eIAM Staging Rules (STS-PEP)

Integrations with eIAM always take place in the reference environment. Direct integration of an application in the eIAM acceptance or production environment is not possible.

eIAM Staging Rules

From an eIAM perspective, the following requirements must be met in order for the eIAM configuration of an application to be released from REF to the next eIAM instances (ABN/PROD):
  1. Application
    • The URL of the application is network accessible.
      • the eIAM SIE tests with a CURL command
    • The login, logout and re-login with the IdPs set and the Minimum QoA level on the application works.
      • A logout button to a logout page has been implemented in the application.

    The eIAM SIE must either be assigned an appropriate application role to test the functions or the application owner/developer organises a live demonstration.

  2. Federation requirements according to the chosen identity protocol
    • SAML: Application integration in eIAM with SAML has been successfully tested.
      • Successful login procedure with all ordered attributes in the assertion.
        • NameID correctly prepared
    • OIDC: Application integration in eIAM with OIDC has been successfully tested.
      • Successful login with all ordered attributes in the JWT token.
        • sub is correctly prepared
        • the ordered access type (public/PKCE or confidential/code_challenge) is used
    • WS-Fed: [Application integration in eIAM with WS-Fed has been successfully tested.
      • Successful login procedure with all ordered attributes in the assertion.
        • NameID correctly prepared

Acceptance and Release Processes

The first functional tests according to the above rules are carried out by the eIAM SIE. The eIAM SIE then releases the PM customer/partner for the customer tests and approvals in the respective eIAM instance. In the case of new developments, the application does not necessarily have to be at the final development stage from a technical point of view.

The PM customer/partner activates the REF and ABN acceptance and release for the transition to the next higher eIAM instance from the customer's point of view via a form e-mail in the eIAM dossier. These approvals in the 2:Statustracker (S7/S9) must take place at least 4 working days before the planned deployment date according to the Customer-Change plan (see link below).

Without successful acceptance or approval by the customer, there will be no transition to the next higher eIAM instance. If the information required for productive operation in the eIAM dossier is incomplete, the productive implementation may also be delayed (2:Statustracker S10).

IMPORTANT: If a prerequisite is not met or release is not on time, staging will be rescheduled taking into account resource availability in eIAM.

The dates for ABN and PROD result from the published dates in the CC-Plan under:

Integration-of-new-applications eIAM Customer Change Plan / CC . . .