This chapter describes in detail the XML structure of the configuration file format. This is the root element of the configuration file. Page title for identity provider selection webpage. The title will be translated using standard localization features. Page introduction for identity provider selection webpage. The introduction will be translated using standard localization features. List of identity providers enabled for this configuration. This element represents the list of identity providers to choose from. An OpenID Connect identity provider. There can be more than one of these. A SAML20 based identity provider. There can only be one of these. If more is needed then it is necessary to configure the SAML20 sub-system in the web.config file. An identity provider for username + password login. Common base type for identity provider definitions. Identity provider title. The title will be translated using standard localization features. Identity provider description. The description will be translated using standard localization features. Identity template string for the selected identity provider. The template is used to merge claims from the selected identity provider with some text to construct an identifier that can be returned to the relying party which originally connected to IdentityHub. For OpenID Connect providers it is often enough to use "$sub$" which will simply re-use the subject of the incoming claims as the subject of the claims returned by IdentityHub. Beware that colons ":" in claim names are replaced with underscores "_" since colons have special meaning in the template format. This is mostly relevant when IdentityHub is used together with NemLogin which uses names such as "dk:gov:saml:attribute:CprNumberIdentifier". The template format is specified in the manual "TextMerge - reference manual". This element declares an OpenID Connect identity provider. Reference to an identity provider listed in the file IdentityProviders.config. This element declares a SAML20 based identity provider. If true, return each SAML attribute as a list of all values for the same attribute - otherwise only return the first value. An identity provider which represents generic username + password login. This element specifies that a 'Remember me' option is to be inserted on the login page. This element specifies which login service to use. This element indicates that additional identity verifications should be performed, before an identity is accepted. Specifies that a 'Remember me' option is to be inserted on the login page. This element specifies how long a user should be remembered. Specifies which login service to use. This element indicates that F2AuthenticationService should be used for login. This indicates that a login demo is used. Username will be accepted without password. Allows the end-user to freely choose an identity. This should ONLY be used for testing!!! This indicates that F2AuthenticationService should be used for login. A url specifying the location of F2AuthenticationService. Example: http://HOST/PATH/F2AuthenticateService.asmx An identity verifier, which sends a challenge-SMS containing a secret, which the user must submit. The sender of the verification SMS. This element is used to indicate where the phone number, which the SMS challenge should be issued to, is found. A message template for the content of the verification SMS. Use {0} as a placeholder for the challenge. Example: Your code is: {0}]]>. The message template will be translated using standard localization features. This element specifies how long the SMS challenge should be valid. This element specifies how many attempts a user has, before an SMS challenge is invalidated. Indicates where the phone number, which the SMS challenge should be issued to, is found. This element indicates that the phone number, which the SMS challenge should be issued to, is found via F2-REST. The F2-REST connection is configured via app-settings in the web.config file. Defines additional validations to be performed before an identity is accepted. This element indicates that an SMS challenge should be issued to verify identity. Specifies a period of time in minutes Specifies a period of time in hours Specifies a period of time in days Defines the time period using a string, instead of elements. See https://docs.microsoft.com/en-us/dotnet/api/system.timespan.parse?view=netframework-4.8 for format.