OpenID Connect setup for the Control Center user interface
The Control Center user interface integrates with OpenID Connect (OIDC) for authentication processing. This integration provides a higher level of security to the login process, such as two-factor authentication.
When a user logs in to the Control Center user interface, the OIDC principal is checked against the user table in the database for final validation. The user must exist in the FTM database to be allowed access to the Control Center user interface. All authorization to actions and pages is still stored in the FTM database.
You need to configure redirect URLs in your OIDC provider. You can also configure a user exit to use with OIDC. The following sections describe how to do this configuration.
Configure redirect URLs in your OIDC providers
https://<InstanceName><control-center route>/oidcclient/redirect/ftm
https://<InstanceName><core-ui-api route>/login/oauth2/code/ftm
https://<InstanceName><ftm-ui-ts route>/login/oauth2/code/ftm
.
Configure an OIDC user exit
You can use the sample OIDC user exit that is provided by FTM. If you want to use
this user exit, set the OIDC login user exit property to
com.ibm.paydir.userexit.samples.OIDCSampleUserExit
. For more information, see System properties.
You can also create your own user exit. Copy your user exit JAR file to the pv-ftm-application
persistent volume for the core-ui-api
deployment. It needs to be in the /opt/ibm/ftm/core-ui-api/lib folder. Then, provide the
class name of your user exit in the OIDC login user exit property.