Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

HelseID is a webservice that is used via a web browser. It is available both via the Internet and via the norwegian health network (Helsenettet), but some of the identity providers we support are only available on the Internet.

To use HelseID you must either setup a proxy that automatically routes the network traffic as expected, or you can manually setup your firewall and DNS as required. Further you need to ensure that your server trusts the HelseID signing certificate by ensuring that the required root certificates are available and you must ensure that your server clock is synchronized with the NHN time server.

Ensuring correct network setup

Your network can either be setup using the NHN proxy server or you can manually setup the required firewall exceptions and DNS.

Proxy setup

Using the NHN proxy server gives access to all the required services. In most cases this is the easiest was to ensure your environment supports HelseID. Setting up the proxy server is done by using the following automatic configuration: http://config.nhn.no/kunde.pac

The following figure is an example of how to set this up manually on Windows in Internet Explorer:

Warning: We expect your IT-department to setup an automatic deployment of this configuration to all relevant web browsers, we do not recommend that users set this up manually. It is the responsibility of your organization to ensure that this configuration does not interrupt any other services you may use.

Firewall and DNS configuration for the HelseID production environment

Description

Internet

Helsenettet

HelseID

helseid-sts.nhn.no, 91.186.66.76

helseid-sts.nhn.no, 91.186.92.124

ID-porten

idporten.difi.no, 146.192.252.60

Not available in Helsenettet

ID-porten OpenID Connect provider

oidc.difi.no, 146.192.252.54

146.192.252.54

Not available in Helsenettet

Buypass ID provider

secure.buypass.no, 85.62.160.142

185.62.162.142

secure.nhn.buypass.no, 91.186.95.67

Commfides ID provider

app03.commfides.com, 91.232.83.41

app03.commfides.com, 91.186.95.25

BankID ID provider

csfe.bankid.no, 193.26.146.36

login.bankid.no, 79.171.82.41

auth.bankid.no, 79.171.82.40

Not available in Helsenettet

The port number for all addresses is 443.

Firewall and DNS configuration for the HelseID test environment

Description

Internet

Helsenettet

HelseID

helseid-sts.test.nhn.no, 83.118.184.74

helseid-sts.test.nhn.no, 91.186.86.175

ID-porten

idporten-ver2.difi.no, 146.192.252.156

Not available in Helsenettet

ID-porten OpenID Connect provider

oidc-ver2.difi.no, 146.192.252.152

Not available in Helsenettet

Buypass ID provider

auth.tsp.test4.buypass.no, 185.62.163.159

secure.test4.buypass.no, 185.62.163.53

Not available in Helsenettet

Commfides ID provider

app03.test.commfides.com, 91.232.83.133

Not available in Helsenettet

BankID ID provider

csfe-preprod.bankid.no, 193.26.146.6

Not available in Helsenettet

The port number for all addresses is 443.

Trusted root certificates

The HelseID signing certificate is issued by Buypass and the Buypass root certificates must be trusted in all environments using HelseID.

These root certificates are already installed in most operating systems but if you need to register them manually they can be downloaded from the following addresses:

Name

Download url

Buypass Class 3 Root CA

https://www.buypass.no/cert/BPClass3RootCA.cer

Buypass Class 2 Root CA

https://www.buypass.no/cert/BPClass2RootCA.cer

On Windows these certificates must be placed in the Local Computer / Trusted Root Certificate Authorities / Certificates store.

Time server setup

To use HelseID the server clock must be synchronized with the NHN time server. For servers in the health network (Helsenettet) the following server is available: ntp.nhn.no.

  • No labels