IBM Support

How to enable OpenID Connect (OIDC) for connection APM to TCR

Technical Blog Post


Abstract

How to enable OpenID Connect (OIDC) for connection APM to TCR

Body

Problem:
We disabled OpenID Connect (OIDC)  to set single sign on (SSO) with Tivoli Common Reporting (TCR) and is not working since Lightweight Directory Access Protocol (LDAP) is not used. We need the steps to re-enable OIDC.

 

Resolving the problem:
To enable OIDC do following steps:
1) Ensure that APM UI console users can reach port 8099 on the APM server.
2) apm stop_all
3) Edit /opt/IBM/IPM8/wlp/usr/servers/apmui/user-exit.xml  and remove this attribute:
ssoDomainNames=".intranet.cajastur.es"
so that you have:
<webAppSecurity ssoRequiresSSL="true" />
4) Edit /opt/IBM/IPM8/wlp/usr/servers/apmui/server.xml and uncomment the include of server-relying-party.xml so the line looks like this:
<include optional="true" location="server-relying-party.xml" />
5) Edit /opt/IBM/IPM8/wlp/usr/servers/apmui/server-itportal.xml and change
com.ibm.tivoli.blaze_2.3.0.8.ltpasso.eba
to
com.ibm.tivoli.blaze_2.3.0.8.eba
6) Edit /opt/IBM/IPM8/wlp/usr/servers/uviews/user-exit.xml  and remove this attribute:
ssoDomainNames=".intranet.cajastur.es"
so that you have:
<webAppSecurity ssoRequiresSSL="true" />
7) Edit /opt/IBM/IPM8/wlp/usr/servers/uviews/server.xml and uncomment the include of server-relying-party.xml so the line looks like this:
<include optional="true" location="server-relying-party.xml" />
8) Run this script:
/opt/IBM/IPM8/ccm/configureConsole.sh gIan08pW0rd apmadmin apmpass
9)  apm stop apmui
10)  apm start_all
11) Run the ksn_enable.sh script to get the Synthetic Script Manager UI page to appear by running these commands. Specify your apmadmin password for the APMADMIN_PASSWORD variable value:
export JAVA_HOME=/opt/IBM/IPM8/java
export INSTALL_DIR=/opt/IBM/IPM8
export APMADMIN_USERNAME=apmadmin
export APMADMIN_PASSWORD=your-apmadmin-password
cd /opt/IBM/IPM8/synthetic
./ksn_enable.sh
12) Restart with following steps
apm stop apmui
apm stop server1
apm start server1
apm start apmui

 

Reference:
Disabling OpenID Connect authentication for the Cloud APM console
https://www.ibm.com/support/knowledgecenter/SSHLNR_8.1.4/com.ibm.pm.doc/install/integ_disable_openID_conn.htm

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSVJUL","label":"IBM Application Performance Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

UID

ibm11277410

Page Feedback