Obtain a CEF eIDAS connector node connector software package from the European Commission and configure it with your service provider metadata
Register your service provider in the connector node configuration with the required assurance level (substantial or high) and the requested attribute set (minimum: PersonIdentifier, CurrentFamilyName, CurrentGivenName, DateOfBirth)
Generate a SAML 2.0 AuthnRequest with the eIDAS-specific extensions specifying the LoA and the natural person attribute set and send it to the connector node
Receive the SAML Response from the connector node after the user authenticates with their national eID; validate the signature using the connector node's signing certificate
Extract the eIDAS unique identifier from the PersonIdentifier attribute — it is persistent and can be used as a stable cross-border identity anchor
Known gotchas
The eIDAS PersonIdentifier format is country-code/country-code/identifier and is not a globally resolvable key — it is opaque and specific to the issuing and receiving country pair
Not all EU member states have deployed eIDAS nodes with high assurance level; check the eIDAS node network connectivity map before committing to that LoA
SAML attribute names use URN format defined in the eIDAS SAML Attribute Profile specification; do not map them using generic SAML attribute names
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp