Accessing Managed services by using a custom URL
You can access Managed services by using a custom URL.
Before you begin
An ingress must be defined in your cluster.
About the task
You need to perform the procedure from a node that can run OpenShift Client (oc) commands.
Procedure
-
Set up variables with necessary information.
FIP=<IBM Cloud Pak for Multicloud Management Hostname or IP>OAUTH2_CLIENT_REGISTRATION_SECRET=$(oc -n ibm-common-services get secret platform-oidc-credentials -o yaml | grep OAUTH2_CLIENT_REGISTRATION_SECRET | awk '{ print $2}' | base64 --decode)TSA_WLP_CLIENT_ID=$(oc -n management-infrastructure-management get secrets cam-oauth-client-secret -o yaml -o yaml | grep CLIENT_ID | awk '{ print $2}' | base64 --decode) -
Verify whether the variables have values.
echo $FIPecho $OAUTH2_CLIENT_REGISTRATION_SECRETecho $TSA_WLP_CLIENT_ID -
Download Managed services OIDC registration using the following command:
curl -kvv -X GET -u oauthadmin:$OAUTH2_CLIENT_REGISTRATION_SECRET https://$FIP/idauth/oidc/endpoint/OP/registration/$TSA_WLP_CLIENT_ID | python -m json.tool > tsa-oidc-registration.json -
Modify the resulting
tsa-oidc-registration.jsonfile.- Remove
client_id_issued_atandregistration_client_uriattributes. -
Under the
redirect_urissection, add the following entries:"https://<custom_ingresss_or_hostname_and_port>/auth/liberty/callback""https://<custom_ingresss_or_hostname_and_port>/cam/auth/liberty/callback"Note: To access the Managed services by using a domain name and Managed services port, replace
<custom_ingresss_or_hostname_and_port>with<domain_name>:<port>. If you created an ingress to access Managed services, replace<custom_ingresss_or_hostname_and_port>with the ingress hostname and port.
- Remove
-
Update Managed services OIDC registration.
curl -kvv -X PUT -u oauthadmin:$OAUTH2_CLIENT_REGISTRATION_SECRET -H "Content-Type: application/json" -d @tsa-oidc-registration.json https://$FIP/idauth/oidc/endpoint/OP/registration/$TSA_WLP_CLIENT_ID