Core steps for technical OIDC integration

This page describes the core technical steps required for a RealMe integration to the ITE or Production environments of the login or assertion service using OpenID Connect.

Prerequisites

The prerequisites for integration into the ITE environment include:

• Successful integration with the respective Messaging Test Service (external link)(MTS)(external link) environment. This is required to test exception flows as well as assist with component development.
• An identity risk assessment(external link) has been completed for a RealMe login service integration, or a private sector organisation is qualified as a participating agency for a RealMe assertion service integration.
• Business processes have been reviewed by the RealMe integration team.

The prerequisites for Production integration include:

• Successful integration into the respective ITE environment, including RealMe approved application design and co-branding decisions.
• Deployment (go-live) criteria has been met.
• Production scheduling agreed with the RealMe integration team.

 

Core steps for integration

Complete an online integration request:

• Log in to access the integration project board. You should have received an invitation email from the RealMe integration project team or your project manager.
• Provide the required configuration details - this includes your redirect URI(s), co-branding logo and provision of other configuration parameters.
• Submit the integration request to DIA for review. Once reviewed the integration request is submitted to Unify for implementation.

Post integration checks

You will be notified by email when the integration has been completed and is ready for your testing and we'll send you details of the ClientID and Secret.

To test connectivity and completeness of the configuration you should check that components such as the co-branding logo, login page text and other items are as expected. Also check that the online service is handling exceptions as expected by confirming user triggered conditions for access_denied.

Webapps: to ensure that Android users are not blocked by reCAPTCHA it is important to ensure that login is initiated via a full system browser instead of an embedded WebView, and then return to the app via a custom redirect URI (myapp://auth/callback).

Contact the RealMe integrations team if any integration configuration problems are identified by emailing integrations@realme.govt.nz