Request Keycloak realm for FOI Modernization

[lmullane]

Step 0

Are you the product owner or project admin/team lead? Yes

Does the Admin User have an IDIR account? Yes.

Are you requesting for Identity Provider Update? If so, you need to be the realm admin. Then proceed to Step 3.

Note: This SSO service is undergoing upgrades in 2021 and is currently not recommended for critical applications. Support is currently available only during business hours and only on a best efforts basis. If your application is critical, please contact Web Access Management (WAM) and/or Provincial Identity Information Management Program (IDIM).

We'd like to discuss the SSO service in our meeting to understand the change.

Step 1

Are you new to Single Sign-On (Keycloak)? Yes, but we used it on my previous team at Registries. A meeting would be great.

We have an existing FOI realm for this project (https://github.com/bcgov/foi-requests ) but we do not have admin rights for the realm. I figured it was easier to use this issue template and to have a meeting on how we can take over admin of the existing realm.

Step 2

Ask the Realm Admin User to login to each of the following links using the IDIR credentials.

When you login, you will see a "Forbidden" message, but this is expected behaviour and will create the initial account on Keycloak.

• https://dev.oidc.gov.bc.ca/auth/admin/idir/console
• https://test.oidc.gov.bc.ca/auth/admin/idir/console
• https://oidc.gov.bc.ca/auth/admin/devhub/console

Please note that if the Realm Admin User has not completed this step, the Realm Admin User will not be granted the role for the realms.

Let's talk about admin rights to the existing realm first.

Step 3

Field the following information.

• Project Name: FOI Modernization

• OpenShift Project Set/s Info

  • Project set name: (please provide the namespace name in the form of a 6 character alphanumeric code followed by the environment, like so: a1b2c3-prod.)
  • Namespace ID:

We have 2 namespaces, so need to figure out the admin rights for the existing realm.

1 namespace for the new project: https://github.com/bcgov/foi-flow

1 for the existing project: https://github.com/bcgov/foi-requests

Step 4

Submit this ticket and email us the contact information.

For security purpose, please provide the following contact information to the email address - pathfinder@gov.bc.ca

• Email to reach out for On-Boarding meeting invitation:
• link to the GitHub ticket you just created:
• Admin user's IDIR account:
• Admin user's Business Email Address:

Please note that we will only start processing your request when the email has been received.

Step 5

After we have completed processing your request, you can proceed to creating a realm at Realm-O-Matic

[nvunnamm]

@lmullane Hello Loren.. As discussed few day back.. were you able to get the existing realm.

[lmullane]

@nvunnamm, yes we have it, so this ticket can be closed. Thanks for the following up