Integration Test Environment (ITE) / Integration configuration checklist /
ITE Integration
Agency/organisation name / ChecklistdateProject name / Checklist version
Agency environment name / For example, Systest, UAT, Pre-prod, etc.
Planned ITE integration date / The integration window for assertion service ITE is late Tuesday or Thursday afternoon.
Verification URL / If the environment connected to ITE is externally accessible, provide the web address for the page with the assertion button.
Part 1.1 – Assertion service IdP configuration
Organisation name / Shown on the assertion sharing terms page and in user’s login and assertion activity report. Up to 40 alphanumeric.Assertion context / Describe the business process context for the assertion – e.g. “open your account”. Displays as “The information below is required to <open your account>.”
See example screens and more at
Part 1.2 – Identity verification service configuration
Federated identity tag (FIT) / yes / FIT is sent with all IVS attribute assertions.Full name / Select which identity elements are necessary for the service.
Date of birth
Place of birth
Gender
Part 1.3 – Address verification service configuration
Verified primary residential address setting / Options are Mandatory (with identity), Optional, and Not requiredPart 1.4 – Service Provider SAML configuration
SAML V2.0 Binding / POST binding / Refer to the RealMe integration team for artifact binding integration requirements.RealMe SAML V2.0 Messaging Specification version / SAML V2.0 1.0 / Typically the current version unless a new RealMe release is due or the agency wants to stay on a previously integrated version.
SP SAML v2.0 Component/Product / Allows RealMeto recordprovider integration technology details for ongoing support. Provide the product name or program library.
Certificate requirements –
Certificate Authority / Select from RapidSSL, Verisign or Thawte.
Certificate duration / 3 years / Indicate if a shorter duration and reason.
Certificate subject name / Standard format is {environment}.sa.{purpose}.{[system] client domain}.
Metadata requirements –
entityID
(Identity privacy context and application name) / Standard format is
The first two partsform the SP privacy context. Third part is the application name – this is seen in transaction history so should be meaningful (max. 20 characters)
The Issuer value in the AuthnRequest is the same as the entityID in the metadata file – refer
Part 2 – Online service branding configuration
Client/Agency supplied brandingelements
Read more about these elements and see examples:
Online servicelogo / Image file (jpeg, PNG) must be exactly 800 pixels wide by 80 pixels high.Upload the the Shared Workspace at in your project library in the applicable ITE folder.
Paste a copy of the image.
Application image Alt-text / Text in place of the image for accessibility (e.g. online servicename). Up to 40 characters.
Co-branding background colour / #FFFFFFF (default) / Provide a background colour to allow the logo image to float - use #FFFFFF for white if no specific match is required; “transparent’ is also supported.
Service name for the Transferred from and Return to messages / Provide the online service name (or organisation name, or page name). Up to about 30 characters is recommended. Displays as:
“You have been transferred here [from ] <servicenameso you can login with RealMe®.”
“Return to <service name>”.
Return to is shown on most co-branded pages to allow the user to return online service (handled via SAML V2.0 AuthnFailed status code).
Part 3 – Sharing terms
The information sharing terms table is a standard format that has been adopted for informed consent not only for RealMe assertion service, but also for other sharing consent flows supported by RealMe – read more and see an example
Identity sharing details
Sharing terms table (client view) / All fields are 255 characters maximum.What information has been requested? / Typically this will be all four identity attributes. Suggested text is:
“Verified identity - full name, date of birth, place of birth, gender”
What purpose is my information being used for? / Describe the business process the identity data will be used for; e.g. Apply for a mortgage online.
How is my information being provided? / RealMe is retrieving your verified identity from The Department of Internal Affairs. / Default text.
Where is my information being sent? / Describe the immediate destination of the information – e.g. online mortgage application.
When will it be sent? / After you give consent for RealMe to send the information. / Default text.
How long will it be kept? / If the information is retained, indicate that it is kept (and that it can be changed) – e.g. .As long as the mortgage is active or until it is changed by you.
Will it be used for another purpose? / If it will only be used by the named online service then enter “No”. If the identity information will be used for other customer services, summarise this use. If the identity information will be passed to another organisation, this should be described.
Where can I find out more? / Provide one or more contact details for your organisation or means of accessing terms of use; e.g. organisation name, 0800 number, terms of use webpage.
Address sharing details
Complete only if verified address is configured for the online service.
Sharing terms table (client view) / All fields are 255 characters maximum.What information has been requested? / Typically this will be all four identity attributes. Suggested text is: “Your residential address”
What purpose is my information being used for? / Describe the business process the identity data will be used for; e.g. Apply for a mortgage online.
How is my information being provided? / RealMe is retrieving your verified address from NZ Post. / Default text.
Where is my information being sent? / Describe the immediate destination of the information – e.g. online mortgage application.
When will it be sent? / After you give consent for RealMe to send the information. / Default text.
How long will it be kept? / If the information is retained, indicate that it is kept (and that it can be changed) – e.g. .As long as the mortgage is active or until it is changed by you.
Will it be used for another purpose? / If it will only be used by the named online service then enter “No”. If the identity information will be used for other customer services, summarise this use. If the identity information will be passed to another organisation, this should be described.
Where can I find out more? / Provide one or more contact details for your organisation or means of accessing terms of use; e.g. organisation name, 0800 number, terms of use webpage.
Part 4 – Online service RealMecompliance
Service Provider handling of RealMe exception messages (SAML V2.0 StatusCode)
Before completing this section, refer to
The RealMe implementation team will expect to see the online service handling of SAML exceptions, or at least screen shots from the pre-production environment. Enter the message full message text that will be displayed including any headers.
User exit – triggered by selection of Return to agency link or cancelurn:oasis:names: tc:SAML:2.0:status:AuthnFailed / For example:
RealMe message
You have chosen to leave RealMe.
<Continue>
RealMe timeout – triggered by 15 minute inactivity timer on RealMe pages
urn:nzl:govt:ict:stds:authn:deployment:RealMe:SAML:2.0:status:Timeout
No previous agency login in returning flow
urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal
TXT or token gateway unavailable
urn:oasis:names: tc:SAML:2.0:status:NoAvailableIDP
Incorrect SAML content or processing failure – triggered by configuration, system or environmental exceptions
urn:nzl:govt:ict:stds:authn:deployment:RealMe: SAML:2.0:status:InternalError
urn:oasis:names:tc:SAML:2.0:status:RequestDenied
urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported
urn:oasis:names: tc:SAML:2.0:status:NoPassive
Any unexpected saml-core-2.0-os standard error / For example:
“RealMe reported a serious application error with the message [SAML StatusCode value]. Please try again later. If the problem persists, please contact RealMe Help Desk
From New Zealand: 0800 664 774
From Overseas:+64 4 463 9376 (charges apply)
RealMe Service provider integration configuration checklist – Integration Test Environment (ITE)Version 1.2 (POST binding) Jan 2017 Page 1 of 6