+
- SAML FriendlyName: sn
|
376
|
+
- Scope of data: Limited
|
377
|
+
|
378
|
+
The last name or the family name of the person.
|
379
|
+
|
380
|
+
Example:
|
381
|
+
Suomalainen
|
382
|
+
|
383
|
+
#### `:home_municipality_number`
|
384
|
+
|
385
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.18
|
386
|
+
- SAML FriendlyName: KotikuntaKuntanumero
|
387
|
+
- Scope of data: Medium-extensive
|
388
|
+
|
389
|
+
The number of the home locality (municipality) of the person.
|
390
|
+
|
391
|
+
These numbers are defined at:
|
392
|
+
|
393
|
+
http://tilastokeskus.fi/meta/luokitukset/kunta/001-2017/index.html
|
394
|
+
|
395
|
+
http://tilastokeskus.fi/meta/luokitukset/kunta/001-2017/index_en.html
|
396
|
+
|
397
|
+
#### `:home_municipality_name_fi`
|
398
|
+
|
399
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.19
|
400
|
+
- SAML FriendlyName: KotikuntaKuntaS
|
401
|
+
- Scope of data: Medium-extensive
|
402
|
+
|
403
|
+
The name of the home locality (municipality) in Finnish.
|
404
|
+
|
405
|
+
#### `:home_municipality_name_sv`
|
406
|
+
|
407
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.20
|
408
|
+
- SAML FriendlyName: KotikuntaKuntaR
|
409
|
+
- Scope of data: Medium-extensive
|
410
|
+
|
411
|
+
The name of the home locality (municipality) in Swedish.
|
412
|
+
|
413
|
+
#### `:permanent_domestic_address_street_fi`
|
414
|
+
|
415
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.4
|
416
|
+
- SAML FriendlyName: VakinainenKotimainenLahiosoiteS
|
417
|
+
- Scope of data: Medium-extensive
|
418
|
+
|
419
|
+
Street address (street name in Finnish) of the person's permanent domestic
|
420
|
+
address.
|
421
|
+
|
422
|
+
This contains the street name in Finnish, the street number of the building and
|
423
|
+
the apartment number in case of an apartment building.
|
424
|
+
|
425
|
+
Example:
|
426
|
+
Veneentekijäntie 4 A62
|
427
|
+
|
428
|
+
Maximum of 100 characters.
|
429
|
+
|
430
|
+
#### `:permanent_domestic_address_street_sv`
|
431
|
+
|
432
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.5
|
433
|
+
- SAML FriendlyName: VakinainenKotimainenLahiosoiteR
|
434
|
+
- Scope of data: Medium-extensive
|
435
|
+
|
436
|
+
Street address (street name in Swedish) of the person's permanent domestic
|
437
|
+
address.
|
438
|
+
|
439
|
+
Same as `:permanent_domestic_address_street_fi` but the street name is in
|
440
|
+
Swedish.
|
441
|
+
|
442
|
+
Example:
|
443
|
+
Båtbyggarvägen 4 A62
|
444
|
+
|
445
|
+
#### `:permanent_domestic_address_postal_code`
|
446
|
+
|
447
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.6
|
448
|
+
- SAML FriendlyName: VakinainenKotimainenLahiosoitePostinumero
|
449
|
+
- Scope of data: Medium-extensive
|
450
|
+
|
451
|
+
Postal code (street name in Swedish) of the person's permanent domestic address.
|
452
|
+
|
453
|
+
More information available at:
|
454
|
+
|
455
|
+
https://www.tilastokeskus.fi/tup/karttaaineistot/postinumeroalueet.html
|
456
|
+
|
457
|
+
#### `:permanent_domestic_address_locality_fi`
|
458
|
+
|
459
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.7
|
460
|
+
- SAML FriendlyName: VakinainenKotimainenLahiosoitePostitoimipaikkaS
|
461
|
+
- Scope of data: Medium-extensive
|
462
|
+
|
463
|
+
The locality name (in Finnish) of the person's permanent domestic address. This
|
464
|
+
is either city or municipality name.
|
465
|
+
|
466
|
+
#### `:permanent_domestic_address_locality_sv`
|
467
|
+
|
468
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.8
|
469
|
+
- SAML FriendlyName: VakinainenKotimainenLahiosoitePostitoimipaikkaR
|
470
|
+
- Scope of data: Medium-extensive
|
471
|
+
|
472
|
+
The locality name (in Swedish) of the person's permanent domestic address. This
|
473
|
+
is either city or municipality name.
|
474
|
+
|
475
|
+
#### `:permanent_foreign_address_street`
|
476
|
+
|
477
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.11
|
478
|
+
- SAML FriendlyName: VakinainenKotimainenLahiosoiteS
|
479
|
+
- Scope of data: Medium-extensive
|
480
|
+
|
481
|
+
Street address of the person's permanent foreign address.
|
482
|
+
|
483
|
+
#### `:permanent_foreign_address_locality_state_fi`
|
484
|
+
|
485
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.12
|
486
|
+
- SAML FriendlyName: VakinainenUlkomainenLahiosoitePaikkakuntaJaValtioS
|
487
|
+
- Scope of data: Medium-extensive
|
488
|
+
|
489
|
+
The postal code, locality name and state name (in Finnish) of the person's
|
490
|
+
permanent foreign address. The state name is separated with a comma from the
|
491
|
+
locality and postal code.
|
492
|
+
|
493
|
+
This element has information only when the person's state code is available in
|
494
|
+
the ISO 3166 standard.
|
495
|
+
|
496
|
+
#### `:permanent_foreign_address_locality_state_sv`
|
497
|
+
|
498
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.13
|
499
|
+
- SAML FriendlyName: VakinainenUlkomainenLahiosoitePaikkakuntaJaValtioR
|
500
|
+
- Scope of data: Medium-extensive
|
501
|
+
|
502
|
+
Same as `:permanent_foreign_address_locality_state_fi` but the state name is
|
503
|
+
in Swedish.
|
504
|
+
|
505
|
+
#### `:permanent_foreign_address_locality_state_plain`
|
506
|
+
|
507
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.14
|
508
|
+
- SAML FriendlyName: VakinainenUlkomainenLahiosoitePaikkakuntaJaValtioSelvakielinen
|
509
|
+
- Scope of data: Medium-extensive
|
510
|
+
|
511
|
+
In case the person's permanent foreign address state is not available in the
|
512
|
+
ISO 3166 standard, the address will be set in this attribute in plain text
|
513
|
+
format.
|
514
|
+
|
515
|
+
This is only set in case `:permanent_foreign_address_locality_state_fi` and
|
516
|
+
`:permanent_foreign_address_locality_state_sv` are empty.
|
517
|
+
|
518
|
+
#### `:permanent_foreign_address_state_code`
|
519
|
+
|
520
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.15
|
521
|
+
- SAML FriendlyName: VakinainenUlkomainenLahiosoiteValtiokoodi
|
522
|
+
- Scope of data: Medium-extensive
|
523
|
+
|
524
|
+
The state code (ISO 3166) of the person's permanent foreign address.
|
525
|
+
|
526
|
+
#### `:temporary_domestic_address_street_fi`
|
527
|
+
|
528
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.31
|
529
|
+
- SAML FriendlyName: TilapainenKotimainenLahiosoiteS
|
530
|
+
- Scope of data: Medium-extensive
|
531
|
+
|
532
|
+
Street address (street name in Finnish) of the person's temporary domestic
|
533
|
+
address.
|
534
|
+
|
535
|
+
This contains the street name in Finnish, the street number of the building and
|
536
|
+
the apartment number in case of an apartment building.
|
537
|
+
|
538
|
+
Example:
|
539
|
+
Veneentekijäntie 4 A62
|
540
|
+
|
541
|
+
Maximum of 100 characters.
|
542
|
+
|
543
|
+
#### `:temporary_domestic_address_street_sv`
|
544
|
+
|
545
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.32
|
546
|
+
- SAML FriendlyName: TilapainenKotimainenLahiosoiteR
|
547
|
+
- Scope of data: Medium-extensive
|
548
|
+
|
549
|
+
Street address (street name in Swedish) of the person's permanent domestic
|
550
|
+
address.
|
551
|
+
|
552
|
+
Same as `:temporary_domestic_address_street_fi` but the street name is in
|
553
|
+
Swedish.
|
554
|
+
|
555
|
+
Example:
|
556
|
+
Båtbyggarvägen 4 A62
|
557
|
+
|
558
|
+
#### `:temporary_domestic_address_postal_code`
|
559
|
+
|
560
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.33
|
561
|
+
- SAML FriendlyName: TilapainenKotimainenLahiosoitePostinumero
|
562
|
+
- Scope of data: Medium-extensive
|
563
|
+
|
564
|
+
Postal code (street name in Swedish) of the person's temporary domestic address.
|
565
|
+
|
566
|
+
More information available at:
|
567
|
+
|
568
|
+
https://www.tilastokeskus.fi/tup/karttaaineistot/postinumeroalueet.html
|
569
|
+
|
570
|
+
#### `:temporary_domestic_address_locality_fi`
|
571
|
+
|
572
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.34
|
573
|
+
- SAML FriendlyName: TilapainenKotimainenLahiosoitePostitoimipaikkaS
|
574
|
+
- Scope of data: Medium-extensive
|
575
|
+
|
576
|
+
The locality name (in Finnish) of the person's temporary domestic address. This
|
577
|
+
is either city or municipality name.
|
578
|
+
|
579
|
+
#### `:temporary_domestic_address_locality_sv`
|
580
|
+
|
581
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.35
|
582
|
+
- SAML FriendlyName: TilapainenKotimainenLahiosoitePostitoimipaikkaR
|
583
|
+
- Scope of data: Medium-extensive
|
584
|
+
|
585
|
+
The locality name (in Swedish) of the person's temporary domestic address. This
|
586
|
+
is either city or municipality name.
|
587
|
+
|
588
|
+
#### `:finnish_citizenship`
|
589
|
+
|
590
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.26
|
591
|
+
- SAML FriendlyName: SuomenKansalaisuusTietokoodi
|
592
|
+
- Scope of data: Extensive
|
593
|
+
|
594
|
+
Information whether the person is Finnish citizen. The value is `1` in case the
|
595
|
+
person is a Finnish citizen.
|
596
|
+
|
597
|
+
#### `:information_security_denial`
|
598
|
+
|
599
|
+
- SAML URI: urn:oid:1.2.246.517.2002.2.27
|
600
|
+
- SAML FriendlyName: Turvakielto
|
601
|
+
- Scope of data: Medium-extensive
|
602
|
+
|
603
|
+
Information whether the person has set an information security denial for the
|
604
|
+
Population Register Centre for providing their information to third parties. In
|
605
|
+
case this is the case, the value of this attribute will be `1`.
|
606
|
+
|
607
|
+
In case the information security denial is set, the address information will not
|
608
|
+
be transmitted over to the application with the identity response.
|
609
|
+
|
610
|
+
#### `:eidas_person_identifier`
|
611
|
+
|
612
|
+
- SAML URI: http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier
|
613
|
+
- SAML FriendlyName: PersonIdentifier
|
614
|
+
- Scope of data: Not defined
|
615
|
+
|
616
|
+
A person identifier according to the eIDAS regulation. The format depends the
|
617
|
+
issuing country and the number may be e.g. attached to the identity card and
|
618
|
+
change in case the card is changed. The identifier is unique per person, so no
|
619
|
+
two persons can hold the same identifier.
|
620
|
+
|
621
|
+
Only set for person identifying themselves using an eIDAS identity provider.
|
622
|
+
|
623
|
+
#### `:eidas_first_names`
|
624
|
+
|
625
|
+
- SAML URI: http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName
|
626
|
+
- SAML FriendlyName: FirstName
|
627
|
+
- Scope of data: Not defined
|
628
|
+
|
629
|
+
The same as `:first_names`. Duplicated for clarity that this attribute is passed
|
630
|
+
along with the other eIDAS attributes.
|
631
|
+
|
632
|
+
Only set for person identifying themselves using an eIDAS identity provider.
|
633
|
+
|
634
|
+
#### `:eidas_family_name`
|
635
|
+
|
636
|
+
- SAML URI: http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName
|
637
|
+
- SAML FriendlyName: FamilyName
|
638
|
+
- Scope of data: Not defined
|
639
|
+
|
640
|
+
The eIDAS family name of the person.
|
641
|
+
|
642
|
+
Only set for person identifying themselves using an eIDAS identity provider.
|
643
|
+
|
644
|
+
#### `:eidas_date_of_birth`
|
645
|
+
|
646
|
+
- SAML URI: http://eidas.europa.eu/attributes/naturalperson/DateOfBirth
|
647
|
+
- SAML FriendlyName: DateOfBirth
|
648
|
+
- Scope of data: Not defined
|
649
|
+
|
650
|
+
The eIDAS date of birth of the person.
|
651
|
+
|
652
|
+
Only set for person identifying themselves using an eIDAS identity provider.
|
653
|
+
|
654
|
+
## License
|
655
|
+
|
656
|
+
MIT, see [LICENSE](LICENSE).
|
data/Rakefile
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'rspec/core/rake_task'
|
4
|
+
|
5
|
+
# Run all tests, with coverage report
|
6
|
+
RSpec::Core::RakeTask.new(:coverage) do |t|
|
7
|
+
ENV['CODECOV'] = '1'
|
8
|
+
t.verbose = false
|
9
|
+
end
|
10
|
+
|
11
|
+
# Run all tests, include all
|
12
|
+
RSpec::Core::RakeTask.new(:spec) do |t|
|
13
|
+
t.verbose = false
|
14
|
+
end
|
15
|
+
|
16
|
+
# Default
|
17
|
+
task default: :coverage
|