Accessing Managed services by using a custom URL

You can access Managed services by using a custom URL.

Before you begin

An ingress must be defined in your cluster.

About the task

You need to perform the procedure from a node that can run OpenShift Client (oc) commands.


  1. Set up variables with necessary information.

    FIP=<IBM Cloud Pak for Multicloud Management Hostname or IP>
    OAUTH2_CLIENT_REGISTRATION_SECRET=$(oc -n ibm-common-services get secret platform-oidc-credentials -o yaml | grep OAUTH2_CLIENT_REGISTRATION_SECRET | awk '{ print $2}' | base64 --decode)
    TSA_WLP_CLIENT_ID=$(oc -n management-infrastructure-management get secrets cam-oauth-client-secret -o yaml -o yaml | grep CLIENT_ID | awk '{ print $2}' | base64 --decode)
  2. Verify whether the variables have values.

    echo $FIP
  3. Download Managed services OIDC registration using the following command:

    curl -kvv -X GET -u oauthadmin:$OAUTH2_CLIENT_REGISTRATION_SECRET https://$FIP/idauth/oidc/endpoint/OP/registration/$TSA_WLP_CLIENT_ID | python -m json.tool > tsa-oidc-registration.json
  4. Modify the resulting tsa-oidc-registration.json file.

    1. Remove client_id_issued_at and registration_client_uri attributes.
    2. Under the redirect_uris section, add the following entries:


      Note: To access the Managed services by using a domain name and Managed services port, replace <custom_ingresss_or_hostname_and_port> with <domain_name>:<port>. If you created an ingress to access Managed services, replace <custom_ingresss_or_hostname_and_port> with the ingress hostname and port.

  5. Update Managed services OIDC registration.

    curl -kvv -X PUT -u oauthadmin:$OAUTH2_CLIENT_REGISTRATION_SECRET -H "Content-Type: application/json" -d @tsa-oidc-registration.json https://$FIP/idauth/oidc/endpoint/OP/registration/$TSA_WLP_CLIENT_ID