Single sign-on (SSO)

Campos supports the following protocols:

• OpenID Connect
• SAML2
  

OpenID Connect

1. Add a new client to your Identity provider and register the following Redirect-URIs:

• https://signin.campos.ch/signin-<YourAuthScheme> 
• https://signin.stage.campos.ch/signin- (Test-System)

2. For the unique identification of users at least one of the following claims have to be exported:

• sub
• oid
• http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
  • It is recommended to use a stable ID that never changes (like a GUID) and avoid unstable attributes like email address (may change on marriage).

3. For the on-the-fly creation of users when sining in for the first time, following additional claims are needed:

• email
• given_name
• family_name
• locale (optional)
  

4. Communicate following information to devteam@icfm.ch:

• authority-URL (OAuth 2.0 Endpoint)
• newly created client ID for CAMPOS
   

ADFS with SAML2

1. Communicate the entityID (authority-URL) to devteam@icfm.ch

2. We will add your identity provider and give you the URL for the SAML metadata XML. It will look like https://signin.campos.ch/saml2/<YourAuthScheme> 

3. Import the metadata XML

4. Typical claim rules:

• User-Principal-Name -> email
• Given-Name -> given_name
• Surname -> family_name
• ObjectGUID -> Name ID
  • ObjectGUID is an ID that never changes
  • it is possible that the ObjectGUID is not in the drop down, just type it in