Logging into Guardium Data Security Center

About this task

After completing the tasks in the previous two sections: Installation of SAML-based authentication and Configuring SAML SSO connection you should now be able to login to Guardium Data Security Center using SAML. The following image should appear.
Note: After logging in if you see a Forbidden message, add TRUSTED_HOSTS in the CR file, then restart the operator or wait for it to restart on its own.

Procedure

  1. To open the CR file, run the following command
    oc edit guardiuminsights
  2. Add the following lines under spec within the CR file by replacing TRUSTED_HOSTS.
    .......
    spec:
      insights:
        insightsEnv:
          # example:
          # <SAML auth server host> --> sysqa-gi.verify.ibm.com
          #    This would be the auth server that is used for SAML and should match with the host that was used to configure Guardium Insights login with
          # <IBM Common Service Console host> --> cp-console.apps.sys-gi-svl03.cp.fyre.ibm.com
          #    Can run command "oc get routes -n ibm-common-services cp-console -o jsonpath='{.spec.host}' | awk '{print $1}'" on openshift cluster to get the IBM common services host
          TRUSTED_HOSTS: '<SAML auth server host>,<IBM Common Service Console host>'
    .......
    
    

    For example:

  3. To restart the operator run the following commands.
    oc get pods|grep guardiuminsights-controller-manager

    Expected output:

    guardiuminsights-controller-manager-956bd88b4-q65hp
    1/1 Running 0 14h
    oc delete pod guardiuminsights-controller-manager-956bd88b4-q65hp

    Expected output:

    pod "guardiuminsights-controller-manager-956bd88b4-q65hp" deleted