Connect Signicat as authentication method
FoxIDs can be connected to Signicat with OpenID Connect and thereby authenticating end users with MitID and all other credentials supported by Signicat.
You can test the Signicat Express login with the online web app sample (sample docs) by clicking
Log in
and thenSignicat TEST
.
Take a look at the Signicat Express sample configuration in FoxIDs Control: https://control.foxids.com/test-corp
Get read access with the user[email protected]
and passwordTestAccess!
then select theProduction
environment and theAuthentication methods
tab.
You can create a free account on Signicat Express and get access to the dashbord. Her you have access to the test environment.
This guide describes how to connect a FoxIDs authentication method to the Signicat Express test environment.
Configuring Signicat as OpenID Provider (OP)
This connection use OpenID Connect Authorization Code flow with PKCE, which is the recommended OpenID Connect flow.
1 - Start by creating an API client in Signicat Express dashbord
- Navigate to Account and then API Clients
- Add the Client name
- In Auth Flow / Grant Type select Authorization code
- Copy the Secret
- Click Create
- Copy the Client ID
2 - Then create an OpenID Connect authentication method in FoxIDs Control Client
- Add the name
- Add the Signicat Express test authority
https://login-test.signicat.io
in the Authority field - Copy the three URLs:
Redirect URL
,Post logout redirect URL
andFront channel logout URL
- In the scopes list add
profile
- Add the Signicat Express secret in the Client secret field
- Select show advanced
- Add the Signicat Express client id in the Optional customer SP client ID field
- Click create
3 - Go back to Signicat Express dashbord
- Click OAuth / OpenID
- Click Edit
- Find the App URIs section
- Add the three URLs from the FoxIDs authentication method client:
Redirect URL
,Post logout redirect URL
andFront channel logout URL
in the respectively fields - Click Save
That's it, you are done.
The new authentication method can now be selected as an allowed authentication method in a application registration.
The application registration can read the claims from the authentication method. You can optionally add a*
in the application registration Issue claims list to issue all the claims to your application.