Page tree
Skip to end of metadata
Go to start of metadata



Pages here are an appendix for the Installation - SSO Guide. These pages describe the requirements and tasks for installing the TUPAS authentication method in an Ubisecure Authentication Server system. The result of the installation described in these pages is a working TUPAS authentication method in a Ubisecure system. The Installation - SSO Guide contains instructions for installing the Ubisecure SSO Server.
The TUPAS specific information in this document is valid at the time of writing (August 2011). For the latest TUPAS specifications, as well as for more information on TUPAS, please refer to FFI's (Federation for Finnish Financial Services) TUPAS documents, available online at


In spring of 2002, Finnish banks agreed on a solution to use their Internet banking authentication for more general authentication uses. TUPAS allows a user's bank to act as the authentication provider. TUPAS can authenticate both individual and corporate banking customers.

From a user perspective, authentication is simple and familiar. It is done using the same IDs and passwords used for accessing their usual Internet banking service.
When using TUPAS with Ubisecure products, the user first tries to access a service protected by a Ubisecure Application object. The Application object redirects the user to the bank of their choice. On the bank's web page, the user signs in using the bank's ID and password system. The user confirms the transaction and is redirected back to the Ubisecure server. Here the credentials are checked and if acceptable, the user can access the web pages secured by Ubisecure and the TUPAS authentication method. 

Ubisecure products are preconfigured for the following banks:

  • Aktia
  • Säästöpankki
  • Paikallisosuuspankki
  • Handelsbanken
  • Nordea (Company and Personal Identifiers)
  • OKO
  • Danske
  • S-Pankki
  • Tapiola
  • Ålandsbanken

TUPAS is a commercial service. The use of TUPAS in production environments requires a contract with each bank. Upon signing the contract, each bank provides detailed instructions for configuration of test and production environments.
When agreeing on a TUPAS contract with a bank, request that the identifier is sent as idtype 02 (plain basic identifier).
Test configuration using fictional users is possible without contacting the banks. Ubisecure also offers Tupas Emulator for thorough testing using configurable test data. Tupas Emulator emulates a bank TUPAS system. Please contact Ubisecure if you do not have Tupas Emulator. It is available from download from the Developer portal.

Configuration of TUPAS logos and layout of the selection screen is the same as for all other authentication methods and is described in the Login user interface customization - SSO.