RealMe for Developers and Integration Teams
RealMe.

OIDC client configuration

The client organisation must provide the following configuration details to integrate with the RealMe OIDC Authorisation and Token endpoints:

  Configuration Item

Description

entity_id

The identifier of the digital service. This is used to maintain the RealMe privacy domain requirements:

https://${agencyorganisation_domain-name}/${privacy_domain_realm}/${service_name}

For example, https://www.example.govt.nz/customerservices/first-application(external link)

redirect_uri

The Redirect URI(s) where the response will be sent.  The Redirect URI MUST use the https scheme and must be a static URL, i.e. query parameters are not accepted (use the state parameter in the AuthnRequest instead).

Organisation Name

The name of the integrating Organisation.

Populates ‘Where have I used RealMe’ (account) and View FLTs (helpdesk) and the ‘Organisation’ field in the audit logs.

Display Name

The name of the service.

Populates the ‘Service’ name in the audit logs.

Help Desk

The identifier of the Help Desk associated with the service. The default is RealMe Help Desk.

Organisation Logo

The organisation / service logo to display on the RealMe login page banner.

Refer to the agency co-branding section on the Developer’s website for further information.

Header Colour

The hex value of the colour to display as background on the RealMe login page banner.

Refer to the agency co-branding  section on the Developer’s website for further information.

RealMe Logo Colour

The colour of the RealMe logoto display on the RealMe login banner.

-          Tangerine – for light backgrounds

-          White – for dark backgrounds

Refer to the agency co-branding  section on the Developer’s website for further information.

Return to Service Text

Populates the ‘Go back to’ text on the RealMe login page. This should be the name of your service not a URL. When clicked an access_denied error is returned for the service to handle.  

Refer to the agency co-branding page on the Developer’s website for further information.

The following configuration items are only required if using the Assertion Service.

Client Name

The name of the organisation to display on the consent page. Usually the same as the Organisation Name but MAY be different if required.

Assertion Flow

The type of Assertion flow:

-          AssertOnly: return only verified attributes with no login information (FLT).  Will return a failed response if no verified attributes are returned from IVS.

-          AssertAndAlwaysLogin: return verified attributes and login information (FLT).  Will return a successful response if no verified attributes are returned from IVS.

Display Error Page

For AssertOnly. Boolean value which denotes whether a RealMe error message is displayed should there be no IVS attributes returned.

IVS

Denotes whether verified identity data is required, optional or not required. Possible values are Required, Request or None.

Identity Sharing Terms

A series of string values used to populate the Identity Sharing Terms:

-          What information has been requested?

-          What purpose is my information being used for?

-          Where is my information being sent?

-          How long will it be kept?

-          Will it be used for another purpose?

-          Where can I find out more?

 

Refer to the Identity Sharing Terms section on the other design considerations for assert page of the Developer’s website for further information.

Only required if IVS is Required or Request.

AVS

Denotes whether verified address data is requested or not required. Possible values are Request or None.

Address Sharing Terms

A series of string values used to populate the Address Sharing Terms:

-          What information has been requested?

-          What purpose is my information being used for?

-          Where is my information being sent?

-          How long will it be kept?

-          Will it be used for another purpose?

-          Where can I find out more?

 

Refer to the Identity Sharing Terms section on the other design considerations for assert page of the Developer’s website for further information (Address Sharing Terms use the same template).

Only required if AVS is Request.