Configuring IBM Cloud App ID From the Toolchain

5 min read

Configuring IBM Cloud App ID From the Toolchain

Recently, while refreshing our Cloud Insurance Co. demo, we replaced our own database-backed user management with Cloud Directory of IBM Cloud App ID. The change was seamless, and most users didn’t notice. There are several ways that the App ID can be customized. Because the microservices are deployed using IBM Cloud Continuous Delivery, we needed to configure App ID during the automatic toolchain-based deployment. In the following, I am going to give an overview of how to configure IBM Cloud App ID from the toolchain.


Cloud Insurance Co. Architecture


The whole Cloud Insurance Co. demo consists of several IBM Cloud services and functions implemented as microservices. The entire solution can be deployed via toolchain with the press of a single button. Users are taken to a browser-based configuration wizard. There, they pick GitHub repository names and decide which repository features get enabled. In a second step, they will specify app names and choose the code branch that gets deployed. Once the toolchain is created, it creates all the necessary objects, instantiates Cloud services, and deploys the apps.

Deploy and configure App ID

The App ID service is used for the insurance web portal to identify and authenticate users. The common central toolchain calls the deploy script for the insurance web portal. In that script, the services for the portal, including App ID, are created. The individual services are then set up.

To configure App ID, the tenant identifier and the related management URL are needed. Additionally, for authentication, an IAM (Identity and Access Management) OAuth token is required. The deploy script uses the IBM Cloud CLI to perform the necessary steps. It logs into IBM Cloud, extracts the tenant ID and management URL from the App ID service key, and creates a new access token. Then it executes the “curl” command to configure App ID using its API. The configuration is taken from a JSON file. Here is the simplified version of the relevant parts in the deploy script.

echo Login IBM Cloud api=$CF_TARGET_URL org=$CF_ORG space=$CF_SPACE<br>
bx login -a "$CF_TARGET_URL" --apikey "$IAM_API_KEY" -o "$CF_ORG" -s "$CF_SPACE"<p></p>
<p># Create App ID services<br>
bx service create appid "Graduated tier" insurance-bot-appid</p>
<p># Set up App ID service<br>
# Create service key from which to obtain managementUrl<br>
bx service key-create insurance-bot-appid for-pipeline<br>
# managementUrl includes tenantId<br>
APPID_MGMT_URL=`bx service key-show insurance-bot-appid for-pipeline | grep "\"managementUrl\"" | awk '{print $2}' | tr -d '","'`<br>
# We need the IAM token<br>
IAM_OAUTH_TOKEN=`bx iam oauth-tokens | sed -n 1p | awk 'NF&gt;1{print $NF}'`</p>
<p># Now configure App ID for Cloud Directory<br>
curl -v -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' \<br>
           --header "Authorization: Bearer $IAM_OAUTH_TOKEN" \<br>
           -d @$FILENAME  $APPID_MGMT_URL/config/idps/cloud_directory<br>


We recently replaced our own user management with an off-the self-solution, IBM Cloud App ID. Everything was seamless, and most users didn’t notice any changes. After some investigation, we found that App ID can be easily configured from the toolchain, and it fits nicely in with the existing continuous delivery process.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.


Be the first to hear about news, product updates, and innovation from IBM Cloud