When registering an application with an Identity
Provider, you can use the same clientId registration for each of the IBM Content Navigator and
Content Platform Engine instances in your environment. You must provide a redirect URL for each of
these instances using the following pattern:
https://ingress.es-<ingress_host>/oidcclient/redirect/<Provider ID for each instance>
To
retrieve your <ingress_host>, use the following
command::
oc get ingress -n <namespace>
The command returns the
full Ingress URL under "HOST". <ingress_host> is created using the hostname
property specified in the Custom Resource YAML file at the time of deployment for configuring your
IBM Content Navigator and Content Platform Engine instance.
Note: The operator automatically
creates the Ingress URL in this exact pattern:
https://ingress.es-<hostname defined in Custom Resource YAML>
To retrieve
your <Provider ID for each instance> value, use the following
command:
oc get ingress -n <namespace>
oc describe ingress <ingress name> -n <namespace>
The command returns
a list of all the backend paths under "Backends", for example,
/oidcclient/redirect/ExShareGIDCPE. <Provider ID for each instance> is
the
provider_name parameter that you specified in the Custom Resource YAML with
the instance acronym attached to it. For example, if you specified "ExShareGID" for your provider
name, your <Provider ID for each instance> would be the following:
ExShareGIDCPE
ExShareGIDES
ExShareGIDNAV
As an example, for Google Sign In Identity provider, the OAuth 2.0
client ID for ExShareGID has three Authorized redirect URIs entered by the user, one for each
deployment:
https://ingress-es.hostname/oidcclient/redirect/ExShareGIDCPE
https://ingress-es.hostname/oidcclient/redirect/ExShareGIDES
https://ingress-es.hostname/oidcclient/redirect/ExShareGIDNAV