Verify IDIM BCeID Client SOAP Web Service
The purpose for FAM to use IDIM BCeID Client web service is the need to look up users (IDIR and Business BCeID) for assigning user roles. The service is a SOAP web service so it is XML based not REST. However, due to FAM is hosted on AWS platform and not in BC Gov's OpenShift platform with network boundary and security restrictions, FAM cannot make direct service call to the IDIM web service. In FAM there is a IDIM-Proxy repo component which is hosted on OpenShift platform and provides REST API for FAM to indirectly look up user information through IDIM web service. Developers might need to interface with IDIM BCeID web service for some troubleshooting purpose and make sure provided service from IDIM is working as intended.
-
Obtain latest Developers Guide - As of 2024-11, V2.10.0 version is attached here BCeID Client - New Web Services - Developers Guide - V2.10.0 (for BCeID WS V10).docx You need this to confirm service methods' spec and values.
-
Tool to make webservice call - SoapUI or other tools that can make service calls.
-
VPN connection tool - Like Cisco AnyConnect. You will need to connect with VPN into gov network to be able to make web service call.
-
Set of IDs and credentials for environments -
- Online Service ID (OSID): This is a unique key given to each Online Service. This key will be used in conjunction with the service account to determine authorizations to access each method.
- Service account credentials: Username/Password that you will need to add to the SOAP request auth header.
- Requester's User GUID: One of the parameter required in SOAP field in request schema.
Note, allowable methods to call depends on team's service agreements/rules established with IDIM Consulting.
For the above OSID and service account, you can find at confluence page, on IDIM-Proxy OpenShift deployment yaml (project e4ba30). A copy of service account credentials can also be found at FAM's AWS Secret Manager (PROD space).
-
Connect with "vpn2.gov.bc.ca"
-
Right click under 'Projects':
-
Select New SOAP Project and enter initial WSDL (depending on environment you are testing):
-
The initial WSDL information can be found at Developer's guide:
Web service sites:
Web service:
-
-
Enter basic auth credentials: Where to find credentials (environment specific) is mentioned above at prerequisite.
Then you have the SOAP project setup:
- Based on the WSDL, you will see a list of web service methods template in your view.
-
Expand the web service method from list panel and right click, choose "Clone Request".
-
It will show the editor view for the SOAP template:
-
Enter values for required fields. This has to be based on Developer's guide for service method you are targeting.
-
Don't forget to enter auth credentials. At the bottom left of editor view, you will find "Auth" tab. Choose "Basic" type.
-
Click run button (top left triangle) and get the result:
-
IDIR user looks up IDIR user:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v10="http://www.bceid.ca/webservices/Client/V10/"> <soapenv:Header/> <soapenv:Body> <v10:getAccountDetail> <!--Optional:--> <v10:accountDetailRequest> <!--Optional:--> <v10:onlineServiceId>6A8D-D3D9-68AA-4FAE</v10:onlineServiceId> <v10:requesterAccountTypeCode>Internal</v10:requesterAccountTypeCode> <!--Optional:--> <!--v10:requesterUserId>?</v10:requesterUserId--> <!--Optional:--> <v10:requesterUserGuid>requester_user_guid_value_[can be found from AWS Cognito user pool]</v10:requesterUserGuid> <!--Optional:--> <v10:userId>CMENG</v10:userId> <!--Optional:--> <!--v10:userGuid>?</v10:userGuid--> <v10:accountTypeCode>Internal</v10:accountTypeCode> </v10:accountDetailRequest> </v10:getAccountDetail> </soapenv:Body> </soapenv:Envelope> -
IDIR user looks up BCeID user:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v10="http://www.bceid.ca/webservices/Client/V10/"> <soapenv:Header/> <soapenv:Body> <v10:getAccountDetail> <!--Optional:--> <v10:accountDetailRequest> <!--Optional:--> <v10:onlineServiceId>6A8D-D3D9-68AA-4FAE</v10:onlineServiceId> <v10:requesterAccountTypeCode>Internal</v10:requesterAccountTypeCode> <!--Optional:--> <!--v10:requesterUserId>?</v10:requesterUserId--> <!--Optional:--> <v10:requesterUserGuid>requester_user_guid_value_[can be found from AWS Cognito user pool]</v10:requesterUserGuid> <!--Optional:--> <v10:userId>LOAD-3-TEST</v10:userId> <!--Optional:--> <!--v10:userGuid>?</v10:userGuid--> <v10:accountTypeCode>Business</v10:accountTypeCode> </v10:accountDetailRequest> </v10:getAccountDetail> </soapenv:Body> </soapenv:Envelope> -
Business BCeID user looks up Business BCeID user:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v10="http://www.bceid.ca/webservices/Client/V10/"> <soapenv:Header/> <soapenv:Body> <v10:getAccountDetail> <!--Optional:--> <v10:accountDetailRequest> <!--Optional:--> <v10:onlineServiceId>6A8D-D3D9-68AA-4FAE</v10:onlineServiceId> <v10:requesterAccountTypeCode>Business</v10:requesterAccountTypeCode> <!--Optional:--> <!--v10:requesterUserId>?</v10:requesterUserId--> <!--Optional:--> <v10:requesterUserGuid>532905DE0AA24923AE535428F171BF13</v10:requesterUserGuid> <!--Optional:--> <v10:userId>TEST-3-LOAD-CHILD-1</v10:userId> <!--Optional:--> <!--v10:userGuid>?</v10:userGuid--> <v10:accountTypeCode>Business</v10:accountTypeCode> </v10:accountDetailRequest> </v10:getAccountDetail> </soapenv:Body> </soapenv:Envelope>