FAQs
Corppass Service Request Execution
Effective 9 September 2024, we will cease the execution of Service Requests during the designated weekly and monthly Service Request windows.
All Service Requests today are asynchronous in nature, they can be executed by CP at any time and subsequently verified by the Relying Party (RPs) at their convenience.
As such we are pleased to update that Corppass Service Requests, both STG and PRD, will be executed within 3 business days of submission of the required details.
This will allow RPs to make SR with greater agility and not be constrained by the weekly/monthly SR windows that we used to operate by.
Some examples are given below:
JWKS Update
To rotate your JWKS hosted on your endpoint, you may do so anytime without having to inform us.
To rotate your JWKS which is stored as a JWKS object with Corppass, please send us the new keys, and we will add them to the keyset. After you test successfully using the new keyset, we will then purge the old keys from our system.
Addition of Callback URL
To add callback url for your eservice, simply send us the new values and we will add them within 3 working days. You can subsequently test them are your convenience.
Addition/Modification of Agency Admin
To make changes to the Agency Admin, send us the required details, and we will inform you once the changes are done, within 3 working days.
Why can't I whitelist Corppass IP Address?
For enterprise networks or networks with restricted traffic, it's common for system administrators to configure a whitelist of allowed traffic. Historically, Corppass has advised partners against whitelisting IP addresses and instead recommends whitelisting by domain.
Here's why:
Corppass currently operates on AWS, and CloudFront maintains a large number of IP addresses in its CDN to ensure high availability of our services. This list changes from time to time.
Therefore, if you whitelist Corppass endpoints by IP address, there's no guarantee these IP addresses won't change. When they do, your e-service will no longer be able to access Corppass.
Thus, it is always advisable to whitelist by domain.
If you still need to use some form of IP address whitelisting, you can refer to the following AWS CloudFront documentation:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html
List of IP Addresses:
https://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips
Where can I access Corppass Staging Entity Management Portal and CAAA Portal?
Entity Management Portal
https://stg-home.corppass.gov.sg/
CAAA Portal (requires WOG intranet, or SEED device running SAFARI/FIREFOX browser)
Last updated