Skip to content

Authentication and Authorization

Kuan Fan edited this page Oct 11, 2019 · 12 revisions

page owner: tfrs developer

BCeID Test Users

Each of team members have three BCeID users on BCeID Test server. Each user is mapped to a different role.

DNS Settings

  • dev.lowcarbonfuels.gov.bc.ca 142.34.241.25
  • test.lowcarbonfuels.gov.bc.ca 142.34.241.29
  • lowcarbonfuels.gov.bc.ca 142.34.241.30

Openshift Routes

Nginx settings

Only serve /, don't serve /api
location / {
root /tmp/app/dist;
index index.html index.htm;
try_files $uri $uri/ /index.html;
gzip on;
gzip_min_length 1000;
gzip_types *;
}

SiteMinder Headers

  • location /api

    • Sm-UniversalId "[idir or bceid name]";
    • Smgov-Userguid "xxxxxx";
    • Sm-Authdirname "IDIR";
    • Smgov-USERTYPE "Internal";
    • Smgov-Useremail "[email protected]";
    • Smgov-UserDisplayName "first, last CSNR:EX";
  • location /api-business

    • Sm-UniversalId "[idir or bceid name]";
    • Smgov-Userguid “xxxxxxxxxx";
    • Smgov-BusinessLegalName "TFRS Biz Test";
    • Smauth-Businesslegalname "TFRS Biz Test";
    • Smgov-Businessguid “xxxxx";
    • Smgov-Useremail “[email protected]";
    • Smgov-UserDisplayName “First Last";

Database Models (TBD)

See here: https://github.com/bcgov/tfrs/tree/master/backend/api/models
Models with "roles", "permissions", or "users" in the name are involved in Authorization