Public System for Digital Identity
SPID is the digital identity card for the citizens: a single credential system, with a verified identity, that can be integrated on public and private websites.
SPID (Public System for Digital Identity) is the solution that allows the Italian citizens to access all online services of the Public Administration with a single Digital Identity (username and password) that can be used from computers, tablets and smartphones. Citizens can get SPID through a series of private companies under agreements (known as Identity Providers); once the verification procedure is completed (which certifies the identity of the applicant), you are released a set of credentials that can be used on all the websites (called Service Providers).
Advantages for citizens:
- A single set of credentials for all public websites (and private websites too), secure and easy to remember
- The verification process, after which the credentials are released, needs to be done only once
- SPID is free
Advantages for Service Providers:
- Secure and certified identification of users
- No need to handle custom registration/verification processes, thus reduced costs
- Qualified attributes (birth date/place, gender, e-mail, phone etc.)
- Other attributes already populated by users (home address etc.)
SPID can be integrated in the websites of the Public Administration, but also on private websites. In the first case the service is free, while for privates fees are applied. There are several advantages for including SPID in private websites: banks and insurance companies, for instance, can easily recognize users who want to open an account just by accepting their SPID login, without any additional verification process.
How to become a Service Provider
- Read the technical docs and use the open source components you can find in Developers Italia.
- Use the test Identity Provider for simulating the authentication process and verifying that your implementation is correct.
- Get in touch with other developers via Slack.
- Follow the accreditation procedore described in the AGID website.
SPID is based on the SAML2 protocol, thus the integration can be done in several ways:
- by integrating one of the Developers Italia SDKs directly in the application;
- by applying a middleware (like Shibboleth) to the web server;
- by adding an external Identity Access Management component.
In addition, the “Enter with SPID” official button must be included in the Service Provider website, that allows users to choose their Identity Provider. The application/middleware/IAM then generates an AuthnRequest that is later sent to the Identity Provider via a browser redirect.
The Service Provider must update the Identity Provider metadata whenever they are added, removed or when their certificates are updated. This update must be reflected in the “Enter with SPID” button too.
In addition, a public issue tracker is available.
The Developers Italia community developed a large amount of open source components (SDK, examples of code) ready to use, and it also developed the test Identity Provider. Anyone can contribute to the improvement of such components or to the development of new ones (see the roadmap).
Technical rules (consolidated version)
The SPID technical rules with all the fixes applied, in an easy to read version published on Docs Italia
State of the art of the SDKs for SPID developed and maintained by the Developers Italia community
Identity Providers metadata
SAML Metadata of the SPID Identity Providers. Service Providers are required to keep metadata up-to-date
Forms, regulation and documents
The AGID website contains forms, pricing, regulation and other documents about SPID
SDK for .NET
Native library for integrating SPID in .NET applications
SDK for Django
Native library for integrating SPID in Django (Python) applications
SDK for Passport
SDK for Spring
Native library for integrating SPID in Java Spring applications
SDK for Ruby
Native library for integrating SPID in Ruby applications
SDK for Ruby on Rails
Native library for integrating SPID in Ruby on Rails applications
SDK for Sinatra
Native library for integrating SPID in Sinatra (Ruby) applications
SDK for Android
Native library for integrating SPID in Android (Java) applications
SDK for iOS
Native library for integrating SPID in iOS mobile applications
SDK for PHP
Native library for integrating SPID in PHP applications
SDK for Wordpress
Native library for integrating SPID in Wordpress (PHP) applications
SDK for Laravel
Native library for integrating SPID in Laravel (PHP) applications
SDK for Symfony
Native library for integrating SPID in Symfony (PHP) applications
SDK for Drupal
Native library for integrating SPID in Drupal (PHP) applications
SDK for concrete5
Native library for integrating SPID in concrete5 (PHP) applications
SDK for PHP (based on SimpleSAMLphp)
Script for integrating SPID in PHP applications through a guided installer of SimpleSAMLphp
SDK for Perl
Native library for integrating SPID in Perl applications
SDK for Dancer2
Native library for integrating SPID in Dancer2 (Perl) applications
SDK for Go
Native library for integrating SPID in Golang applications
Plugin for Limesurvey
Native plugin for integrating SPID in Limesurvey
Docker image for creating a proxy based on Apache2 and Shibboleth
- Example of configuration of Shibboleth with Nginx via an Ansible playbook
IAM in Python
SPID-compatible Identity Access Management application developed in Python
'Enter with SPID' button
The button to insert in the Service Provider website, that allows users to choose their Identity Provider
Graphical interfaces for Identity Providers
Static HTML templates for Identity Provider interfaces
Icons, logos and other graphic resources
This repository contains the SPID logo, the Identity Providers logos and other graphic resources
'Enter with SPID' button (smart version)
New version (not yet official) of the 'Enter with SPID' button, that allows users to choose their Identity Provider
Test Identity Provider
Test environment that can be used for troubleshooting a Service Provider implementation. It provides full validation against the official SPID rules and can be run as a local application too