Additional steps for RCMS integration


As a prerequisite step, RCMS requires the agency to be integrated with the RealMe login service, or to have completed the required integration steps.

The MTS environment can be configured to send sample tokens - login attributes token (LAT) for the login service and opaque token for the assert service.

For the RealMe ITE and Production environments, liaise with the Integrations team regarding the details of these steps.

RCMS integration steps

For existing POST binding integrations, these additional steps are required:

1. Mutual SSL certificate purchase

Purchase a certificate for transport layer security and upload the public key; must meet the CA constraints and naming requirements that apply for Artifact binding back-channel mutual SSL certificate.

2. Complete a RCMS integration request

Download and complete the corresponding configuration request form.

ITE [DOC, 214 KB]

Production [DOC, 210 KB]

The request requires the provision of a secure agency email address for the receipt of the RCMS API authorisation token.

Forward the completed request to the RealMe integration team.

3. Update existing RealMe services

As required, update the Opaque Token option for assertion service or the Login Attributes Token option for login service.

4. Web service certificates

After completing an RCMS configuration request, download the RealMe mutual SSL certificate for the corresponding environment:

ITE [ZIP, 4.5 KB]

Production [ZIP, 4.6 KB]

5. Web service endpoints 

For ITE, the RCMS web service endpoints are and

For Production, the RCMS endpoints are and

The Assert then log in use case only requires the validate (redeem) endpoints; assertion service provides the opaque token.

All timestamps are the number of seconds from 1970-01-01T0:0:0Z that is, the NumericDate as defined in the JWT RFC ( link)).