Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Whenever you are creating of updating a external identity provider, you have to specify the following properties:

Property

Data Type

Mandatory

Example

Description

Name

String

(tick)

Google

The name of the external provider

Description

String

Enables user to login with their Google accounts

Description of the external provider

Description name key

Translation Key

Customer.ExternalIdentityProvider.Google.Description

A translation key to translate the description in different languages

Display name

String

Google

Used to display the external identity provider to users

Display name key

String

Customer.ExternalIdentityProvider.Google.Displayname

A translation key to translate the display name in different languages

Icon

Drop Down

(tick)

Google

Choose any of the available logos

State

Drop Down

(tick)

Active

Usually active or inactive

Option type

Drop Down

(tick)

GoogleOAuthProviderOptions

Depending on the external providers technology:

  • GenericCustomOAuthOptions

  • GenericOpenIdConnectOptions

  • GenericCustomWsFederationOptions

  • SwissIdOAuthOptions

  • GoogleOAuthProviderOptions

  • FacebookOAuthProviderOptions

They all represent the

Unless stated otherwise, they represent ASP.NETCore Connection Options. For further details see their appropriate documentation such as https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.openidconnect.openidconnectoptions?view=aspnetcore-6.0

Configuration

String

Code Block
languagejson
{
  "clientId": "9920356573-3ksmjore7esuiq7p17dh06vpm4a.apps.googleusercontent.com",
  "clientSecret": "xxaeraaF8adsljfkclajf"
}

A simple example for the GoogleOAuthProviderOptions where you only have to add the clientId and clientSecret

Authentication scheme

String

(tick)

google

This name will be used in the callback url i.e. https://idp.coreone.ch/callback/google

Trusted address

String

(tick)

https://accounts.google.com/

Those addresses will be added to the Content Security Policy in order to allow a form submit to and from those pages.

Automatically link user account

Boolean

(tick)

When a user can be merged with an existing user, this boolean indicates whether or not the user should be asked to do so.

Attribute Mapping

In the attribute mapping you can define mapping rules to map an external identity providers claim to a CoreOne Suite Attribute of the appropriate Core Identity. For example you can map the claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname provided by Google to the CoreOne Suite Attribute First name.

You also have the option to define a default value in case the value was not provided and you can set the synchronize flag to true, so that those values will be updated each time when a user logs in.

Furthermore you can define an attribute as identifies a user. If set, users that logon with an external provider will be matched on that attribute to local users. For example, if the external provider has a claim containing a customer number, and there is an appropriate attribute within the CoreOne Suite, you can match the users on that attribute.

Claim Mapping

When you do not want to store the claims provided by the external identity provider in the CoreOne Suite Meta Directory but you would like to include the claims in the token, you can configure a simple claim mapping. I.e. you can map the external claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname to the claim given_name.

Starting from version 8.0: When configuring a mapping, you can also specify if this mapping can be used to identify a user uniquely in an auto merge process by setting the can identify a user flag.