Hello
I’m trying to look whether it’d be possible to federate logins from Azure Entra External ID to Signicat for Finnish Trust Network logins, i.e. bank credentials and mobile ID.
What I can’t find from the Signicat developer documentation, is that would federating logins from Entra External ID to Signicat over SAML require signed authentication requests? The only documentation related to this are couple of examples in SAML examples | Signicat Documentation, where the examples do seem to include signatures in the AuthnRequest requests. The issue is that on the Azure side it seems that the Entra External ID does not support SAML signed authentication requests.
I also looked into if the federation would work over OIDC, but on that side Entra External ID does not support JWE encrypted ID tokens, so that apparently would not work, as based on the Signicat developer documentation the ID tokens are required to be encrypted, if the service provider wants the end users to be able to login with Finnish bank credentials (FTN): Encrypted/signed responses from Signicat | Signicat Documentation
With this, I would be interested to know if Signicat requires the SAML authentication requests to be signed by the SAML service provider?
Also, if it is known that the federation would work from Entra External ID to Signicat, I would be interested to know the relevant details of this.
Thanks!