Configuring SSO for advanced metadata import (Watson Knowledge Catalog)

After deploying Watson Knowledge Catalog, and if MANTA Automated Data Lineage for IBM Cloud Pak for Data is enabled, you will need to configure Single Sign On (SSO).

This post-installation task is required only for Cloud Pak for Data 4.6.0.

  1. Create a new registration.json file by copying the following:
    {
    "token_endpoint_auth_method": "client_secret_basic",
    "client_id": "$MANTA_CLIENT_ID",
    "client_secret": "$MANTA_CLIENT_SECRET",
    "scope": "openid profile email",
    "grant_types": [
    		"authorization_code",
    		"client_credentials",
    		"password",
    		"implicit",
    		"refresh_token",
    		"urn:ietf:params:oauth:grant-type:jwt-bearer"
    ],
    "response_types": ["code", "token", "id_token token"],
    "application_type": "web",
    "subject_type": "public",
    "post_logout_redirect_uris": ["https://$CPD_HOST_URL"],
    "preauthorized_scope": "openid profile email general",
    "introspect_tokens": true,
    "trusted_uri_prefixes": [
    		"https://$CPD_HOST_URL",
    		"https://$CPD_HOST_URL:443"
    ],
    "redirect_uris": [
    		"https://$CPD_HOST_URL/manta/auth/realms/manta/broker/iam/endpoint"
    ]
    }
    
  2. Export the following variables:
    export MANTA_CLIENT_ID=$(oc -n ${PROJECT_CPD_INSTANCE} get secret manta-credentials -o template='{ {.data.MANTA_CLIENT_ID} }' | base64 --decode)
    export MANTA_CLIENT_SECRET=$(oc -n ${PROJECT_CPD_INSTANCE} get secret manta-credentials -o template='{ {.data.MANTA_CLIENT_SECRET} }' | base64 --decode)
    export CPD_HOST_URL=$(oc -n ${PROJECT_CPD_INSTANCE} get route cpd -o template='{ {.spec.host} }')
    
  3. Replace the needed variables in the registration.json file by running the following commands:
    sed -i "s/\$CPD_HOST_URL/$CPD_HOST_URL/" registration.json
    sed -i "s/\$MANTA_CLIENT_ID/$MANTA_CLIENT_ID/" registration.json
    sed -i "s/\$MANTA_CLIENT_SECRET/$MANTA_CLIENT_SECRET/" registration.json
    
  4. Run the following commands to register the advanced metadata import feature:
    export CP_CONSOLE_URL=$(oc -n ibm-common-services get route cp-console -o template='{ {.spec.host} }') 
    
    1. Updated the project namespace to ibm-common-services and run the following commands:
      cloudctl login -a "https://$CP_CONSOLE_URL:443" --skip-ssl-validation (namespace: ibm-common-services)
      cloudctl iam oauth-client-register -f registration.json
      

To configure Lightweight Directory Access Protocol (LDAP), see Connecting to your identity provider.

Parent topic: Post-installation setup for Watson Knowledge Catalog