Technical Blog Post
Abstract
How to enable OpenID Connect (OIDC) for connection APM to TCR
Body
Problem:
We disabled OpenID Connect (OIDC) to set single sign on (SSO) with Tivoli Common Reporting (TCR) and is not working since Lightweight Directory Access Protocol (LDAP) is not used. We need the steps to re-enable OIDC.
Resolving the problem:
To enable OIDC do following steps:
1) Ensure that APM UI console users can reach port 8099 on the APM server.
2) apm stop_all
3) Edit /opt/IBM/IPM8/wlp/usr/servers/apmui/user-exit.xml and remove this attribute:
ssoDomainNames=".intranet.cajastur.es"
so that you have:
<webAppSecurity ssoRequiresSSL="true" />
4) Edit /opt/IBM/IPM8/wlp/usr/servers/apmui/server.xml and uncomment the include of server-relying-party.xml so the line looks like this:
<include optional="true" location="server-relying-party.xml" />
5) Edit /opt/IBM/IPM8/wlp/usr/servers/apmui/server-itportal.xml and change
com.ibm.tivoli.blaze_2.3.0.8.ltpasso.eba
to
com.ibm.tivoli.blaze_2.3.0.8.eba
6) Edit /opt/IBM/IPM8/wlp/usr/servers/uviews/user-exit.xml and remove this attribute:
ssoDomainNames=".intranet.cajastur.es"
so that you have:
<webAppSecurity ssoRequiresSSL="true" />
7) Edit /opt/IBM/IPM8/wlp/usr/servers/uviews/server.xml and uncomment the include of server-relying-party.xml so the line looks like this:
<include optional="true" location="server-relying-party.xml" />
8) Run this script:
/opt/IBM/IPM8/ccm/configureConsole.sh gIan08pW0rd apmadmin apmpass
9) apm stop apmui
10) apm start_all
11) Run the ksn_enable.sh script to get the Synthetic Script Manager UI page to appear by running these commands. Specify your apmadmin password for the APMADMIN_PASSWORD variable value:
export JAVA_HOME=/opt/IBM/IPM8/java
export INSTALL_DIR=/opt/IBM/IPM8
export APMADMIN_USERNAME=apmadmin
export APMADMIN_PASSWORD=your-apmadmin-password
cd /opt/IBM/IPM8/synthetic
./ksn_enable.sh
12) Restart with following steps
apm stop apmui
apm stop server1
apm start server1
apm start apmui
Reference:
Disabling OpenID Connect authentication for the Cloud APM console
https://www.ibm.com/support/knowledgecenter/SSHLNR_8.1.4/com.ibm.pm.doc/install/integ_disable_openID_conn.htm
UID
ibm11277410