SwissID is a free service provided by SwissSign Group, a joint venture of state-affiliated businesses, financial institutions, insurance and health insurance companies. This identity provider can be used for authentication in the CoreOne Suite.
Before you can start configuring the SwissID as an external identity provider, you need the following data.
The customer has to set up a configuration with SwissID. This will provide you with the Client-Key and a Client-Secret.
Levels of Authentication & Levels of Trust. These have to be documented by the Project-Manager and the Customer
The URLs for the SwissID connection. The customer will define these and create them in cooperation with SwissID
To configure SwissID as an external identity provider, proceed with the following steps.
To modify or add an external identity provider go to SSO → External Identity providers
If SwissID already exists, you can modify this entry. Otherwise create a new one.
Those are some examples for the Configuration:
Setting | Value |
|---|---|
Name | SwissID |
Description | Swiss Auth Provider |
Display name | SwissID |
State | Active |
Icon | SwissID |
Option type | iTsense.CoreLogin2.Server.ExternalAuthentication.Options.Specific.SwissIdOAuthProviderOptions, iTsense.CoreLogin2.Server, Version=4.1911.7.1, Culture=neutral, PublicKeyToken=null |
Configuration | { "clientId": "******", "clientSecret": "******", "AuthorizationEndpoint": "https://login.int.swissid.ch/idp/oauth2/authorize", "TokenEndpoint": "https://login.int.swissid.ch/idp/oauth2/access_token", "UserInformationEndpoint": "https://login.int.swissid.ch/idp/oauth2/userinfo"} |
Authentication scheme | SwissID |
As a next Step you can configure the Attribute-Mappings
Example for Attribute Mappings:
Attribute | Original Claim Type Name |
|---|---|
Surename | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
Givenname | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
You can set your identity provider in the portal. Under “Accounts and Security → Social Logins“ you can add or remove SwissID. This allows you to log in via SwissID-Button which will be displayed on the authentication-page of the CoreOne Suite.
If you haven used SwissID before, you can register an Account by filling out the form. You have to verifiy your account with an activation-code which you will recieve per email.