Adding redirect URL

Add a redirect URL in the OpenID Connect (OIDC) server before you use OIDC for user authentication in IBM Security Guardium Key Lifecycle Manager.

About this task

Configure the redirect URL in the OIDC server. The redirect URL might look as shown in the following example.
https://hostname:9443/oidcclient/redirect/<clientname>
For more information around redirecting URL, refer to the documentation of the OIDC provider.

Obtain the <clientname> from the server.xml file that is located on the server where IBM Security Guardium Key Lifecycle Manager is installed. Use the following steps to get <clientname>.

Procedure

  1. Go to the following path:
    Windows
    C:\Program Files\IBM\WebSphere\Liberty\usr\servers\gklm421.
    Linux®
    /opt/IBM/WebSphere/Liberty/usr/servers/gklm421server.
  2. Open the server.xml file.
  3. In the file, locate the tag <openidConnectClient. Inside the tag, search the value for clientId as shown in the following example.
    <openidConnectClient clientId="sklmRP4" clientSecret="
    {custom}
    MDI0NzI1Q0Y1NjE2MDI5NjJCMDc3QTZBODkyQkI4MzQ=" discoveryEndpointUrl="https://sklm.ibm.com/oidc/endpoint/OP/.well-known/openid-
    configuration" id="sklmRP4" inboundPropagation="supported" scope="openid profile email" userIdentifier="sub" 
    validationEndpointUrl="https://sklm.ibm.com:443/oidc/endpoint/OP/introspect" validationMethod="introspect"/>
  4. Specify the value of clientId in the <clientname> parameter of the redirect URL.