Suomi.fi e-Identification: Frequently asked questions

Schedule for production environment metadata installations

• Apply for the access licence well in advance.
• All changes must be submitted no later than Sunday of the previous week. All metadata submitted after this date will be included in the following week’s installation.
• Dynamic metadata of the production environment is checked early in the week.
• Metadata production installation is carried out on Wednesdays at 9.00.

No extra metadata installations are carried out.

Test environment metadata is checked and taken to the test environment each weekday between 13.00 and 16.00. 

Public holidays and holiday periods affect the metadata installation schedules.

Read more at Schedule for metadata installations.

We recommend that you use the metafile template found here and complete the details of the environment you want to register in the template.

• If you receive an error message, we recommend that you check the following:
• the metafile is valid XML
• the entityID is configured
• the contact person’s first name, last name and email address are specified
• the email addresses are in the right format the environment name is defined in three languages (DisplayName elements)
• the certificate is valid and in PEM format
• the return address of the identification response has been specified.

This can be due to a number of issues. We recommend that you check the following:

• the request is valid XML
• the entityID of the identification request is the same as in the environment metadata. Note that the entityID is case-sensitive.
• the secret key used to sign the request matches the certificate specified in the environment metadata.
• there is no discrepancy in the request timestamp and your server clocks have been synchronized.

It is recommended that you check the following issues:

• The identification response return address is set correctly in the environment metadata (AssertionConsumerService element).
• Check that the return address and HTTP method are correct (GET/POST).
• The secret key used for decryption matches the certificate specified in the environment metadata.

Contact information is managed through environment metadata. Identify yourself using strong identification in Suomi.fi Service Management, download the current metadata to your computer, make the necessary changes and update the environment. For more detailed instructions on updating metadata, see here.

SAML certificates used by the e-service are managed through environment metadata. Please note that changing the certificate also requires actions in your e-service. For more detailed instructions on changing certificates, see here.

If these kinds of checks need to be made more frequently, the Digital and Population Data Services Agency provides a change information service through which it is also possible to obtain information on changes in personal identity codes. You can find additional information about the service hereOpens in a new window..

A person whose personal identity code has changed can obtain an extract from the Population Information System, which shows the new and old personal identity code and can be used to prove the change in the personal identity code. In other words, if this is an individual case, you could ask for this extract from the person concerned if you want a confirmation of the change of personal identity code.

It is not possible to remove the environment itself from Suomi.fi Service Management. Log into Suomi.fi Service ManagementOpens in a new window. (check the third page of the report) to ensure that the environment no longer receives successful identifications and request that the environment be removed from activation support at the address tunnistus-kayttoonotot@dvv.fi.

If there is an error in the configuration between the e-service and Suomi.fi authentication, the authentication will end up on an error page. The error code (&m=X) in the error page URL indicates the nature of the error. The table below lists the codes and their explanations: