As a prerequisite step, RCMS requires the agency to be integrated with the RealMe login service, or to have completed the required integration steps.
The MTS environment can be configured to send sample tokens - login attributes token (LAT) for the login service and opaque token for the assert service.
For the RealMe ITE and Production environments, liaise with the Integrations team regarding the details of these steps.
For existing POST binding integrations, these additional steps are required:
Purchase a certificate for transport layer security and upload the public key; must meet the CA constraints and naming requirements that apply for Artifact binding back-channel mutual SSL certificate.
Download and complete the corresponding configuration request form.
The request requires the provision of a secure agency email address for the receipt of the RCMS API authorisation token.
Forward the completed request to the RealMe integration team.
As required, update the Opaque Token option for assertion service or the Login Attributes Token option for login service.
After completing an RCMS configuration request, download the RealMe mutual SSL certificate for the corresponding environment:
For ITE, the RCMS web service endpoints are https://ws.ite.realme.govt.nz/rcms/v1/issue and https://ws.ite.realme.govt.nz/rcms/v1/validate.
For Production, the RCMS endpoints are https://ws.realme.govt.nz/rcms/v1/issue and https://ws.realme.govt.nz/rcms/v1/validate.
The Assert then log in use case only requires the validate (redeem) endpoints; assertion service provides the opaque token.
All timestamps are the number of seconds from 1970-01-01T0:0:0Z that is, the NumericDate as defined in the JWT RFC (https://tools.ietf.org/html/rfc7519#page-6(external link)).