Network usage for HelseID
HelseID is a service that uses the web browser for user logon. HelseID is available both via the Internet and via the Norwegian health network (Helsenettet), but not all of the identity providers we support are available on Helsenettet.
To ensure a correct network setup you must either
- set up a proxy that automatically routes the network traffic as expected, or
- set up your own firewall and DNS as required
Furthermore, you will need to ensure
- that your system trusts the HelseID signing certificate
- that your system clock is synchronized with the NHN time server
Ensuring correct network setup
Your network can either be setup using the NHN proxy server or you can manually setup the required firewall exceptions and DNS.
Proxy setup
Using the NHN proxy server gives access to all the required services. In most cases this is the easiest was to ensure your environment supports HelseID. Setting up the proxy server is done by using the following automatic configuration: http://config.nhn.no/kunde.pac.
The following screenshot gives an example of how to set this up manually on Windows in Internet Explorer:
⚠️ Warning
We expect your IT-department to setup an automatic deployment of this configuration to all relevant web browsers, we do not recommend that users set this up manually. It is the responsibility of your organization to ensure that this configuration does not interrupt any other services you may use.
Firewall and DNS configuration for the HelseID production environment
Description | Domain names and addresses (Internet) | Domain names and addresses (Helsenettet) |
---|---|---|
HelseID | helseid-sts.nhn.no: 91.186.66.76 & 83.118.188.93 | helseid-sts.nhn.no: 91.186.92.124 & 91.186.86.41 |
ID-porten | login.idporten.no: 139.105.36.167 bankid-integration.idporten.no 139.105.36.167 buypass-integration.idporten.no 139.105.36.167 commfides-integration.idporten.no 139.105.36.167 login.minid.no 139.105.36.166 minid-integration.idporten.no 139.105.36.167 |
Not available in Helsenettet |
Buypass ID provider | secure.buypass.no: 185.62.160.142 & 185.62.162.142 auth.tsp.buypass.no: 185.62.162.168 |
secure.nhn.buypass.no: 91.186.95.67 auth.tsp.buypass.no: 91.186.95.211 |
Commfides ID provider | app03.commfides.com: 91.232.83.41 openid.commfides.com: 91.232.83.30 |
app03.commfides.com: 91.186.95.25 openid.commfides.com: 91.186.95.25 |
BankID ID provider | csfe.bankid.no: 193.26.146.36 login.bankid.no: 79.171.82.41 auth.bankid.no: 79.171.82.40 |
Not available in Helsenettet |
All addresses are used with port number 443.
Firewall and DNS configuration for the HelseID test environment
Only HelseID is available on Helsenettet, all other adresses are on the Internet.
Description | Domain names and addresses |
---|---|
HelseID (Internet) | helseid-sts.test.nhn.no: 91.186.67.113 & 83.118.188.94 |
HelseID (Helsenettet) | helseid-sts.test.nhn.no: 83.118.129.185 & 91.186.86.46 |
Test IDP | hid-testidpnew.test.nhn.no: 13.95.128.75 |
ID-porten | test.idporten.no: 139.105.36.135 login.test.idporten.no: 139.105.36.135 |
Buypass ID provider | auth.tsp.test4.buypass.no: 185.62.163.159 secure.test4.buypass.no: 185.62.163.53 |
Commfides ID provider | app03.test.commfides.com: 91.232.83.133 openid.test.commfides.com: 91.232.83.115 |
BankID ID provider | csfe-preprod.bankid.no: 193.26.146.6 login.current.bankid.no: 79.171.82.45auth.current.bankid.no: 79.171.82.44 |
All addresses are used with port number 443.
Trusted root certificates
The HelseID signing certificate is issued by Buypass and the Buypass root certificates must be trusted in all environments using HelseID.
These root certificates are already installed in most operating systems, but if you need to register them manually they can be downloaded from the following addresses:
Name | Download URL |
---|---|
Buypass Class 3 Root CA | https://www.buypass.no/cert/BPClass3RootCA.cer |
Buypass Class 2 Root CA | https://www.buypass.no/cert/BPClass2RootCA.cer |
On Windows these certificates must be placed in the Local Computer / Trusted Root Certificate Authorities / Certificates store.
Time server setup
To use HelseID the system clock must be in sync with HelseID. For servers using the health network (Helsenettet) the following server is available: ntp.nhn.no.