Table of contents

Connecting to Verify with a compulsory matching service

Local development phase

Prerequisites:

You only need to deploy your code to a server at the end of the development phase, when you test your matching service with the SAML compliance tool. You can do all development steps until this point on a development machine.

Set up the Matching Service Adapter for the SAML compliance tool.

To do this:

  1. Download and install the Matching Service Adapter.
  2. Generate self-signed certificates for the SAML compliance tool.
  3. Configure the Matching Service Adapter for the SAML compliance tool.

Outcome: you can start building your service.

For more information, see Install and configure the Matching Service Adapter.

Build a local matching service.

To do this:

  1. Define your matching strategy with your service manager.
  2. Use the example JSON matching request and the JSON schema to help build your local matching service.

Outcome: your service can match users’ verified identities to your data sources.

For more information, see Build a matching service.

Build a service that produces and consumes SAML.

To do this:

  1. Connect your service to the Matching Service Adapter metadata.
  2. Send an authentication request to the GOV.UK Verify hub.
  3. Handle the SAML response from the GOV.UK Verify hub .

Outcome: you’re ready to run SAML compliance tests.

For more information, see How SAML works with GOV.UK Verify and the Identity Assurance Hub Service SAML 2.0 Profile.

Run SAML compliance tests.

To do this:

  1. Test your service with the SAML compliance tool.
  2. Test your matching service with the SAML compliance tool.

Outcome: your service and matching service can consume and produce valid SAML.

For more information, see How SAML works with GOV.UK Verify.

Development in the Integration environment

Request access to the integration environment.

To do this:

  1. Obtain signed certificates for the integration environment from the IDAP test certificate authority.
  2. Fill in the ‘Request access to an environment‘ form.

Outcome: you’re ready to connect the Matching Service Adapter and your service to the integration environment.

For more information, see GOV.UK Verify environments and How a PKI works.

Connect the Matching Service Adapter and your service to the integration environment.

To do this:

  1. Download and install the Matching Service Adapter.
  2. Configure the Matching Service Adapter for the integration environment.

Outcome: you’re ready to run end-to-end testing with test users.

For more information, see Install and configure the Matching Service Adapter and GOV.UK Verify environments.

Run end-to-end testing of all your user journeys in the integration environment.

To do this:

  1. Set up authentication to manage test users.
  2. Create test users.
  3. Run end-to-end tests.

Outcome: your service can handle all the possible outcomes of end-to-end user journeys.

For more information, see GOV.UK Verify environments.

Request access to the production environment.

To do this:

  1. Obtain signed certificates for the production environment from the IDAP certificate authority.
  2. Fill in the ‘Request access to an environment‘ form.

Outcome: you’re ready to connect the Matching Service Adapter and your service to the production environment.

For more information, see GOV.UK Verify environments and How a PKI works.

Connect the Matching Service Adapter and your service to the production environment.

To do this:

  1. Download and install the Matching Service Adapter.
  2. Configure the Matching Service Adapter for the production environment.

Outcome: your service is ready to go live.

For more information, see Install and configure the Matching Service Adapter and GOV.UK Verify environments.

Maintenance

Rotate your keys.

When the certificates containing your public keys are due to expire, replace your keys and certificates.

Outcome: the encryption and signing certificates for your service and Matching Service Adapter are up to date.

For more information, see How a PKI works.