Sweco TSS - STS ClientSite (STS proxy)

Service Provider

Dette site anvendes til MiljøWeb brugerlogin.
MiljøWeb brugere sendes til Kombit Context Handler. Herfra sendes de til kommunens Identity Provider (ADFS eller anden), hvor de logger ind.
Herefter redirigeres de tilbage til STSClientSite, hvor brugeroplysninger (navn, roller mv) uddrages fra deres SAML token.
Disse oplysninger gemmes temporært i STSClientSite. Brugeren dirigeres derefter til MiljøWeb. Herfra kaldes STSClientSite m. unik guid for bruger for at opsamle brugerinfo.

Se venligst dokumentation for fuld beskrivelse

Configuration of connection with metadata exchange

The Identity Provider/Context Handler and the Service Provider (MiljøWeb / STSClientSite) must exchange metadata in order to establish SAML connections.
STSClientSite acts as Miljøweb in regards to this exchange, so the exchange is between STSClientSite and Identity Provider / Context Handler.

Procedure:

Configure metadata for MiljøWeb at Context Handler

The Service Providers (MiljøWebs) metadata is part of the registration of the Service at KOMBIT's administration infrastructure (https://serviceplatformen.dk/administration/).
Note: When MiljøWebs certificate is renewed the metadata must be regenerated and registered in STS Administration.

- A MiljøWeb certificate must be installed on the server running STSClientSite (STS proxy).
- The thumbprint of this certificate must be configured in Web.Config.
- STSClientSite metadatafil can now be generated and downloaded below (must specify authorization key (STSMetadataKey))
- Edit metadatafile (remove the tag 'validUntil="..."')
- Upload the metadatafile to STS Administration (https://serviceplatformen.dk/administration/, "MiljøWeb - brugervendt system" configuration)

Register metadata for Identity Provider / Context Handler at STSClientSite

- Get the Identity Provider/Context Handler's metadata
- Place this metadata file in folder shown below (after clicking "metadata config")

Specify authorization key to active metadata config: