Open thorwolpert opened 2 weeks ago
H! Just wondering if you have an ETA for this yet. This is on our critial path for our next release of each business area. Thanks!
@bolyachevets @pwei1018 could you guys handle the OIDC setup?
Hello, do you have an estimated timeline for this ticket? Thanks!
unable to give you that, as we don't usually setup the OIDC clients - the SRE team typically does
status update:
@emjohnst Andriy is in the middle of setting this up. I'll have the migration pushed to TEST shortly here. @bferguso
@bferguso do you require service accounts? or just two web OIDC clients fine?
@seeker25 created bcrhp-web and bcfms-web (modelled after cso-web) in dev/test/prod. still need to enter appropriate redirect URLs (waiting for those)
@seeker25 - We don't need service accounts at this point, so just the two OIDC clients is fine. @bolyachevets - Redirect URLs are as follows:
DEV BCRHP
http://localhost/bcrhp/*
DEV BCFMS
http://localhost:81/bc-fossil-management/*
DLVR BCRHP
https://dlvrapps.nrs.gov.bc.ca/bcrhp/*
DLVR BCFMS
https://dlvrapps.nrs.gov.bc.ca/bc-fossil-management/*
TEST BCRHP
https://testapps.nrs.gov.bc.ca/bcrhp/*
TEST BCFMS
https://testapps.nrs.gov.bc.ca/bc-fossil-management/*
PROD BCRHP
https://apps.nrs.gov.bc.ca/bcrhp/*
PROD BCFMS
https://apps.nrs.gov.bc.ca/bc-fossil-management/*
@bolyachevets - is there any chance this can be completed today?
@bferguso give it a go, should be setup...
https://dev.loginproxy.gov.bc.ca/auth/realms/bcregistry
clients: bcrhp-web bcfms-web
@bferguso These are public clients.. if you need confidential.. let me know.. we'll send you over the creds
@seeker25 - I think we need confidential - I believe the OIDC config for Arches can handle the auth between our server and your OIDC server so we shouldn't have to expose the OIDC credentials to the client.
@bferguso switched to confidential... I've emailed you
Communication for a future date (when product is public). Approved by @atronse and @JohnamLane
I've provided OIDC creds for DEV/TEST, also the apikey details for DEV/TEST/PROD
OnBoard 2 new partners, BCRHP, BCFMS
Partners
BCRHP BCRHP (BC Register of Historic Places)
BCFMS BCFMS (BC Fossil Management System)
setup
The setup for both will be similar.
Timing
Other
Volumes for these accounts should be quite low. Public access is limited anonymous connections to see publicly available data.
The applications will manage their own AuthZ (Authorization), using the sbc-accounts and oidc services for AuthN (Authentication) Staff and gov't contractors will use IDir. The professional community, municipalities, etc. will use BCSC.