Let's consider the integration of APM Advanced 8.1.3 with TCR.
Reading the documentation, it seems like OIDC is required to be permanently disabled when you integrate APM with TCR and this sounds a little strange because OIDC was enabled by default when APM is installed.
Here we give answers to the following questions:
Why is OIDC required to be disabled?
If I disable it for the purpose of SSO for TCR, what other things could potentially be impacted i.e. not available in future (API tokens etc for using APIs), etc..?
Here are the answers to the questions raised:
In the Liberty version shipped with 8.1.3, OIDC login must be disabled in order to allow the LTPA token based single sign-on to work with TCR on traditional WAS. It is not necessary to disable OIDC if the lack of single sign-on can be tolerated. It should be noted that the process is completely reversible. The current limitation is rooted in the OpenID Connect Provider feature of Liberty. We expect that compatibility with LTPA SSO will be enabled in a future Liberty release.
That said, only access to the web application, the Performance Management User Interface, is affected by the disablement steps outlined in the knowledge center here:
Access to the public APIs remains unaffected. The APIs will still support Basic Authentication (protected by HTTPS) and OAuth2 ROPC token based authentication.
Subscribe and follow us for all the latest information directly on your social feeds: