HETS KeyCloak Realm Request

[ychung-mot]

If you have an urgent request, please contact our Product Owner at Vardhman.Shankar@gov.bc.ca

Step 0

Are you the product owner or project admin/team lead? Yes

Note: This SSO service is undergoing upgrades in 2021 and is currently not recommended for critical applications. Support is currently available only during business hours and only on a best efforts basis. If your application is critical, please contact Web Access Management (WAM) and/or Provincial Identity Information Management Program (IDIM).

Step 1

Are you new to Single Sign-On (Keycloak)? No

Step 2

Field the following information.

• Project Name: HETS (Hired Equipment Tracking System)

• Identity Providers Required

  • [ ] BCeID Basic
  • [X] BCeID Business
  • [ ] GitHub
  • [X] IDIR

Step 3

Field the following information.

• Project Name: HETS (Hired Equipment Tracking System)

• Identity Providers Required

  • [ ] BCeID Basic
  • [X] BCeID Business
  • [ ] GitHub
  • [X] IDIR

• A list of redirect URLs for each environment (DEV, TEST, PROD). These are the URLs that your application is allowed to use after sign-on events are complete. These are the secure "front door" for your application.

  • DEV redirect URL(s): https://hets-e0cee6-dev.apps.silver.devops.gov.bc.ca https://dev-hets.th.gov.bc.ca http://localhost:3000
  • TEST redirect URL(s): https://hets-e0cee6-test.apps.silver.devops.gov.bc.ca https://hets-e0cee6-uat.apps.silver.devops.gov.bc.ca https://hets-e0cee6-train.apps.silver.devops.gov.bc.ca https://tst-hets.th.gov.bc.ca https://uat-hets.th.gov.bc.ca https://trn-hets.th.gov.bc.ca
  • PROD redirect URL(s): https://hets-e0cee6-prod.apps.silver.devops.gov.bc.ca https://hets.th.gov.bc.ca

Step 4

For teams requesting access to BCeID, there is an approval process. Please provide the following information on this ticket. The IDIM team will review this information and will be in touch with you at the email provided. The OCP-SSO team will provision your DEV and TEST clients right away, and your PROD client will be provisioned when the IDIM team approves your request.

• Organization Details (Organization/Division/Branch/Program): Ministry of Transportation and Infrastructure
• Exectutive Sponsor Name, Title, & Email: Ivan Rincon / Director AMS / Ivan.Rincon@gov.bc.ca
• Project Manager / Business Lead Name, Title, & Email: Clare Allan/ Project Manager/ Clare.G.Allan@gov.bc.ca
• Technical Lead (if applicable) Name, Title, & Email: Iouri Atavine/ Senior Technical Analyst/Iouri.Atavine@gov.bc.ca
• Privacy Lead (if applicable) Name, Title, & Email: NA
• Security Lead (if applicable) Name, Title, & Email: Dom Kapac/Senior Security Analyst/Dom.Kapac@gov.bc.ca
• Communications Lead (if applicable) Name, Title, & Email: NA
• Name of service or application: HETS (Hired Equipment Tracking System)
• URL of service or application: https://hets.th.gov.bc.ca
• Estimated volume of initial users: internal ~ 50, external ~300
• Forecast of anticipated growth over the next three years: internal ~ 50, external ~500
• Date of release in production environment: 2021-Oct-27
• Date of first use by citizens or end users: 2021-Oct-27

Step 5

Submit this ticket and email us the contact information.

For security purpose, please provide the following contact information to the email address - Vardhman.Shankar@gov.bc.ca

• Email to reach out for On-Boarding meeting invitation: Clare.G.Allan@gov.bc.ca
• link to the GitHub ticket you just created:
• Product Owner's IDIR name: Deepak Mital
• Product Owner's Business Email Address: Deepak.Mital@gov.bc.ca

Please note that we will only start processing your request when the email has been received.

[nvunnamm]

@ychung-mot, Please let us know the best suitable date for your team for the onboarding session. So that I can send an invite.

[ychung-mot]

@nvunnamm Does 1pm tomorrow (June 30th) work for you?

[nvunnamm]

Yeah works for us.. Let me send out an invite

[ConradBoydElliottGustafson]

@junminahn @nvunnamm @ychung-mot

Young-Jin got back to us. They want public client with PKCE. Please update the TerraForm files and make a pull request. Niran may need support from Junmin as this is the first time we have done this. Thank you!

[ychung-mot]

@nvunnamm Can you please confirm that the redirect URIs are all registered? I am getting Invalid parameter: redirect_uri error when using http://localhost:3000.

[junminahn]

@ychung-mot Yes, we updated the valid_redirect_uris to have http://localhost:3000 yesterday. https://github.com/bcgov/sso_terraform/blob/0e3b3b6d6544dba82f498c4919ae2e5c24e48a5b/terraform/keycloak-dev/realms/onestopauth-business/client-hets.tf#L6

[ychung-mot]

@junminahn Can you please also check if the Web Origins is set to +?

[junmin-bcgov]

@ychung-mot thank you for bring that up, yes, that update just got merged. https://github.com/bcgov/sso_terraform/pull/31/files

[ychung-mot]

Can you please let me know token expiration minutes?

[nvunnamm]

@ychung-mot Please let me know if the attachment helps

[junminahn]

@ychung-mot as we don't set any expiry values at the client level, it will fall back to the ones at the realm level.

[ychung-mot]

@nvunnamm & @junminahn Thanks!