After you upgrade to IBM Security QRadar® Suite Software version
1.11.11, you need to reconfigure your
Security Assertion Markup Language (SAML) protocol to use the single sign-on (SSO)
authentication method between IBM Security QRadar Suite Software and your
IBM® Security Verify enterprise identity
provider.
About this task
If you configured SAML or OIDC for single
sign-on before the upgrade, you must reconfigure the IDP as the cp-console and
other foundational services routes are updated after the fresh installation of foundational
services. For more information, see Step 4: Upgrade IBM Cloud Pak.
Support for SSO is provided through the IBM Cloud Pak®
foundational services component, which is installed with
QRadar Suite Software. You must have administration
permission in Verify and foundational services to complete the procedure.
Procedure
- Retrieve the new
cp-console route by using the following command.
export CP4S_NAMESPACE=<cp4s_namespace>
oc get routes cp-console -n $CP4S_NAMESPACE -o jsonpath='{.spec.host}' | awk '{print $1}'
- Update the fields that contain the old
cp-console route.
- In IBM Security Verify, click
.
- From the list of applications, hover over the configured identity provider SAML
application and click the settings icon.
- Go to the Sign-on tab, and then edit the
cp-console route in the Provider ID, Assertion
Consumer Service URL (HTTP-POST), and Single Logout URL
(HTTP-POST) fields.
In the following example, the
cp-console route in the
URIs field is updated to
cp-console-cp4s, where
cp4s is the namespace.
cp-console.apps.host.cp.fyre.ibm.com
cp-console-cp4s.apps.host.cp.fyre.ibm.com
In
the following example, the
cp-console route in the
Provider
ID field is updated to
cp-console-cp4s, where
cp4s is
the
namespace.
cp-console.apps.host.cp.fyre.ibm.com/ibm/saml20/defaultSP
cp-console-cp4s.apps.host.cp.fyre.ibm.com/ibm/saml20/defaultSP