OnBoard more NRM branches - BCRHP, BCFMS

bcgov / entity

ServiceBC Registry Team working on Legal Entities

Apache License 2.0

23 stars 57 forks source link

OnBoard more NRM branches - BCRHP, BCFMS #21865

Open thorwolpert opened 2 weeks ago

thorwolpert commented 2 weeks ago

OnBoard 2 new partners, BCRHP, BCFMS

Partners

BCRHP BCRHP (BC Register of Historic Places)

business contact: Emerald Johnstone-Bedell, email: Emerald.JohnstoneBedell@gov.bc.ca
technical contact: Brett Ferguson, email: brett@qedsystems.ca

BCFMS BCFMS (BC Fossil Management System)

business contact: Elisabeth Deom, email: Elisabeth.Deom@gov.bc.ca
technical contact: Brett Ferguson, email: brett@qedsystems.ca

setup

The setup for both will be similar.

sbc-account
OIDC (IDir and BCSC)
no payment configuration

Timing

They are ready to onboard now
Prod release is scheduled for end of June

Other

Volumes for these accounts should be quite low. Public access is limited anonymous connections to see publicly available data.

The applications will manage their own AuthZ (Authorization), using the sbc-accounts and oidc services for AuthN (Authentication) Staff and gov't contractors will use IDir. The professional community, municipalities, etc. will use BCSC.

bferguso commented 1 week ago

H! Just wondering if you have an ETA for this yet. This is on our critial path for our next release of each business area. Thanks!

seeker25 commented 1 week ago

@bolyachevets @pwei1018 could you guys handle the OIDC setup?

emjohnst commented 1 week ago

Hello, do you have an estimated timeline for this ticket? Thanks!

seeker25 commented 1 week ago

unable to give you that, as we don't usually setup the OIDC clients - the SRE team typically does

seeker25 commented 1 week ago

status update:

@emjohnst Andriy is in the middle of setting this up. I'll have the migration pushed to TEST shortly here. @bferguso

seeker25 commented 1 week ago

@bferguso do you require service accounts? or just two web OIDC clients fine?

bolyachevets commented 1 week ago

@seeker25 created bcrhp-web and bcfms-web (modelled after cso-web) in dev/test/prod. still need to enter appropriate redirect URLs (waiting for those)

bferguso commented 1 week ago

@seeker25 - We don't need service accounts at this point, so just the two OIDC clients is fine. @bolyachevets - Redirect URLs are as follows:

DEV BCRHP
http://localhost/bcrhp/*

DEV BCFMS
http://localhost:81/bc-fossil-management/*

DLVR BCRHP
https://dlvrapps.nrs.gov.bc.ca/bcrhp/*

DLVR BCFMS
https://dlvrapps.nrs.gov.bc.ca/bc-fossil-management/*

TEST BCRHP
https://testapps.nrs.gov.bc.ca/bcrhp/*

TEST BCFMS
https://testapps.nrs.gov.bc.ca/bc-fossil-management/*

PROD BCRHP
https://apps.nrs.gov.bc.ca/bcrhp/*

PROD BCFMS
https://apps.nrs.gov.bc.ca/bc-fossil-management/*

bferguso commented 5 days ago

@bolyachevets - is there any chance this can be completed today?

seeker25 commented 5 days ago

@bferguso give it a go, should be setup...

seeker25 commented 5 days ago

https://dev.loginproxy.gov.bc.ca/auth/realms/bcregistry

clients: bcrhp-web bcfms-web

seeker25 commented 5 days ago

@bferguso These are public clients.. if you need confidential.. let me know.. we'll send you over the creds

bferguso commented 1 day ago

@seeker25 - I think we need confidential - I believe the OIDC config for Arches can handle the auth between our server and your OIDC server so we shouldn't have to expose the OIDC credentials to the client.

seeker25 commented 1 day ago

@bferguso switched to confidential... I've emailed you

danaannab commented 12 hours ago

Communication for a future date (when product is public). Approved by @atronse and @JohnamLane

seeker25 commented 8 hours ago

I've provided OIDC creds for DEV/TEST, also the apikey details for DEV/TEST/PROD