Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Introduction

An external identity provider can be used to authenticate users with a federated party such as another Identity Provider oder a Social Login. Once you have configured the external identity provider, you can add it to the Level of Authentication configuration.

Properties

Whenever you are creating of updating a external identity provider, you have to specify the following properties:

Property

Data Type

Mandatory

Example

Description

Name

String

(tick)

Google

The name of the external provider

Description

String

Enables user to login with their Google accounts

Description of the external provider

Description name key

Translation Key

Customer.ExternalIdentityProvider.Google.Description

A translation key to translate the description in different languages

Display name

String

Google

Used to display the external identity provider to users

Display name key

String

Customer.ExternalIdentityProvider.Google.Displayname

A translation key to translate the display name in different languages

Icon

Drop Down

(tick)

Google

Choose any of the available logos

State

Drop Down

(tick)

Active

Usually active or inactive

Option type

Drop Down

(tick)

GoogleOAuthProviderOptions

Depending on the external providers technology:

  • GenericCustomOAuthOptions

  • GenericOpenIdConnectOptions

  • GenericCustomWsFederationOptions

  • SwissIdOAuthOptions

  • GoogleOAuthProviderOptions

  • FacebookOAuthProviderOptions

They all represent the ASP.NETCore Connection Options. For further details see their appropriate documentation such as https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.openidconnect.openidconnectoptions?view=aspnetcore-6.0

Configuration

String

{
  "clientId": "9920356573-3ksmjore7esuiq7p17dh06vpm4a.apps.googleusercontent.com",
  "clientSecret": "xxaeraaF8adsljfkclajf"
}

A simple example for the GoogleOAuthProviderOptions where you only have to add the clientId and clientSecret

Authentication scheme

String

(tick)

google

This name will be used in the callback url i.e. https://idp.coreone.ch/callback/google

Trusted address

String

(tick)

https://accounts.google.com/

Those addresses will be added to the Content Security Policy in order to allow a form submit to and from those pages.

Automatically link user account

Boolean

(tick)

When a user can be merged with an existing user, this boolean indicates whether or not the user should be asked to do so.

Attribute Mapping

In the attribute mapping you can define mapping rules to map an external identity providers claim to a CoreOne Suite Attribute of the appropriate Core Identity. For example you can map the claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname provided by Google to the CoreOne Suite Attribute First name.

You also have the option to define a default value in case the value was not provided and you can set the synchronize flag to true, so that those values will be updated each time when a user logs in.

Claim Mapping

When you do not want to store the claims provided by the external identity provider in the CoreOne Suite Meta Directory but you would like to include the claims in the token, you can configure a simple claim mapping. I.e. you can map the external claim http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname to the claim given_name.

Starting from version 8.0: When configuring a mapping, you can also specify if this mapping can be used to identify a user uniquely in an auto merge process by setting the can identify a user flag.

  • No labels