OAuth-Based SSO Authentication Setup

Supports OAuth-based Single Sign-On (SSO), allowing you to authenticate through external identity providers like GitHub or any enterprise identity platforms.

About this task

Configuration Parameters
Set the following parameters as environment variables: 
OAUTH_CLIENT_ID=your_client_id
OAUTH_CLIENT_SECRET=your_client_secret
OAUTH_AUTHORIZE_URL=https://provider.com/oauth/authorize
OAUTH_ACCESS_TOKEN_URL=https://provider.com/oauth/token
OAUTH_REDIRECT_URL=https://your-app.com/auth
OAUTH_CALLBACK_URL=/
OAUTH_JWKS_URI=https://provider.com/.well-known/jwks.json
OAUTH_API_BASE_URL=https://api.provider.com/
OAUTH_CLIENT_KWARGS={"scope": "openid email profile"}

The following parameters can be added to db2bridge_config.properties in /var/lib/ibm_db2bridge_platform directory.

Table 1. Parameter descriptions
Parameter Description
OAUTH_CLIENT_ID OAuth client ID from your provider
OAUTH_CLIENT_SECRET OAuth client secret from your provider
OAUTH_AUTHORIZE_URL Authorization endpoint of provider
OAUTH_ACCESS_TOKEN_URL Token endpoint of provider
OAUTH_REDIRECT_URL Callback URL of your application
OAUTH_CALLBACK_URL Frontend redirecting URL after authentication
OAUTH_JWKS_URI JWKS endpoint (for OIDC) for provider
OAUTH_API_BASE_URL API base URL of provider
OAUTH_CLIENT_KWARGS Additional OAuth parameters (JSON)

Procedure

  1. Register your application with the OAuth provider.
  2. Retrieve your application credentials (client ID and client Secret).
  3. Configure the redirect URI in the settings of your OAuth provider.
  4. Open the configuration file db2bridge_config.properties from /var/lib/ibm_db2bridge_platform directory and update the required variables.
  5. Run the db2bridge_setup command to apply and activate the updated settings.