Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Introduction

The CoreOne Suite offers you the possibility to establish a federation with with predefined external Identity Providers such as SwissID oder Google, or with any generic provider that supports OpenID Connect. In this how-to we will focus on the later use case. If you are interested in setting up a federation with SwissID, please see the How-To setup SwissID as Identity Provider (IdP) page.

Step 1 - Data needed

Your external Identity Provider has to be configured in such a way, that federation to the CoreOne Suite is allowed. Usually this is done by adding an appropriate client to the configuration. If you have done that, you will get the following information:

  • client identifier and a client secret

  • Authentication URL

  • You might also need to provide a redirect url to your external identity provider. This is usually https://{authurl}/signin-oidc

Step 2 - Add/Configure External Identity provider

In the CoreOne Admin UI navigate to SSO → External Identity providers and select Add.

On the creation mask you have to provide the following data:

Property

Value

Description

Name

CoreOne Demo

The name of your external IdP

Description

The IdP of the CoreOne Demo enviroment

A description for your external IdP

Description Name Key

Customer.ExternalIdP.CoreOneDemo.Description

A translation key for the description

Display Name

CoreOne Demo Login

A display name that is presented to users

Display Name Name Key

Customer.ExternalIdP.CoreOneDemo.DisplayName

A translation key for the display name that is presented to users

Icon

-

An icon from the icon table if one has been defiend

State

Active

The state of the external IdP

Option type

GenericCustomOAuthOptions

Depending on the type either select GenericOpenIdConnectOptions or GenericCustomOAuthOptions or GenericCustomWsFederationOptions

Configuration 

{
  "clientId": "cos_login",
  "clientSecret": "Secret",
  "callbackPath": "/core-login-local",
  "authorizationEndpoint": "https://demo-auth.coreone.ch/connect/authorize",
  "tokenEndpoint": "https://demo-auth.coreone.ch/connect/token",
  "userInformationEndpoint": "https://demo-auth.coreone.ch/connect/userinfo",
}

https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.openidconnect.openidconnectoptions?view=aspnetcore-3.1

Authentication scheme

CoreLoginLocal

A unique scheme name

Trusted Address

https://demo-auth.itsense.ch

The URL where the user will be redirected to

Step 3 - Define the attribute mapping

As a next Step you can configure the Attribute-Mappings. The Attribute-Mappings defines which external claims should be automatically matched to which CoreOne Suite attribute.

Example for Attribute Mappings:

Attribute

Original Claim Type Name

Surename

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

Givenname

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

Email

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Step 4 - Add the external provider to your Level of Authentication

Under SSO → Level of Authentications select the appropriate record and add a new Level of Authentication Entry by clicking Add in the Level of Authentication Entries list.

Enter a name and navigate to the detail page after you hit save. On the detail page add your external identity provider to the list of logon configurations and your are done.

  • No labels

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.