Network usage for HelseID

HelseID is a service that uses the web browser for user logon. HelseID is available both via the Internet and via the Norwegian health network (Helsenettet), but not all of the identity providers we support are available on Helsenettet.

To ensure a correct network setup you must either

  1. set up a proxy that automatically routes the network traffic as expected, or
  2. set up your own firewall and DNS as required

Furthermore, you will need to ensure

  • that your system trusts the HelseID signing certificate
  • that your system clock is synchronized with the NHN time server

Ensuring correct network setup

Your network can either be setup using the NHN proxy server or you can manually setup the required firewall exceptions and DNS.

Proxy setup

Using the NHN proxy server gives access to all the required services. In most cases this is the easiest was to ensure your environment supports HelseID. Setting up the proxy server is done by using the following automatic configuration: http://config.nhn.no/kunde.pac.

The following screenshot gives an example of how to set this up manually on Windows in Internet Explorer:

Tykklient

⚠️  Warning

We expect your IT-department to setup an automatic deployment of this configuration to all relevant web browsers, we do not recommend that users set this up manually. It is the responsibility of your organization to ensure that this configuration does not interrupt any other services you may use.

Firewall and DNS configuration for the HelseID production environment

Description Domain names and addresses (Internet) Domain names and addresses (Helsenettet)
HelseID helseid-sts.nhn.no: 91.186.66.76 & 83.118.188.93 helseid-sts.nhn.no: 91.186.92.124 & 91.186.86.41
ID-porten

login.idporten.no: 139.105.36.167

bankid-integration.idporten.no 139.105.36.167

buypass-integration.idporten.no 139.105.36.167

commfides-integration.idporten.no 139.105.36.167

login.minid.no 139.105.36.166

minid-integration.idporten.no 139.105.36.167

Not available in Helsenettet
Buypass ID provider

secure.buypass.no: 185.62.160.142 & 185.62.162.142

auth.tsp.buypass.no: 185.62.162.168

secure.nhn.buypass.no: 91.186.95.67

auth.tsp.buypass.no: 91.186.95.211

Commfides ID provider

app03.commfides.com: 91.232.83.41

openid.commfides.com: 91.232.83.30

app03.commfides.com: 91.186.95.25

openid.commfides.com: 91.186.95.25

BankID ID provider

csfe.bankid.no: 193.26.146.36

login.bankid.no: 79.171.82.41

auth.bankid.no: 79.171.82.40

Not available in Helsenettet

All addresses are used with port number 443.

Firewall and DNS configuration for the HelseID test environment

Only HelseID is available on Helsenettet, all other adresses are on the Internet.

Description Domain names and addresses
HelseID (Internet) helseid-sts.test.nhn.no: 91.186.67.113 & 83.118.188.94
HelseID (Helsenettet) helseid-sts.test.nhn.no: 83.118.129.185 & 91.186.86.46
Test IDP hid-testidpnew.test.nhn.no: 13.95.128.75
ID-porten

test.idporten.no: 139.105.36.135

login.test.idporten.no: 139.105.36.135

Buypass ID provider

auth.tsp.test4.buypass.no: 185.62.163.159

secure.test4.buypass.no: 185.62.163.53

Commfides ID provider

app03.test.commfides.com: 91.232.83.133

openid.test.commfides.com: 91.232.83.115
BankID ID provider

csfe-preprod.bankid.no: 193.26.146.6

login.current.bankid.no: 79.171.82.45

auth.current.bankid.no: 79.171.82.44

All addresses are used with port number 443.

Trusted root certificates

The HelseID signing certificate is issued by Buypass and the Buypass root certificates must be trusted in all environments using HelseID.

These root certificates are already installed in most operating systems, but if you need to register them manually they can be downloaded from the following addresses:

Name Download URL
Buypass Class 3 Root CA https://www.buypass.no/cert/BPClass3RootCA.cer
Buypass Class 2 Root CA https://www.buypass.no/cert/BPClass2RootCA.cer

On Windows these certificates must be placed in the Local Computer / Trusted Root Certificate Authorities / Certificates store.

Time server setup

To use HelseID the system clock must be in sync with HelseID. For servers using the health network (Helsenettet) the following server is available: ntp.nhn.no.