Steps to integrate GOV.UK Verify into your service¶
Development¶
Prerequisites:
- choose a product and framework to integrate your service with GOV.UK Verify
- decide how to store and manage keys and certificates so you can rotate your keys when needed
Note
You only need to deploy your code to a server at the end of the development phase, when you test your matching service with the SAML compliance tool. You can do all development steps until this point on a development machine.
Step | What you need to do |
---|---|
Set up the Matching Service Adapter for the SAML compliance tool. To do this: Outcome: you can start building your service. For more information, see Install and configure the Matching Service Adapter. |
|
Build a local matching service. To do this:
Outcome: your service can match users’ verified identities to your data sources. For more information, see Build a matching service. |
|
Build a service that produces and consumes SAML. To do this: Outcome: you’re ready to run SAML compliance tests. For more information, see How SAML works with GOV.UK Verify and the ‘Identity Assurance Hub Service SAML 2.0 Profile‘ . |
|
Run SAML compliance tests. To do this: Outcome: your service and matching service can consume and produce valid SAML. For more information, see see How SAML works with GOV.UK Verify. |
Integration¶
Step | What you need to do |
---|---|
Request access to the integration environment. To do this:
Outcome: you’re ready to connect the Matching Service Adapter and your service to the integration environment. For more information, see GOV.UK Verify environments and How a PKI works. |
|
Connect the Matching Service Adapter and your service to the integration environment. To do this: Outcome: you’re ready to run end-to-end testing with test users. For more information, see Install and configure the Matching Service Adapter and GOV.UK Verify environments. |
|
Run end-to-end testing of all your user journeys in the integration environment. To do this: Outcome: your service can handle all the possible outcomes of end-to-end user journeys. For more information, GOV.UK Verify environments. |
|
Request access to the production environment. To do this:
Outcome: you’re ready to connect the Matching Service Adapter and your service to the production environment. For more information, see GOV.UK Verify environments and How a PKI works. |
|
Connect the Matching Service Adapter and your service to the production environment. To do this: Outcome: your service is ready to go live. For more information, see Install and configure the Matching Service Adapter and GOV.UK Verify environments. |
Maintenance¶
Step | For more information |
---|---|
Rotate your keys.
|