Versions Compared

Version Old Version 2 New Version Current
Changes made by

Silvan Grüter

Silvan Grüter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

SwissID is a free service provided by SwissSign Group, a joint venture of state-affiliated businesses, financial institutions, insurance and health insurance companies. This identity provider can be used for authentication in the CoreOne Suite.

Step 1 -

...

Data needed

Before you can start configuring the SwissID as an external identity provider, you need the following data.

  • The customer has to set up a configuration with SwissID. This You will have to have an agreement with SwissID, if you haven’t one already, we are happy to assist you in this matter.

  • For the agreement you will need to provide a callback url which looks like this https://[auth-server-url]/signin-swissid

  • Once you have the agreement, the SwissID team will provide you with the a Client-Key and a Client-Secret.Levels of Authentication & Levels of Trust. These have to be documented by the Project-Manager and the Customer

  • The QoA level that you would like to use while performing an authentication request against SwissID

  • The URLs for the SwissID connection . The customer will define these and create them in cooperation with SwissIDdepending on the system PROD / INT.

Step 2 -

...

Add/Configure External Identity provider

To configure SwissID as an external identity provider, proceed with the following steps.

...

.

...

To modify or add an external identity provider go to SSO → External Identity providers

...

Those are some examples for the Configuration, you may change them depending on your needs:

Setting

Value

Name

SwissID

Description

Swiss Auth Provider

Display name

SwissID

State

Active

Icon

SwissID

Option type

iTsense.CoreLogin2.Server.ExternalAuthentication.Options.Specific.SwissIdOAuthProviderOptions, iTsense.CoreLogin2.Server, Version=4.1911.7.1, Culture=neutral, PublicKeyToken=null

Configuration

{ "clientId": "******", "clientSecret": "******", "AuthorizationEndpoint": "https://login.int.swissid.ch/idp/oauth2/authorize", "TokenEndpoint": "https://login.int.swissid.ch/idp/oauth2/access_token", "UserInformationEndpoint": "https://login.int.swissid.ch/idp/oauth2/userinfo"}

Info

Those are the INT URLs, change them according to the system you would like to connect to

Authentication scheme

SwissID

Trusted Adress

https://login.sandbox.pre.swissid.ch

Step 3 - Define the attribute mapping

As a next Step you can configure the Attribute-Mappings. The Attribute-Mappings defines which SwissID Claim should be automatically matched to which CoreOne Suite attribute.

Example for Attribute Mappings:

Attribute

Original Claim Type Name

Surename

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

Givenname

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

Email

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Step

...

4 - Set SwissID as your identity provider

You can set your identity provider in the portal. Under “Accounts and Security → Social Logins“ you can add or remove SwissID. This allows you to log in via SwissID-Button which will be displayed on the authentication-page of the CoreOne Suite.

Step

...

5 - Verify you SwissID Account

If you haven used SwissID before, you can register an Account by filling out the form. You have to verifiy verify your account with an activation-code which you will recieve receive per email.