Configuring IBM Cloud App ID From the Toolchain

Share this post:

Recently, while refreshing our Cloud Insurance Co. demo, we replaced our own database-backed user management with Cloud Directory of IBM Cloud App ID. The change was seamless, and most users didn’t notice. There are several ways that the App ID can be customized. Because the microservices are deployed using IBM Cloud Continuous Delivery, we needed to configure App ID during the automatic toolchain-based deployment. In the following, I am going to give an overview of how to configure IBM Cloud App ID from the toolchain.

Cloud Insurance Co. - architecture

Cloud Insurance Co. Architecture


The whole Cloud Insurance Co. demo consists of several IBM Cloud services and functions implemented as microservices. The entire solution can be deployed via toolchain with the press of a single button. Users are taken to a browser-based configuration wizard. There, they pick GitHub repository names and decide which repository features get enabled. In a second step, they will specify app names and choose the code branch that gets deployed. Once the toolchain is created, it creates all the necessary objects, instantiates Cloud services, and deploys the apps.

Deploy and configure App ID

The App ID service is used for the insurance web portal to identify and authenticate users. The common central toolchain calls the deploy script for the insurance web portal. In that script, the services for the portal, including App ID, are created. The individual services are then set up.

To configure App ID, the tenant identifier and the related management URL are needed. Additionally, for authentication, an IAM (Identity and Access Management) OAuth token is required. The deploy script uses the IBM Cloud CLI to perform the necessary steps. It logs into IBM Cloud, extracts the tenant ID and management URL from the App ID service key, and creates a new access token. Then it executes the “curl” command to configure App ID using its API. The configuration is taken from a JSON file. Here is the simplified version of the relevant parts in the deploy script.

echo Login IBM Cloud api=$CF_TARGET_URL org=$CF_ORG space=$CF_SPACE
bx login -a "$CF_TARGET_URL" --apikey "$IAM_API_KEY" -o "$CF_ORG" -s "$CF_SPACE"

# Create App ID services
bx service create appid "Graduated tier" insurance-bot-appid

# Set up App ID service
# Create service key from which to obtain managementUrl
bx service key-create insurance-bot-appid for-pipeline
# managementUrl includes tenantId
APPID_MGMT_URL=`bx service key-show insurance-bot-appid for-pipeline | grep "\"managementUrl\"" | awk '{print $2}' | tr -d '","'`
# We need the IAM token
IAM_OAUTH_TOKEN=`bx iam oauth-tokens | sed -n 1p | awk 'NF>1{print $NF}'`

# Now configure App ID for Cloud Directory
curl -v -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' \
--header "Authorization: Bearer $IAM_OAUTH_TOKEN" \
-d @$FILENAME $APPID_MGMT_URL/config/idps/cloud_directory


We recently replaced our own user management with an off-the self-solution, IBM Cloud App ID. Everything was seamless, and most users didn’t notice any changes. After some investigation, we found that App ID can be easily configured from the toolchain, and it fits nicely in with the existing continuous delivery process.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

Technical Offering Manager / Developer Advocate

More How-tos stories
May 7, 2019

We’ve Moved! The IBM Cloud Blog Has a New URL

In an effort better integrate the IBM Cloud Blog with the IBM Cloud web experience, we have migrated the blog to a new URL:

Continue reading

May 6, 2019

Use IBM Cloud Certificate Manager to Obtain Let’s Encrypt TLS Certificates for Your Public Domains

IBM Cloud Certificate Manager now lets you obtain TLS certificates signed by Let’s Encrypt. Let’s Encrypt is an automated, ACME-protocol-based CA that issues free certificates valid for 90 days.

Continue reading

May 1, 2019

What’s Included in the IBM Cloud Developer Tools Version 2.2.0

I’m pleased to announce the latest version of IBM Cloud Developer Tools CLI, which contains some exciting new features.

Continue reading