Core steps for technical integration

This page describes the core technical steps required for a basic Service Provider integration to the ITE or Production environments of the RealMe login service or the RealMe assertion service.

Prerequisites

The prerequisites for integration into the ITE environment include:

  • Successful integration with the respective Message Testing Service (MTS) environment. For most SAML SP solutions, this is required to test exception flows as well as assist with SAML component development.
  • An identity risk assessment has been completed for a RealMe login service integrations, or a private sector organisation is qualified as a participating agency for a RealMe assertion service integration.
  • Business processes reviewed by the RealMe integration team.

The prerequisites for Production integration include:

Core integration steps

1. Create certificates for the online service

For a SAML POST binding integration, a valid certificate is required for signing and encryption. Generally an additional certificate is not required for a subsequent online service for the same business context.

The certificates must meet the RealMe certificate requirements. The certificates produced must be signed by a Certificate Authority and must comply with the RealMe certificate naming convention.

It is also expected that the online service will have an additional certificate to support https webpage content.

2. Import the RealMe IdP metadata file

Import the RealMe login service SAML v2.0 metadata file and create an association with the appropriate RealMe login service environment.

Download the required ITE or Production metadata file:

ITE login service IdP metadata [ZIP, 3.9 KB]

Production login service IdP metadata [ZIP, 3.1 KB]

3. Export the online service SP metadata file

Export the organisation’s SP SAML v2.0 metadata file from the SAML v2.0 component. The key components to check for compliance with RealMe metadata requirements are:

  • EntityID
  • Endpoints (Attribute Consumer Service)
  • Public X.509 cert
4. Complete an online integration request

For an integration using POST binding:

  • Log in to access the online configuration tool - you should have received an invitation email from the RealMe integration team or your project manager.
  • Provide the required configuration details - this needs your organisation's SP metadata file, co-branding logo and provision of other initial configuration parameters. 
1. Create certificates for the online service

For a SAML POST binding integration, a valid certificate is required for signing and encryption. Generally an additional certificate is not required for a subsequent online service for the same business context.

The certificates must meet the RealMe certificate requirements. The certificates produced must be signed by a Certificate Authority and must comply with the RealMe certificate naming convention.

It is also expected that the online service will have an additional certificate to support https webpage content.

2. Import the RealMe IdP metadata file

Import the RealMe assertion service SAML v2.0 metadata file and create an association with the appropriate RealMe assertion service environment.

Download the required ITE or Production metadata file:

ITE assertion service IdP metadata [ZIP, 3.9 KB]

Production assertion service IdP metadata [ZIP, 3.2 KB]

3. Export the online service SP metadata file

Export the organisation’s SP SAML v2.0 metadata file from the SAML v2.0 component. The key components to check for compliance with RealMe metadata requirements are:

  • EntityID
  • Endpoints (Attribute Consumer Service)
  • Public X.509 cert
4. Complete an online integration request

For an integration using POST binding:

  • Log in to access the online configuration tool - you should have received an invitation email from the RealMe integration team or your project manager.
  • Provide the required configuration details - this needs your organisation's SP metadata file, co-branding logo and provision of other initial configuration parameters. 

Post-integration checks

You will be notified by email when the integration has been completed.

To test connectivity and completeness of the configuration, you should send an AuthnRequest to the login service. Check that components such as the co-branding logo, login page text and other items are as expected. Also check that the online service is handling SAML exceptions as expected by confirming user triggered conditions for AuthnFailed. If the online service required a Login Attributes Token, the receipt of this should also be tested.

Contact the RealMe integration team if any integration configuration problems are identified.