Introduction
SwissID is a free service provided by SwissSign Group, a joint venture of state-affiliated businesses, financial institutions, insurance and health insurance companies. This identity provider can be used for authentication in the CoreOne Suite.
Step 1 - Needed Data
Before you can start configuring the SwissID as an external identity provider, you need the following data.
The customer has to set up a configuration with SwissID. This will provide you with the Client-Key and a Client-Secret.
Levels of Authentication & Levels of Trust. These have to be documented by the Project-Manager and the Customer
The URLs for the SwissID connection. The customer will define these and create them in cooperation with SwissID
Step 2 - Configuration
To configure SwissID as an external identity provider, proceed with the following steps.
2.1 Add/Configure External Identity provider
To modify or add an external identity provider go to SSO → External Identity providers
If SwissID already exists, you can modify this entry. Otherwise create a new one.
Those are some examples for the Configuration:
Setting | Value |
|---|---|
Name | SwissID |
Description | Swiss Auth Provider |
Display name | SwissID |
State | Active |
Icon | SwissID |
Option type | iTsense.CoreLogin2.Server.ExternalAuthentication.Options.Specific.SwissIdOAuthProviderOptions, iTsense.CoreLogin2.Server, Version=4.1911.7.1, Culture=neutral, PublicKeyToken=null |
Configuration | { "clientId": "******", "clientSecret": "******", "AuthorizationEndpoint": "https://login.int.swissid.ch/idp/oauth2/authorize", "TokenEndpoint": "https://login.int.swissid.ch/idp/oauth2/access_token", "UserInformationEndpoint": "https://login.int.swissid.ch/idp/oauth2/userinfo"} |
Authentication scheme | SwissID |
As a next Step you can configure the Attribute-Mappings
Example for Attribute Mappings:
Attribute | Original Claim Type Name |
|---|---|
Surename | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
Givenname | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
Step 3 - Set SwissID as your identity provider
You can set your identity provider in the portal. Under “Accounts and Security → Social Logins“ you can add or remove SwissID. This allows you to log in via SwissID-Button which will be displayed on the authentication-page of the CoreOne Suite.
Step 4 - Verify you SwissID Account
If you haven used SwissID before, you can register an Account by filling out the form. You have to verifiy your account with an activation-code which you will recieve per email.