Somtoday OpenID application setup
Introduction
This manual shows how to make an OpenID connection to Somtoday. The configuration takes place in HelloID and requires you to send information to Somtoday.
Requirements:
HelloID environment
Somtoday environment
Users who wish to make use of the SSO are required to have their 'external username' in filled in Somtoday
Create or Import a Certificate
If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID Administrator Portal under Settings > Certificates. For this tutorial, we will use a self-signed certificate. Learn more about certificates here.
Application Setup
Add the Somtoday Application
Create a new application in HelloID by navigating to Applications > Applications. Open the Application Catalogue and search for "Somtoday". Find the OpenID template, and click Add. Learn more about managing applications here.
General tab
On the General tab, for now, you can leave the default value in the Default Login URL. Somtoday will provide the Login URL. After which the Default Login URL has to be changed! See Final steps - HelloID -Change Default Login URL.
For example: https://somtoday.nl/oidc?iss=https://enyoi-helloid.com/oauth2/v2/1ad13e41-cb17-4488-be1e-ef5d1ccb1914&organization=eab7bc 88-5d94-4234-8a71-015g6356dd0a
Note: https://somtoday.nl/oidc?iss=https://enyoi-helloid.com/oauth2/v2/1ad13e41-cb17-4488-be1e-ef5d1ccb1914&organization=eab7bc 88-5d94-4234-8a71-015g6356dd0a will not work! This is just an example.
Optionally, you may also add a description. Click Next.
Single Sign-on tab
On the Single Sign-On tab, perform the following steps:
Provide a value in the Secret field.
This can be any value that you want. Although we suggest a string of at least 52 characters.
In the Signing Certificate dropdown, select the certificate that you created or imported previously.
If you are connecting to a test environment, add a second Redirect Uri for https://test.somtoday.nl/oidc
Click Next.
Self service tab
On the Self Service tab, choose whether to automatically create a Self Service product, which makes the application requestable. This is optional. Click Next.
Finish tab
On the Finish tab, click Save to add the application to HelloID.
Additional Configuration
Discovery document
After adding the Somtoday application, click its Edit link on the applications overview. This will bring you to its properties page. Right-click View discovery document at the right top of the screen and Copy link address. Make note of it, as you will need to provide this information to Somtoday later on.
Client ID & Client Secret
We also need the Client ID
Go to the Configuration tab of the application. Make note of the Client ID.
And finally, we also need the Client secret. At the configuration tab, click the "eye" icon next to the Secret to view the secret. Make note of the Secret aswell.
Configure Mapping Set
Somtoday requires the matching key to be in the Subject. By default we provide the HelloID user GUID here. We shall have to change this.
On the Configuration tab of the application click Configure Mapping Set.
A popup will show with the notification that all changes will be lost when you proceed.
If there haven't been made any changes, click Proceed. Otherwise click cancel and first save the application.
We will end up on the Mapping Set configuration page. Click Change mappings.
The Mapping for Profile screen will pop up. In here we need to change the value for the Subject. Change this to a value in HelloID which matches the external username in Somtoday. For example to {{user.contactemail}} (HelloID contact email).
Click Close and then click Save. The configuration of the HelloID application is finished.
Somtoday Configuration
Request SSO
In order to make the connection, Somtoday needs to add the connection on their side. This can be requested at Somtoday.
To configure the SSO on the Somtoday side, they will need the following information:
Client IDThe Client ID is a GUID automatically generated when creating an application in your HelloID environment. At Additional Configuration - Client ID & Client Secret is described where to find this.#additional-configuration-23007 For example: 478ecc46-0b96-4e74-baa4-b08995cd35fb
Note: https://enyoi.helloid.com will not work! This is just an example.
Client SecretThe Client Secret you specified at step 1. at the Single Sign-on Tab of the HelloID configuration (if forgotten, at the Additional Configuration - Client ID & Client Secret is described where to find this again).
For example: Hc2V5v4fJmPm4vNFgX2tGmNWdUGEy2PCtXXTLkBQQUvsgrC3TeUR
Note: Hc2V5v4fJmPm4vNFgX2tGmNWdUGEy2PCtXXTLkBQQUvsgrC3TeUR will not work! This is just an example.
IssuerPlease provide the discovery document URL to Somtoday. They can browse to this URL to find the issuer This is the link address you copied at the Additional Configuration - Discovery document For example: https://enyoi.helloid.com/oauth2/v2/478ecc46-0b96-4e74-baa4-b08995cd35fb/.well-known/openid-configuration/
Note: https://enyoi.helloid.com/oauth2/v2/478ecc46-0b96-4e74-baa4-b08995cd35fb/.well-known/openid-configuration/ will not work! This is just an example
Final steps
HelloID
Change Default Login URL
After Somtoday has added the connection on their side, they can provide the Login URL.
When creating the HelloID application, the Default Login URL On the General tab, has been left unchanged. Now this has to be changed to the Login URL Somtoday has provided.
After this change the SSO configuration is finished! All that's left now is to test the SSO.
Somtoday
Registering Somtoday users for use of SSO
In order to allow a user to make use of the SSO, the external username has to be entered for that user in Somtoday.
When this value has been entered, the user can make use of the SSO.