IBM Content Navigator RelyingParty Interceptor settings

Use the following sample settings as a guide for the Interceptor class settings for your IBM Content Navigator application server instance.

Each distinct identity provider must follow the naming pattern of provider_<n>, where <n> is a number starting at 1 and increments for each additional identity provider. All the properties specific to a given identity provider use the same provider_<n> prefix. The following table shows example values for 3 different identity providers:
  • provider_1 - Example UMS Identity Provider
  • provider_2 - Example Google Sign-In Identity Provider
  • provider_3 - Example IBM Id Identity Provider
Name Value
provider_1.authorizeEndpointUrl https://server name:port/oidc/endpoint/ums/authorize
provider_1.tokenEndpointUrl https://servername:port/oidc/endpoint/ums/token
provider_1.jwkEndpointUrl https://servername:port/oidc/endpoint/ums/jwk
provider_1.signatureAlgorithm RS256
provider_1.issuerIdentifier https://server name/oidc/endpoint/ums
provider_1.clientId exShareUms
provider_1.clientSecret Secret_name
provider_1.identifier ExShareUms
provider_1.useRealm For multiple IDPs: ExShareUms

For a single IDP: ldap_realm

Set to Realm name under Security > Global security > User account repository.

provider_1.filter For multiple IDPs: Cookie%=ExShareUms

For a single IDP: For a single IDP, do not set this property.

provider_1.interceptedPathFilter For multiple IDPs: ExShareUms

For a single IDP: /navigator

(For a single IDP, set this to the Navigator application.)

provider_1.userIdentifier sub
provider_1.useJwtFromRequest For OAuth: no

For OIDC: ifPresent

provider_1.setLtpaCookie true
provider_1.scope openid email
provider_1.uniqueUserIdentifier sub
provider_2.signatureAlgorithm RS256
provider_2.clientSecret YPcdr1FifclLuF2Dyu164WWD
provider_2.identifier ExShareGID
provider_2.useRealm For multiple IDPs: ExShareGID

For a single IDP: ldap_realm

Set to Realm name under Security > Global security > User account repository.

provider_2.filter For multiple IDPs: Cookie%=ExShareGID

For a single IDP: For a single IDP, do not set this property.

provider_2.interceptedPathFilter For multiple IDPs: ExShareGID

For a single IDP: /navigator

(For a single IDP, set this to the Navigator application.)

provider_2.userIdentifier email
provider_2.useJwtFromRequest ifPresent

Google Sign-In must use OIDC. OAuth is not supported.

provider_2.setLtpaCookie true
provider_2.scope OAuth: email

OIDC: openid email

provider_2.uniqueUserIdentifier email
provider_3.signVerifyAlias prepiam_toronto_ca_ibm_com
provider_3.signatureAlgorithm RS256
provider_3.clientId exShareIbmId
provider_3.clientSecret MTQ0YjMwYmItNDVjMS00
provider_3.identifier ExShareIbmId
provider_3.useRealm For multiple IDPs: ExShareIbmId

For a single IDP: ldap_realm

Set to Realm name under Security > Global security > User account repository.

provider_3.filter For multiple IDPs: Cookie%=ExShareIbmId

For a single IDP, do not set this property.

provider_3.interceptedPathFilter For multiple IDPs: ExShareIbmId

For a single IDP: /navigator

(For a single IDP, set this to the Navigator application.)

provider_3.userIdentifier sub
provider_3.useJwtFromRequest OAuth: no

OIDC: ifPresent

provider_3.setLtpaCookie true
provider_3.scope openid email
provider_3.uniqueUserIdentifier sub