Pathfinder SSO

Office of the Chief Information Officer

, , ,

The BC Government Pathfinder SSO service, based on the Open Source Keycloak (aka Red Hat SSO) product, provides an industry standard (OIDC) and enterprise-policy compliant means of implementing authentication within applications that are also simple for development teams to provision and utilize.

Development teams are provisioned a set of clients within a multi-tenant instance of Keycloak running in the OpenShift Container Platform (OCP) platform that provide a simple authentication mechanism suitable for web and mobile applications.

Each client exists in one of the “standard” realms based on the needs of the team. Each “standard” realm is configured with a set of centrally managed identity providers (such as BCeID and IDIR).

Development teams are provided with a set of clients (an isolated configuration within Keycloak), corresponding to their deployment environments (dev, test, and prod). Clients come configured out-of-the-box with an appropriate combination of the following identity providers:

  • BC Government IDIR
  • BCeID Business and/or Basic (Personal BCeID is no longer supported)
  • GitHub (in the DEV and TEST environments for rapid prototype testing)

Note: BCeID requires additional steps for SSO implementation. Details will be provided during onboarding.

Note: BC Services Card integration is not available through Pathfinder SSO through the “standard” realms. See BC Services Card Integration on the Pathfinder SSO wiki for explanation and tips.