Up-party - connect Signicat with OpenID Connect
FoxIDs can be connected to Signicat with OpenID Connect and thereby authenticating end users with MitID and all other credentials supported by Signicat.
A connection to Signicat Express can be tested with the samples. E.g., with the AspNetCoreOidcAuthCodeAllUpPartiesSample in the sample solution.
You can create a free account on Signicat Express and get access to the dashbord. Her you have access to the test environment.
This guide describes how to connect a FoxIDs up-party to the Signicat Express test environment.
Configuring Signicat as OpenID Provider (OP)
This connection use OpenID Connect Authorization Code flow with PKCE, which is the recommended OpenID Connect flow.
1 - Start by creating an API client in Signicat Express dashbord
- Navigate to Account and then API Clients
- Add the Client name
- In Auth Flow / Grant Type select Authorization code
- Copy the Secret
- Click Create
- Copy the Client ID
2 - Then create an OpenID Connect up-party client in FoxIDs Control Client
- Add the name
- Add the Signicat Express test authority
https://login-test.signicat.ioin the Authority field - Copy the three URLs:
Redirect URL,Post logout redirect URLandFront channel logout URL - In the scopes list add
profile - Add the Signicat Express secret in the Client secret field
- Select show advanced settings
- Add the Signicat Express client id in the Optional customer SP client ID field
- Click create
3 - Go back to Signicat Express dashbord
- Click OAuth / OpenID
- Click Edit
- Find the App URIs section
- Add the three URLs from the FoxIDs up-party client:
Redirect URL,Post logout redirect URLandFront channel logout URLin the respectively fields - Click Save
That's it, you are done.
The new up-party can now be selected as an allowed up-party in a down-party.
The down-party can read the claims from the up-party. You can optionally add a*in the down-party Issue claims list to issue all the claims to your application.