Configuring an identity provider connection
New in 20.0.2 You can use an identity provider to manage user authentication for your container environment. You can use this approach to manage and automatically register both internal users and users that you designate for external sharing of items.
Before you begin
Check the IBM Software Product Compatibility Report for the appropriate versions of supporting software.
About this task
- Internal users of your content repository
- For internal users, you configure a managed user realm and set identity rules that govern which sets of users have access to your domain, based on email suffix or address. This configuration can apply both with and without an external share configuration. This configuration also requires a basic LDAP service for default config and admin user access to the domain.
- External users with whom you want to share limited access to items in your content repository
- For external users, you similarly configure an authentication realm for managing the external users. You can combine external share OIDC/OAuth user authentication with traditional LDAP user management for internal users, or use an identity provider for both internal and external users. If you want to use LDAP authentication for both internal and external users, skip this procedure and set up your LDAP directory servers instead. For details, see Configuring the external user LDAP realm.
To prepare this connection for your container environment, you set up your identity provider,
register your clients with the identity provider, and create secrets with your connection
credentials. To register your clients- at a minimum, Content Platform Engine and Navigator- you must
provide a redirect URI for each component in the following format:
https://ingress-es:<hostname>
.
When you prepare your environment, record the settings so that these values are available to enter into the custom resource YAML file for deployment and configuration. For lists of the parameters that you need to collect, see Identity provider configuration parameters.
After you configure your identity provider connection and provide the relevant details in your custom resource YAML file, the operator creates the identity provider configuration for your container environment.
Procedure
To configure the identity provider connection: