Skip to main content

HelloID

TTS Residentweb SAML application setup
Introduction

This manual shows you how to set up a single sign-on connection to TTS Residentweb using the SAML protocol. The configuration takes place in HelloID and requires you to send information to TTS Technology To Serve.

Requirements:

  • HelloID environment

  • TTS Residentweb environment

Create or Import a Certificate

If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID Administrator Portal under Settings > Certificates. For this tutorial, we will use a self-signed certificate. Learn more about certificates here.

Application Setup
Add the Residentweb (SAML) Application

Create a new application in HelloID by navigating to Applications > Applications. Open the Application Catalog and search for "Residentweb". Find the SAML template, and click Add. Learn more about managing applications here.

mceclip0.png
General tab

On the General tab, fill the default login URL with the Residentweb environment SSO URL. Optionally, you may also add a description. Click Next.

mceclip1.png
Single Sign-on tab

On the Single Sign-On tab, perform the following steps:

  1. Issuer replace {customer} with the HelloID portal name.

  2. Endpoint URL replace {customer} with the residentweb portal name.

  3. Make sure the option Validate and use ACS request URL is Enabled

  4. Add the following value as ACS Validation List, replacing {customer} with the name of your residentweb portal: https://{customer}.residentweb.nl/simplesaml/module.php/saml/sp/saml2-acs.php/default-spOptionally if the mobile website is used add the following URL on a second line: https://{customer}.residentweb.nl/simplesaml/module.php/saml/sp/saml2-acs.php/mobile-sp

  5. You can keep the SP-initiated URL empty.

  6. Select the X509 Certificate you created in the first step.

  7. Add the following value as Extra audience, replacing {customer} with the name of your residentweb portal:

    https://{customer}.residentweb.nl/,https://{customer}.residentweb.nl/mobile/

  8. Click Save

mceclip2.png
Self service tab

On the Self Service tab, choose whether to automatically create a Self Service product, which makes the application requestable. This is optional. Click Next.

Finish tab

On the Finish tab, click Save to add the application to HelloID.

Credentials tab

Choose as option 'Credentials are configured by admin', Then use 'Enter custom value' and enter for both the NameID and userPrincipalName the value {{user.login.username}}.This might be different for your portal, in that case the TTS consultant will indicate that an other field would be necessary.

mceclip0.png
Additional Configuration

After adding the Residentweb application, click its Edit link on the applications overview. This will bring you to its properties page. Right-click Download metadata at the right top of the screen and Copy link address. This is the URL that you need to provide to TCG.

mceclip0.png
Residentweb Configuration
Request SAML

In order to make the connection, TTS Technology To Serve needs to add the connection on their side. This can be requested at TTS Technology To Serve.

To configure the SSO on the Residentweb side, they will need the metadata URL. Please provide the dynamic Metadata URL from the previous step.

In this section: