When a custom hostname is used for the RQA
Administrator dashboards, the OpenShift® administrator
can follow the steps that are mentioned to register RQA as a
client in the Jazz Authorization Server. Complete this
process only if you want to use the liberty-based authentication, such as Jazz Authorization Server
authorization.
Before you begin
Create redirect URLS and trusted URI prefixes for JAS client registration.You can use a
custom hostname for the RQA
Administrator dashboard. You need to create an appropriate redirect URL for the RQA
Administrator dashboard and keep it handy. You require them when you register RQA as a
client with the Jazz Authorization Server.
Redirect URLs when you use a custom hostname:
You can use a custom hostname instead
of the default hostname that is generated by RQA
operator when you deploy RQA. The
hostname must be registered with the Domain Name System (DNS) and must reference the OpenShift cluster IP.
See the following
examples:
Example:
- Administrator dashboard: https://rqa-admin.xyz.com/auth/sso/callback
Trusted URI prefixes: Trusted URI prefixes are the endpoints without any path
parameter.
Example:
- Administrator dashboard: https://rqa-admin.xyz.com/
Procedure
If you use the custom hostname, complete the following steps to submit the Jazz client registration request. You can use an appropriate REST client, such as postman
to submit the
client registration request.
- In the update client window, click the
Authorization tab.
- From the TYPE list, select Basic Auth, and
enter your RQA primary administrator's Jazz username and password in the Username and
Password fields.
The token is automatically generated and
shown under the
Headers tab.
Example:
- Click the Body tab and provide the details, such as
redirect_uris
and trusted_uri_prefixes
that you noted down earlier. Example:
{
"client_secret_expires_at": 0,
"token_endpoint_auth_method": "client_secret_basic",
"scope": "openid profile",
"grant_types": [
"authorization_code",
"client_credentials",
"implicit",
"refresh_token",
"urn:ietf:params:oauth:grant-type:jwt-bearer"
],
"response_types": [
"code",
"token",
"id_token token"
],
"application_type": "web",
"subject_type": "public",
"preauthorized_scope": "openid profile",
"introspect_tokens": true,
"trusted_uri_prefixes": [
"https://customadminhost.apps.clusteraddress.xyz.com/"
],
"resource_ids": [],
"client_name": "RQATenant",
"redirect_uris": [
"https://customadminhost.apps.clusteraddress.xyz.com/auth/sso/callback"
],
"allow_regexp_redirects": false
}
- Click Send. The RQA
client is created.
In the
Response pane, the
RQA
client details are shown that includes the details, such as
client_id
and
client_secret
.
Example:
"client_id_issued_at": 1582014795,
"registration_client_uri": "https://rqa-jas.clusteraddress.xyz.com:9643/oidc/endpoint/jazzop/registration/d0c17f4b451f4c0ea03d09019e587e82",
"client_secret_expires_at": 0,
"token_endpoint_auth_method": "client_secret_basic",
"scope": "openid profile",
"grant_types": [
"authorization_code",
"client_credentials",
"implicit",
"refresh_token",
"urn:ietf:params:oauth:grant-type:jwt-bearer"
],
"response_types": [
"code",
"token",
"id_token token"
],
"application_type": "web",
"subject_type": "public",
"post_logout_redirect_uris": [],
"preauthorized_scope": "openid profile",
"introspect_tokens": true,
"trusted_uri_prefixes": [
"https://localhost/",
"https://customadminhost.apps.clusteraddress.xyz.com/",
],
"resource_ids": [],
"functional_user_groupIds": [],
"client_id": "d0c17f4b451f4c0ea03d09019e587e82",
"client_secret": "bSHUrrqSJNe1YCfCBK8oPESV31Ho22xU1EOjerermZKcczTyofyZ540Ztd6I",
"client_name": "RQATenant",
"redirect_uris": [
"https://customadminhost.apps.clusteraddress.xyz.com/auth/sso/callback",
],
"allow_regexp_redirects": false
}
- Click the Body tab and provide the following
details:
Example:
{
"client_secret_expires_at": 0,
"token_endpoint_auth_method": "client_secret_basic",
"scope": "openid profile",
"grant_types": [
"authorization_code",
"client_credentials",
"implicit",
"refresh_token",
"urn:ietf:params:oauth:grant-type:jwt-bearer"
],
"response_types": [
"code",
"token",
"id_token token"
],
"application_type": "web",
"subject_type": "public",
"preauthorized_scope": "openid profile",
"introspect_tokens": true,
"trusted_uri_prefixes": [
"https://customadminhost.apps.clusteraddress.xyz.com/",
],
"resource_ids": [],
"client_name": "RQATenant",
"redirect_uris": [
"https://customadminhost.apps.clusteraddress.xyz.com/auth/sso/callback"
],
"allow_regexp_redirects": false
}
- Click Send. The RQA
client is created.
In the
Response pane, the
RQA
client details are shown that includes the details, such as
client_id
and
client_secret
.
Example:
{
"client_id_issued_at": 1582014795,
"registration_client_uri": "https://rqa-jas.clusteraddress.xyz.com:9643/oidc/endpoint/jazzop/registration/d0c17f4b451f4c0ea03d09019e587e82",
"client_secret_expires_at": 0,
"token_endpoint_auth_method": "client_secret_basic",
"scope": "openid profile",
"grant_types": [
"authorization_code",
"client_credentials",
"implicit",
"refresh_token",
"urn:ietf:params:oauth:grant-type:jwt-bearer"
],
"response_types": [
"code",
"token",
"id_token token"
],
"application_type": "web",
"subject_type": "public",
"post_logout_redirect_uris": [],
"preauthorized_scope": "openid profile",
"introspect_tokens": true,
"trusted_uri_prefixes": [
"https://localhost/",
"https://customadminhost.apps.clusteraddress.xyz.com/",
],
"resource_ids": [],
"functional_user_groupIds": [],
"client_id": "d0c17f4b451f4c0ea03d09019e587e82",
"client_secret": "bSHUrrqSJNe1YCfCBK8oPESV31Ho22xU1EOjerermZKcczTyofyZ540Ztd6I",
"client_name": "RQATenant",
"redirect_uris": [
"https:// customadminhost.apps.clusteraddress.xyz.com/auth/sso/callback",
],"allow_regexp_redirects": false
}
