Public System for Digital Identity
SPID is the digital identity card for the citizens: a single credential system, with a verified identity, that can be integrated on public and private websites.
SPID (Public System for Digital Identity) is the solution that allows the Italian citizens to access all online services of the Public Administration with a single Digital Identity (username and password) that can be used from computers, tablets and smartphones. Citizens can get SPID through a series of private companies under agreements (known as Identity Providers); once the verification procedure is completed (which certifies the identity of the applicant), you are released a set of credentials that can be used on all the websites (called Service Providers).
Advantages for citizens:
- A single set of credentials for all public websites (and private websites too), secure and easy to remember
- The verification process, after which the credentials are released, needs to be done only once
- SPID is free
Advantages for Service Providers:
- Secure and certified identification of users
- No need to handle custom registration/verification processes, thus reduced costs
- Qualified attributes (birth date/place, gender, e-mail, phone etc.)
- Other attributes already populated by users (home address etc.)
SPID can be integrated in the websites of the Public Administration, but also on private websites. In the first case the service is free, while for privates fees are applied. There are several advantages for including SPID in private websites: banks and insurance companies, for instance, can easily recognize users who want to open an account just by accepting their SPID login, without any additional verification process.
How to become a Service Provider
- Read tecnhical documentation.
- Use and contribute to the open source components available in Developers Italia.
- Use spid-saml-check to simulate the authentication flow and verify that your implementation is correct.
- Get in touch with other developers at Slack.
- Follow the onboarding procedure described here.
- If you have any further questions or are having problems with onboarding procedure, please contact SPID HelpDesk.
SPID is based on the SAML2 protocol, thus the integration can be done in several ways:
- by integrating one of the Developers Italia SDKs directly in the application;
- by applying a middleware (like Shibboleth Service Provider) to the web server;
- by adding an external Identity Access Management component, like a Proxy.
In addition, the Enter with SPID” official button must be included in the Service Provider website, that allows users to choose their Identity Provider. The application/middleware/IAM then generates an AuthnRequest that is later sent to the Identity Provider via a browser redirect.
The Service Provider must update the Identity Provider metadata whenever they are added, removed or when their certificates are updated. This update must be reflected in the “Enter with SPID” button too.
How to contribute
The Developers Italia community has created a wide range of ready-to-use open source components (SDK, code examples, IAM Proxy, tools). Anyone can contribute to the improvement of existing components or help develop some new. It is important to keep in mind that the resources made available to the community are not intended as regulations but only as support, example and supplementary help for developers.
Get in touch
SAML2 Technical rules (consolidated version)
The SPID SAML2 technical rules with all the fixes applied, in an easy to read version published on Docs Italia
Identity Providers metadata
SAML2 Metadata of the SPID Identity Providers. Service Providers are required to keep metadata up-to-date
Forms, regulation and documents
The AGID website contains forms, pricing, regulation and other documents about SPID
SDK for AspNetCore
Native library for integrating SPID in .NET AspNetCore MVC applications
SDK for .NET
Native library for integrating SPID in .NET applications
SDK for Django
Native library for integrating SPID in Django (Python) applications
SDK for NodeJS (Express.js/Passport)
SDK for Express.js
SDK for Spring
Native library for integrating SPID in Java Spring applications
SDK for Ruby
Native library for integrating SPID in Ruby applications
SDK for Ruby on Rails
Native library for integrating SPID in Ruby on Rails applications
SDK for Sinatra
Native library for integrating SPID in Sinatra (Ruby) applications
SDK for Android
Native library for integrating SPID in Android (Java) applications
SDK for iOS
Native library for integrating SPID in iOS mobile applications
SDK for PHP
Native library for integrating SPID in PHP applications
SDK for Wordpress
Native library for integrating SPID in Wordpress (PHP) applications
SDK for Laravel
Native library for integrating SPID in Laravel (PHP) applications
SDK for Symfony
Native library for integrating SPID in Symfony (PHP) applications
SDK for Drupal
Native library for integrating SPID in Drupal (PHP) applications
SDK for PHP (based on SimpleSAMLphp)
Script for integrating SPID in PHP applications through a guided installer of SimpleSAMLphp
SDK for Perl
Native library for integrating SPID in Perl applications
SDK for Dancer2
Native library for integrating SPID in Dancer2 (Perl) applications
SDK for Go
Native library for integrating SPID in Golang applications
- Example of configuration of Shibboleth with Nginx via an Ansible playbook
SDK for Python (Django) with examples
SPID/CIE OIDC Federation is a suite of Django applications designed to make it easy to build an Openid Connect Federation.
SDK for Nodejs with examples
The SPID/CIE OIDC Federation Relying Party, written in Node.js
SDK for AspNetCore with examples
SPID/CIE OIDC Federation SDK for AspNetCore
SDK for PHP with examples
SPID/CIE OIDC Federation Relying Party, for PHP
SDK for Java with examples
Native library for integrating SPID and CIE OIDC in Java with an example project written in Spring
Nimbus Java SDK
Comprehensive Java library for developing OAuth 2.0 and OpenID Connect with full support of OIDC Federation.
Python Proxy with Docker image to enable traditional SAML2 SPs in SPID
Keycloak OIDC to SAML2 SPID Proxy
Proxy con Shibboleth
SPID Proxy based on Shibboleth IDP and SP
IAM in Python
SPID compatible Identity Access Management application developed in Python
Proxy SPID/CIE SAML based on SDK for PHP spid-php
Proxy SPID/CIE OIDC based on SDK for PHP spid-cie-oidc-php
'Enter with SPID' button
The button to insert in the Service Provider website, that allows users to choose their Identity Provider
Graphical interfaces for Identity Providers
Static HTML templates for Identity Provider interfaces
Icons, logos and other graphic resources
This repository contains the SPID logo, the Identity Providers logos and other graphic resources
'Enter with SPID' button (smart version)
New version (not yet official) of the 'Enter with SPID' button, that allows users to choose their Identity Provider
SPID test Identity Provider
Test environment used by AgID for testing the SPs in the onboarding phase, which can be performed locally
SPID Quality Assessment e CI
spid-sp-test is a SAML2 SPID Service Provider validation tool that can be executed from the command line
SAML2 certificate creation
Tool for creating X.509 certificates compliant with SPID Notice n.29 v3
SPID Metadata builder
Tool for creating SPID metadata of an SP
SPID Metadata signer
SPID metadata signing tool for an SP
Firefox SAML Tracer plugin
A Firefox addon for viewing SAML and WS-Federation messages sent through the browser during single sign-on and single logout.
A Chromium extension for viewing SAML and WS-Federation messages sent through the browser during single sign-on and single logout.
SAML Developer Tools
Onelogin SAML2 tools