Introduction
The CoreOne Trustee Management Test Application can be used to demonstrate certain CoreOne Authentication Service features such as permission delegation, record matching and others. The application will be extended step-by-step but is still a work in progress. This page documents the features and the configuration needed.
Datastructure
The data is stored in a SQLite Database and data can currently only be edited with the SQLite DB Browser.
Configuration File
There is an appsettings.json
file that contains all the necessary configuration.
{ "Logging": { "LogLevel": { "Default": "Warning" } }, "AllowedHosts": "*", "AuthorizationServer": "https://demo.coreone.ch/", "ClientId": "iam-test-app", "ClientSecret": "myverysecuresecret", "SeedDataIfNewDatabase": true, "DeleteBillLoaAcr": "urn:customer:authentication:loa:2", "SqLiteDbPath": "database.db", "SubjectIdPrefix": "demoid:", "UseMinifiedRoleWithContextClaim": true // Introduced in version 9.1 }
Access Rights
There are a certain amount of access rights that are documented on the home page of the application. You will need to create them as resource objects withing the CoreOne Application Service and provision them to the CoreOne Authentication Service.
Features
Implemented in Version 1.0 (Moléson)
Authentication to the secured area with a natural persons (Bills and User Information)
Re-authentication with a configurable LoA to delete bills
Re-authentication with the clients LoA to approve a bill
Re-authentication with the clients LoA MAX to decline a bill
Implemented in Version 1.1 (Moléson)
Record matching to existing entries for natural persons
Implemented in Version 1.2 (Altenalptürm)
Only see the bills that the user has been granted access to
Authentication to the secured area with natural persons including their delegations for other natural persons
Authentication to the secured area with natural persons including their delegations for other legal entities
Implemented in Version 1.3 (Pilatus)
Allowed customising of customer name and authentication server name using the appsetting.json file
Implemented in Version 1.4 (Stockhorn)
Added reauthentication test feature. You now can now specify ACR values from the reauthentication tests tab on the user details page.
Pitfalls
A legal entity in the data structure should not have an Email address set
The application is not very robust at the moment. Please enable stdout in the
web.config
and check the log fileI added error messages that should indicate which object is missing in the data structure