Versions Compared

Version Old Version 2 New Version 3
Changes made by

Silvan Grüter

Silvan Grüter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Before you can start configuring the SwissID as an external identity provider, you need the following data.

  • The customer has to set up a configuration with SwissID. This You will have to have an agreement with SwissID, if you haven’t one already, we are happy to assist you in this matter.
    Once you have the agreement, the SwissID team will provide you with the a Client-Key and a Client-Secret.Levels of Authentication & Levels of Trust. These have to be documented by the Project-Manager and the Customer

  • The QoA level that you would like to use while performing an authentication request against SwissID

  • The URLs for the SwissID connection . The customer will define these and create them in cooperation with SwissIDdepending on the system PROD / INT.

Step 2 -

...

Add/Configure External Identity provider

To configure SwissID as an external identity provider, proceed with the following steps.

2.1 Add/Configure External Identity provider

To modify or add an external identity provider go to SSO → External Identity providers

...

Those are some examples for the Configuration, you may change them depending on your needs:

Setting

Value

Name

SwissID

Description

Swiss Auth Provider

Display name

SwissID

State

Active

Icon

SwissID

Option type

iTsense.CoreLogin2.Server.ExternalAuthentication.Options.Specific.SwissIdOAuthProviderOptions, iTsense.CoreLogin2.Server, Version=4.1911.7.1, Culture=neutral, PublicKeyToken=null

Configuration

{ "clientId": "******", "clientSecret": "******", "AuthorizationEndpoint": "https://login.int.swissid.ch/idp/oauth2/authorize", "TokenEndpoint": "https://login.int.swissid.ch/idp/oauth2/access_token", "UserInformationEndpoint": "https://login.int.swissid.ch/idp/oauth2/userinfo"}

Authentication scheme

SwissID

Step 3 - Define the attribute mapping

As a next Step you can configure the Attribute-Mappings. The Attribute-Mappings defines which SwissID Claim should be automatically matched to which CoreOne Suite attribute.

Example for Attribute Mappings:

Attribute

Original Claim Type Name

Surename

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

Givenname

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

Email

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Step

...

4 - Set SwissID as your identity provider

You can set your identity provider in the portal. Under “Accounts and Security → Social Logins“ you can add or remove SwissID. This allows you to log in via SwissID-Button which will be displayed on the authentication-page of the CoreOne Suite.

Step

...

5 - Verify you SwissID Account

If you haven used SwissID before, you can register an Account by filling out the form. You have to verifiy your account with an activation-code which you will recieve per email.