...
Name | Datatype | Mandatory | Example | Description | ||
|---|---|---|---|---|---|---|
Token specification | Drop Down | ✅ | oidc | Choose any of the supported token specification
| ||
Client identificator | String | ✅ | webshop_android | Each client must be uniquely identified. Provide a value that you also must use in the clients configuration later on. Choose either something self explanatory or a random value if you wanna hide the purpose of the client as a security measurement. | ||
Name | String | ✅ | Android Webshop Application | Identifies your client in a technical way in the system | ||
Displayname | String | ✅ | Android Webshop Application | Non technical name used to display the application in various places such as the Self-Service Portal Version 7 and above | ||
Logout URI | URL | https://www.webshop.com/logout | If no logout URL is provided by the client, the user will be redirected to this URL after a logout. | |||
Redirect Uri (Regex) * | REGEX Pattern | ✅ | regex:^https:\/\/webshop\.ch$ | The client provides an URL where the user will be redirected to after a successful authentication. It’s good practice to test those URLs against a pattern to ensure that the user can only be redirected to previously configured URLs. This will significantly increase the security of the system.
| ||
Scope | Multi Value | profile email | A list of scopes that the client can request. If the client requests a scope that is not part of this configuration, he will not be able to perform an authentication.
| |||
Default level of authentication entry | Drop Down | ✅ | Default | Select a default level of authentication entry that will be used to determinate the authentication flow for the user. | ||
Use Backend To Validate User PasswordValidate user password using Application Service | Checkbox | ✅ | Indicates if backend should be used to validate user password (which involves API call and checks password as well as password policies). Otherwise validation is done internally in Authentication Service and password policies are not checked. Default value - |
...
Name | Datatype | Mandatory | Example | Description | ||
|---|---|---|---|---|---|---|
Require Consent | Checkbox | ✅ | false | Defines whether or not the user needs to give consent when accessing this client. | ||
Allow remember me | Checkbox | ✅ | false | Whether or not the user is presented with the option to select “remember me” which will cause the persistence of a cookie in the clients browser for any subsequent logins. | ||
Enable local authentication | Checkbox | ✅ | true | Specifies if this client can use CoreOne Suite users, or external providers only. | ||
URI | string | https://www.coreone.ch | The url of the client / application. | |||
Email verification redirect uri | REGEX Pattern | regex:^https:\/\/webshop\.ch$ | If any external systems are using urls to verify the mail address of authentication users, the provided redirect uri in the link will be tested against this configured pattern.
| |||
Post logout redirect URI's | REGEX Pattern | regex:^https:\/\/webshop\.ch$ | The client provides an URL where the user will be redirected to after being logged out. It’s good practice to test those URLs against a pattern to ensure that the user can only be redirected to previously configured URLs. This will significantly increase the security of the system.
| |||
Identity provider restrictions | REGEX Pattern | regex:^https:\/\/swissid\.ch$ | Defines a list of allowed external identity providers that are allowed. If you do not specify any, all configured IdPs are allowed. Version 7 and above | |||
Required Multi-Factor Authentication | Checkbox | ✅ | true | Whether or not a MFA authentication is required for the client Deprecated version 6 and above | ||
Allow self-registration | Checkbox | ✅ | true | Whether or not a self registration is allowed for this client or not. | ||
Activation disabled | Checkbox | ✅ | true | If the activation process is enabled in the system, you can disable it for a specific client. | ||
Show in self-service | Checkbox | ✅ | true | Whether or not the client should be listed in the user self-service portal. |
...
Name | Datatype | Mandatory | Example | Description |
|---|---|---|---|---|
Require Saml Request Destination | Checkbox | ✅ | true | Defines whether or not a Saml Requestion Destination has to be present in the AuthnRequest in order to start the authentication |
Sign assertions | Checkbox | ✅ | true | Defines if our saml response is signed with the configured certificate |
Signing certificate type | Drop Down | Only when sign assertions is checked | Windows store | The format of the certificate. It can either be hosted in the |
Signing certificate | Certificate | Only when sign assertions is checked | MyCert | See above. |
Encrypt assertions | Checkbox | ✅ | true | Defines if our saml response is encrypted with the configured certificate |
Encryption certificate type | Drop Down | Only when sign assertions is checked | The format of the certificate. It can either be hosted in the | |
Encryption certificate | Certificate | Only when sign assertions is checked | See above. |