Configuring SSO for advanced metadata import (Watson Knowledge Catalog)
After deploying Watson Knowledge Catalog, and if MANTA Automated Data Lineage for IBM Cloud Pak for Data is enabled, you will need to configure Single Sign On (SSO).
This post-installation task is required only for Cloud Pak for Data 4.6.0.
- Create a new
registration.json
file by copying the following:{ "token_endpoint_auth_method": "client_secret_basic", "client_id": "$MANTA_CLIENT_ID", "client_secret": "$MANTA_CLIENT_SECRET", "scope": "openid profile email", "grant_types": [ "authorization_code", "client_credentials", "password", "implicit", "refresh_token", "urn:ietf:params:oauth:grant-type:jwt-bearer" ], "response_types": ["code", "token", "id_token token"], "application_type": "web", "subject_type": "public", "post_logout_redirect_uris": ["https://$CPD_HOST_URL"], "preauthorized_scope": "openid profile email general", "introspect_tokens": true, "trusted_uri_prefixes": [ "https://$CPD_HOST_URL", "https://$CPD_HOST_URL:443" ], "redirect_uris": [ "https://$CPD_HOST_URL/manta/auth/realms/manta/broker/iam/endpoint" ] }
- Export the following variables:
export MANTA_CLIENT_ID=$(oc -n ${PROJECT_CPD_INSTANCE} get secret manta-credentials -o template='{ {.data.MANTA_CLIENT_ID} }' | base64 --decode) export MANTA_CLIENT_SECRET=$(oc -n ${PROJECT_CPD_INSTANCE} get secret manta-credentials -o template='{ {.data.MANTA_CLIENT_SECRET} }' | base64 --decode) export CPD_HOST_URL=$(oc -n ${PROJECT_CPD_INSTANCE} get route cpd -o template='{ {.spec.host} }')
- Replace the needed variables in the
registration.json
file by running the following commands:sed -i "s/\$CPD_HOST_URL/$CPD_HOST_URL/" registration.json sed -i "s/\$MANTA_CLIENT_ID/$MANTA_CLIENT_ID/" registration.json sed -i "s/\$MANTA_CLIENT_SECRET/$MANTA_CLIENT_SECRET/" registration.json
- Run the following commands to register the advanced metadata import feature:
export CP_CONSOLE_URL=$(oc -n ibm-common-services get route cp-console -o template='{ {.spec.host} }')
- Updated the project namespace to
ibm-common-services
and run the following commands:cloudctl login -a "https://$CP_CONSOLE_URL:443" --skip-ssl-validation (namespace: ibm-common-services) cloudctl iam oauth-client-register -f registration.json
- Updated the project namespace to
To configure Lightweight Directory Access Protocol (LDAP), see Connecting to your identity provider.
Parent topic: Post-installation setup for Watson Knowledge Catalog