Enabling Platform
SPID
Public System for Digital Identity
SPID is the digital identity card for the citizens: a single credential system, with a verified identity, that can be integrated on public and private websites.
Community leaders
Intro
SPID (Public System for Digital Identity) is the solution that allows the Italian citizens to access all online services of the Public Administration with a single Digital Identity (username and password) that can be used from computers, tablets and smartphones. Citizens can get SPID through a series of private companies under agreements (known as Identity Providers); once the verification procedure is completed (which certifies the identity of the applicant), you are released a set of credentials that can be used on all the websites (called Service Providers).
Advantages for citizens:
- A single set of credentials for all public websites (and private websites too), secure and easy to remember
- The verification process, after which the credentials are released, needs to be done only once
- SPID is free
Advantages for Service Providers:
- Secure and certified identification of users
- No need to handle custom registration/verification processes, thus reduced costs
- Qualified attributes (birth date/place, gender, e-mail, phone etc.)
- Other attributes already populated by users (home address etc.)
SPID can be integrated in the websites of the Public Administration, but also on private websites. In the first case the service is free, while for privates fees are applied. There are several advantages for including SPID in private websites: banks and insurance companies, for instance, can easily recognize users who want to open an account just by accepting their SPID login, without any additional verification process.
How to become a Service Provider
- Read tecnhical documentation.
- Use and contribute to the open source components available in Developers Italia.
- Use spid-saml-check to simulate the authentication flow and verify that your implementation is correct.
- Get in touch with other developers at Slack.
- Follow the onboarding procedure described here.
- If you have any further questions or are having problems with onboarding procedure, please contact SPID HelpDesk.
SPID is based on the SAML2 protocol, thus the integration can be done in several ways:
- by integrating one of the Developers Italia SDKs directly in the application;
- by applying a middleware (like Shibboleth Service Provider) to the web server;
- by adding an external Identity Access Management component, like a Proxy.
In addition, the Enter with SPID” official button must be included in the Service Provider website, that allows users to choose their Identity Provider. The application/middleware/IAM then generates an AuthnRequest that is later sent to the Identity Provider via a browser redirect.
The Service Provider must update the Identity Provider metadata whenever they are added, removed or when their certificates are updated. This update must be reflected in the “Enter with SPID” button too.
How to contribute
The Developers Italia community has created a wide range of ready-to-use open source components (SDK, code examples, IAM Proxy, tools). Anyone can contribute to the improvement of existing components or help develop some new. It is important to keep in mind that the resources made available to the community are not intended as regulations but only as support, example and supplementary help for developers.
Get in touch
Enter the forum Chat on Slack (#spid) Sign up on Slack
Resources
-
SAML2 Technical rules (consolidated version)
The SPID SAML2 technical rules with all the fixes applied, in an easy to read version published on Docs Italia
-
Identity Providers metadata
SAML2 Metadata of the SPID Identity Providers. Service Providers are required to keep metadata up-to-date
-
Forms, regulation and documents
The AGID website contains forms, pricing, regulation and other documents about SPID
-
SDK for AspNetCore
Native library for integrating SPID in .NET AspNetCore MVC applications
-
SDK for .NET
Native library for integrating SPID in .NET applications
-
SDK for Django
Native library for integrating SPID in Django (Python) applications
-
SDK for NodeJS (Express.js/Passport)
Native library for integrating SPID in Node/Passport (Typescript/Javascript) applications
-
SDK for Express.js
Native library for integrating SPID in Node/Passport (Javascript) applications
-
SDK for Spring
Native library for integrating SPID in Java Spring applications
-
SDK for Ruby
Native library for integrating SPID in Ruby applications
-
SDK for Ruby on Rails
Native library for integrating SPID in Ruby on Rails applications
-
SDK for Sinatra
Native library for integrating SPID in Sinatra (Ruby) applications
-
SDK for Android
Native library for integrating SPID in Android (Java) applications
-
SDK for iOS
Native library for integrating SPID in iOS mobile applications
-
SDK for PHP
Native library for integrating SPID in PHP applications
-
SDK for Wordpress
Native library for integrating SPID in Wordpress (PHP) applications
-
SDK for Laravel
Native library for integrating SPID in Laravel (PHP) applications
-
SDK for Symfony
Native library for integrating SPID in Symfony (PHP) applications
-
SDK for Drupal
Native library for integrating SPID in Drupal (PHP) applications
-
SDK for PHP (based on SimpleSAMLphp)
Script for integrating SPID in PHP applications through a guided installer of SimpleSAMLphp
-
SDK for Perl
Native library for integrating SPID in Perl applications
-
SDK for Dancer2
Native library for integrating SPID in Dancer2 (Perl) applications
-
SDK for Go
Native library for integrating SPID in Golang applications
- Example of configuration of Shibboleth with Nginx via an Ansible playbook
-
SDK for Python (Django) with examples
SPID/CIE OIDC Federation is a suite of Django applications designed to make it easy to build an Openid Connect Federation.
-
SDK for Nodejs with examples
The SPID/CIE OIDC Federation Relying Party, written in Node.js
-
SDK for AspNetCore with examples
SPID/CIE OIDC Federation SDK for AspNetCore
-
SDK for PHP with examples
SPID/CIE OIDC Federation Relying Party, for PHP
-
SDK for Java with examples
Native library for integrating SPID and CIE OIDC in Java with an example project written in Spring
-
Nimbus Java SDK
Comprehensive Java library for developing OAuth 2.0 and OpenID Connect with full support of OIDC Federation.
-
IdentityPython SATOSA
Python Proxy with Docker image to enable traditional SAML2 SPs in SPID
-
Keycloak
Keycloak OIDC to SAML2 SPID Proxy
-
Proxy con Shibboleth
SPID Proxy based on Shibboleth IDP and SP
-
IAM in Python
SPID compatible Identity Access Management application developed in Python
-
spid-php Proxy
Proxy SPID/CIE SAML based on SDK for PHP spid-php
-
spid-cie-oidc-php Proxy
Proxy SPID/CIE OIDC based on SDK for PHP spid-cie-oidc-php
-
'Enter with SPID' button
The button to insert in the Service Provider website, that allows users to choose their Identity Provider
-
Graphical interfaces for Identity Providers
Static HTML templates for Identity Provider interfaces
-
Icons, logos and other graphic resources
This repository contains the SPID logo, the Identity Providers logos and other graphic resources
-
'Enter with SPID' button (smart version)
New version (not yet official) of the 'Enter with SPID' button, that allows users to choose their Identity Provider
-
SPID test Identity Provider
Test environment used by AgID for testing the SPs in the onboarding phase, which can be performed locally
-
SPID Quality Assessment e CI
spid-sp-test is a SAML2 SPID Service Provider validation tool that can be executed from the command line
-
SAML2 certificate creation
Tool for creating X.509 certificates compliant with SPID Notice n.29 v3
-
SPID Metadata builder
Tool for creating SPID metadata of an SP
-
SPID Metadata signer
SPID metadata signing tool for an SP
-
Firefox SAML Tracer plugin
A Firefox addon for viewing SAML and WS-Federation messages sent through the browser during single sign-on and single logout.
-
Chrome SAML
A Chromium extension for viewing SAML and WS-Federation messages sent through the browser during single sign-on and single logout.
-
SAML Developer Tools
Onelogin SAML2 tools