When registering an application with an Identity Provider, you can use the same clientId registration for each of the IBM Content Navigator, External Share, and Content Platform Engine instances in your environment. You must provide a redirect URL for each of these instances using the following pattern:
https://ingress.es-<ingress_host>/oidcclient/redirect/<Provider ID for each instance>
To
retrieve your <ingress_host>, use the following
command::
oc get ingress -n <namespace>
The command returns the full
Ingress URL under "HOST". <ingress_host> is created using the hostname property specified in the Custom Resource YAML file at the time of deployment for configuring your IBM Content Navigator, External Share, and Content Platform Engine instance.
Note: The operator
automatically creates the Ingress URL in this exact
pattern:
https://ingress.es-<hostname defined in Custom Resource YAML>
To
retrieve your <Provider ID for each instance> value, use the following
command:
oc get ingress -n <namespace>
oc describe ingress <ingress name> -n <namespace>
The
command returns a list of all the backend paths under "Backends", for example,
/oidcclient/redirect/ExShareGIDCPE. <Provider ID for each instance> is the
provider_name parameter that you specified in the Custom Resource YAML with the
instance acronym attached to it. For example, if you specified "ExShareGID" for your provider name,
your <Provider ID for each instance> would be the
following:
ExShareGIDCPE
ExShareGIDES
ExShareGIDNAV
As an example, for
Google Sign In Identity provider, the OAuth 2.0 client ID for ExShareGID has three Authorized
redirect URIs entered by the user, one for each
deployment:
https://ingress-es.hostname/oidcclient/redirect/ExShareGIDCPE
https://ingress-es.hostname/oidcclient/redirect/ExShareGIDES
https://ingress-es.hostname/oidcclient/redirect/ExShareGIDNAV