Supporting OIDC provider login in Operator

Configure the application to support OIDC provider login from IBM® Sterling Order Management System Software Operator.

1. Obtain the SSL certificate from your OIDC provider (OKTA, Google, or ADFS).
2. Add the certificate to the Operator. For more information, see Configuring security parameter.
3. Add an OIDC section in the common parameter of OMEnvironment and configure the following properties.

   common:
       oidc:
         enabled: true
         provider: <oidc_provider>
         discoveryurl: <sample_discovery_url>
         logouturl: <sample_logout_url>

4. Add the following properties in the secret that you created for the OMEnvironment.

   oidcClientId
   oidcSecret

5. Set the following property in sandbox.cfg and build a custom image. For more information, see Customizing certified containers.

   ENABLE_IBMID_AUTHENTICATION=true

6. If you are using a custom server.xml, configure your OIDC provider as explained in the following topics:
   • Configuring OKTA integration with Liberty
   • Configuring Google ID integration with Liberty
   • Configuring ADFS integration with Liberty
7. Create an OIDC user in Sterling Order Management System Software by using the ContactPersonInfo EMailID as shown in the following sample.

   <User Localecode="en_US_EST" Username="sampleUsername" Loginid="sampleID" Password="samplePassword">
   	<ContactPersonInfo EMailID="sampleContact@mail.com"/>
   </User>

   Note: You can enable or disable OIDC for each individual AppServers.