How-To setup SwissID as Identity Provider (IdP)

Introduction

SwissID is a free service provided by SwissSign Group, a joint venture of state-affiliated businesses, financial institutions, insurance and health insurance companies. This identity provider can be used for authentication in the CoreOne Suite.

Step 1 - Data needed

Before you can start configuring the SwissID as an external identity provider, you need the following data.

You will have to have an agreement with SwissID, if you haven’t one already, we are happy to assist you in this matter.
For the agreement you will need to provide a callback url which looks like this https://[auth-server-url]/signin-swissid
Once you have the agreement, the SwissID team will provide you with a Client-Key and a Client-Secret.
The QoA level that you would like to use while performing an authentication request against SwissID
The URLs for the SwissID connection depending on the system PROD / INT.

Step 2 - Add/Configure External Identity provider

To configure SwissID as an external identity provider, proceed with the following steps. To modify or add an external identity provider go to SSO → External Identity providers

If SwissID already exists, you can modify this entry. Otherwise create a new one.

Those are some examples for the Configuration, you may change them depending on your needs:

Setting	Value

Setting	Value
`Name`	SwissID
`Description`	Swiss Auth Provider
`Display name`	SwissID
`State`	Active
`Icon`	SwissID
`Option type`	iTsense.CoreLogin2.Server.ExternalAuthentication.Options.Specific.SwissIdOAuthProviderOptions, iTsense.CoreLogin2.Server, Version=4.1911.7.1, Culture=neutral, PublicKeyToken=null
`Configuration`	{ "clientId": "****", "clientSecret": "****", "AuthorizationEndpoint": "https://login.int.swissid.ch/idp/oauth2/authorize", "TokenEndpoint": "https://login.int.swissid.ch/idp/oauth2/access_token", "UserInformationEndpoint": "https://login.int.swissid.ch/idp/oauth2/userinfo"} Those are the INT URLs, change them according to the system you would like to connect to
`Authentication scheme`	SwissID
`Trusted Adress`	https://login.sandbox.pre.swissid.ch

Step 3 - Define the attribute mapping

As a next Step you can configure the Attribute-Mappings. The Attribute-Mappings defines which SwissID Claim should be automatically matched to which CoreOne Suite attribute.

Example for Attribute Mappings:

Attribute	Original Claim Type Name

Attribute	Original Claim Type Name
`Surename`	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
`Givenname`	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
`Email`	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Step 4 - Set SwissID as your identity provider

You can set your identity provider in the portal. Under “Accounts and Security → Social Logins“ you can add or remove SwissID. This allows you to log in via SwissID-Button which will be displayed on the authentication-page of the CoreOne Suite.

Step 5 - Verify you SwissID Account

If you haven used SwissID before, you can register an Account by filling out the form. You have to verify your account with an activation-code which you will receive per email.