IRMA
A guide on how to enable IRMA and configure the settings.
For more general information on how IRMA works, check it out in the Knowledgebase.

Getting started

To get started, you will first need to email Signicat's Technical Support to request the activation of an IRMA connection. Once the IRMA connections have been created, you can then select it as an authentication provider and configure the settings.

IRMA settings

  • Name: You can provide a unique name for your authentication provider connection.
  • "Include only when scoped" checkbox: This indicates that the Authentication provider will not be visible on the Authentication Provider selection screen, but can only be reached by using IdP scoping.
  • Select attribute filter: Attribute filters allow you to filter out certain attributes to make the response more concise.
  • Option to add response attribute mappings: Response attribute mappings allow you to choose the name of the attribute and thus use a standardised name for multiple authentication providers.
Tip: See Broker Features for more information.

Broker Metadata

Once the connection is saved, press the Get Broker Metadata button and email this to Technical Support.

Integrate IRMA through Signicat

Now that IRMA has been successfully configured and added to the dashboard as an authentication provider option, click Test
to proceed. You will then be presented with the following screen:
Note: If you use only IRMA as an Identity Provider and no others, this step will be skipped.
When you select IRMA, you will be redirected to the IRMA login page where you will be asked to scan the QR code with your IRMA mobile app.

Requested attributes

To request certain attributes from IRMA, you should first look at this page to see which attributes IRMA supports. In most cases you can simply request attributes depending on your connection:
  1. 1.
    SAML
  2. 2.
    OIDC
If you wish to construct more complex requests using the IRMA condiscon functionality you may pass the condiscon parameter using additional parameters. For example, you may want to send a SAML request within the requested attributes extension the signicat:param:condiscon.

Example of adding condiscon parameter in your SAML request

1
<saml2p:Extensions xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
2
<req-attr:RequestedAttributes xmlns:req-attr="urn:oasis:names:tc:SAML:protocol:ext:req-attr">
3
<md:RequestedAttribute xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
4
Name="signicat:param:condiscon"
5
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
6
isRequired="true"
7
>
8
<saml2:AttributeValue xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
9
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
10
xsi:type="xsd:string"
11
>[[["irma-demo.sidn-pbdf.email.email"]],[["irma-demo.sidn-pbdf.mobilenumber.mobilenumber"]]]</saml2:AttributeValue>
12
</md:RequestedAttribute>
13
</req-attr:RequestedAttributes>
14
</saml2p:Extensions>
Copied!

IRMA app

The IRMA authenticate app is created by Privacy by Design Foundation and can be downloaded via the following links:
Once the QR code is scanned by your IRMA authenticate app, you may be asked whether you want to disclose certain personal data (called "cards") to IRMA; for example, your mobile phone number and email address. This is so that you can make yourself known to the IRMA connection.

Other resources

Last modified 1mo ago