IBM Content Navigator RelyingParty Interceptor settings
Use the following sample settings as a guide for the Interceptor class settings for your IBM Content Navigator application server instance.
- provider_1 - Example UMS Identity Provider
- provider_2 - Example Google Sign-In Identity Provider
- provider_3 - Example IBM Id Identity Provider
Name | Value |
provider_1.authorizeEndpointUrl | https://server name:port/oidc/endpoint/ums/authorize |
provider_1.tokenEndpointUrl | https://servername:port/oidc/endpoint/ums/token |
provider_1.jwkEndpointUrl | https://servername:port/oidc/endpoint/ums/jwk |
provider_1.signatureAlgorithm | RS256 |
provider_1.issuerIdentifier | https://server name/oidc/endpoint/ums |
provider_1.clientId | exShareUms |
provider_1.clientSecret | Secret_name |
provider_1.identifier | ExShareUms |
provider_1.useRealm | For multiple IDPs: ExShareUms For a single IDP: ldap_realm Set to Realm name under . |
provider_1.filter | For multiple IDPs: Cookie%=ExShareUms For a single IDP: For a single IDP, do not set this property. |
provider_1.interceptedPathFilter | For multiple IDPs: ExShareUms For a single IDP: /navigator (For a single IDP, set this to the Navigator application.) |
provider_1.userIdentifier | sub |
provider_1.useJwtFromRequest | For OAuth: no For OIDC: ifPresent |
provider_1.setLtpaCookie | true |
provider_1.scope | openid email |
provider_1.uniqueUserIdentifier | sub |
provider_2.authorizeEndpointUrl | https://accounts.google.com/o/oauth2/v2/auth |
provider_2.tokenEndpointUrl | https://oauth2.googleapis.com/token |
provider_2.jwkEndpointUrl | https://www.googleapis.com/oauth2/v3/certs |
provider_2.signatureAlgorithm | RS256 |
provider_2.issuerIdentifier | https://accounts.google.com |
provider_2.clientId | 530122881973-fuotgltih4t5e3335im9aeca2uql7q52.apps.googleusercontent.com |
provider_2.clientSecret | YPcdr1FifclLuF2Dyu164WWD |
provider_2.identifier | ExShareGID |
provider_2.useRealm | For multiple IDPs: ExShareGID For a single IDP: ldap_realm Set to Realm name under . |
provider_2.filter | For multiple IDPs: Cookie%=ExShareGID For a single IDP: For a single IDP, do not set this property. |
provider_2.interceptedPathFilter | For multiple IDPs: ExShareGID For a single IDP: /navigator (For a single IDP, set this to the Navigator application.) |
provider_2.userIdentifier | |
provider_2.useJwtFromRequest | ifPresent Google Sign-In must use OIDC. OAuth is not supported. |
provider_2.setLtpaCookie | true |
provider_2.scope | OAuth: email OIDC: openid email |
provider_2.uniqueUserIdentifier | |
provider_3.authorizeEndpointUrl | https://prepiam.toronto.ca.ibm.com/idaas/oidc/endpoint/default/authorize |
provider_3.tokenEndpointUrl | https://prepiam.toronto.ca.ibm.com/idaas/oidc/endpoint/default/token |
provider_3.signVerifyAlias | prepiam_toronto_ca_ibm_com |
provider_3.signatureAlgorithm | RS256 |
provider_3.issuerIdentifier | https://prepiam.toronto.ca.ibm.com |
provider_3.clientId | exShareIbmId |
provider_3.clientSecret | MTQ0YjMwYmItNDVjMS00 |
provider_3.identifier | ExShareIbmId |
provider_3.useRealm | For multiple IDPs: ExShareIbmId For a single IDP: ldap_realm Set to Realm name under . |
provider_3.filter | For multiple IDPs: Cookie%=ExShareIbmId For a single IDP, do not set this property. |
provider_3.interceptedPathFilter | For multiple IDPs: ExShareIbmId For a single IDP: /navigator (For a single IDP, set this to the Navigator application.) |
provider_3.userIdentifier | sub |
provider_3.useJwtFromRequest | OAuth: no OIDC: ifPresent |
provider_3.setLtpaCookie | true |
provider_3.scope | openid email |
provider_3.uniqueUserIdentifier | sub |