Configuring authentication (Versions earlier than 5.0.0)
Configure OAuth2 authentication for Transformation Advisor ddddon a non-OpenShift Container Platform (non-OCP) installation by editing the security configuration script and restarting the product.
Before you begin
Ensure that an OAuth2 server is available and accessible before you begin this procedure.
Procedure
-
Go to the installation directory and stop Transformation Advisor.
-
Create the authentication configuration.
-
Start IBM Transformation Advisor.
Sample configuration for the Box.com OAuth2 server
The following example shows a complete .security_config configuration for the Box.com OAuth2 server.
TA_AUTH_ENABLE_TLS=false
TA_LOCAL_INTERNAL_SERVER_PORT=9080
TA_LOCAL_INTERNAL_UI_PORT=3000
TA_LOCAL_INTERNAL_DB_PORT=5984
TA_AUTH_UI_DISABLED=false
TA_AUTH_LIBERTY_DISABLED=false
TA_AUTH_OIDC_CLIENT_ID=lanjmi4l41orezoiz5ektitgnfvtoi4n
TA_AUTH_OIDC_CLIENT_SECRET=1N1CRuTdxlOM5c5XvH3PT3Ijv5Eeaf9r
TA_AUTH_IDENTITY_REQUEST_ENDPOINT=https://account.box.com
TA_AUTH_IDENTITY_REQUEST_ENDPOINT_PATH=/api/oauth2/authorize
TA_AUTH_IDENTITY_REQUEST_ENDPOINT_SCOPE=root_readonly
TA_AUTH_CALLBACK_STATE_PREFIX_PADDING=
TA_AUTH_TOKEN_REQUEST_ENDPOINT=https://api.box.com
TA_AUTH_TOKEN_REQUEST_ENDPOINT_PATH=/oauth2/token
TA_AUTH_TOKEN_VERIFICATION_ENDPOINT=https://api.box.com
TA_AUTH_TOKEN_VERIFICATION_ENDPOINT_PATH=/2.0/users/me
TA_AES_IV=
TA_AES_KEY=
Note: Some OAuth applications do not allow non-HTTPS callback URLs. If that is the case for your provider, the value of TA_AUTH_OIDC_CALLBACK_URI must use an HTTPS endpoint.
What to do next
Configuring MFA: To configure Multi-Factor Authentication (MFA) with your OAuth client, verify that MFA is enabled in your Identity Provider (IdP). This setting must be configured at the IdP level because OAuth depends on the provider to enforce multi-factor authentication during the login flow.