Configuring multiple identity providers for same authentication type

Starting in IBM® Maximo® Application Suite 9.0, you can configure multiple identity providers for the same authentication type, such as OIDC, SAML or LDAP, for user authentication.

Before you begin

Generate an API key and ensure that the API key that you generate has system admin permission. For more information about generating an API key, see Maximo Application Suite Admin APIs.

Procedure

Configure the SAML authentication type
1. Run the following command:
```
curl --location \
  --request PUT https://api.<masDomain>/config/saml/<idpId> \
  --header "x-access-token: <access token>" \
  --header "Content-Type: application/json" \
  --insecure \
  --data '{
    "spInitiatedLogout": true,
    "displayName": "SAML",
    "issuer": "saml",
    "serviceProviderName": "<service provider>",
    "nameIDFormat": "<name ID format>"
  }'
```
  Where
  <masDomain>
  
  The domain name for the Maximo Application Suite instance.
  
  <idpID>
  
  The unique name for the identity provider.
  
  <access token>
  
  The authentication token that was obtained from the API key generation.
  
  <service provider>
  
  The unique name of the service provider.
  
  <name ID format>
  The format that is used for the name ID. Use one of the following values:
  
  customize
  
  email
  
  encrypted
  
  entity
  
  kerberos
  
  persistent
  
  unspecified
  
  windowsDomainQualifiedName
  
  x509SubjectName
2. Download the SAML configuration .xml file.
3. Access the following URL:
  https://auth.<masDomain>/ibm/saml20/<serviceProviderName>/samlmetadata
  Tip: Wait for few minutes for the URL to become available.
4. Upload the SAML configuration .xml file to your identity provider.
5. Download the SAML metadata from your identity provider.
6. Run the following command to upload the SAML metadata from your identity provider to Maximo Application Suite
```
curl --location \
  --request PUT https://api.<masDomain>/config/saml/<idpId>/metadata \
  --header "x-access-token: <access token>" \
  --insecure \
  --form 'file=@"<file path>/<metadata filename>.xml"'
```
  Where
  
  <masDomain>
  
  The domain name for the Maximo Application Suite instance.
  
  <idpID>
  
  The unique name for the identity provider.
  
  <access token>
  
  The authentication token that was obtained from the API key generation.
  
  <file path>
  
  The location to which the metadata file is downloaded.
  
  <metadata filename>
  
  The name of the metadata file that is downloaded.
  The command generates the required resources.
  Tip: Wait for the operator to reconcile and the user interface to refresh and reflect the updates.
Configure the LDAP authentication type
1. Run the following command:
```
curl --location \
  --request PUT https://api.<masDomain>/config/ldap/<idpId> \
  --header "x-access-token: <access token>" \
  --header "Content-Type: application/json" \
  --insecure \
  --data '{
    "displayName": "LDAP",
    "url": "ldaps://<ldap url>",
    "baseDN": "dc=example,dc=com",
    "bindDN": "uid=<user id>,dc=example,dc=com",
    "bindPassword": "<password>",
    "userIdMap": "cn",
    "certificates": [
      {
        "alias": "intermediate",
        "crt": "-----BEGIN CERTIFICATE-----<cert value><snip>-----END CERTIFICATE-----"
      }
    ]
  }'
```
  Where
  
  <masDomain>
  
  The domain name for the Maximo Application Suite instance.
  
  <idpID>
  
  The unique name for the identity provider.
  
  <access token>
  
  The authentication token that was obtained from the API key generation.
  
  <user id>
  
  The name of the user for authentication.
  
  <password>
  
  The password that is set for the user.
  
  <cert value>
  
  The values or content available in the certificate.
  The command generates the required resources.
  Tip: Wait for the operator to reconcile, and the user interface to refresh and reflect the updates.