Supporting OIDC provider login in developer toolkit environment

You can configure the application to support OIDC provider login from the developer toolkit environment.

1. Collect the data of the user by configuring the following properties:
   1. OIDC_PROVIDER name
   2. OIDC_CLIENTID and OIDC_SECRET
   3. OIDC_DISCOVERYURL
   4. OIDC_LOGOUTURL
   5. OIDC_UNIQUECLAIM and OIDC_SECONDARYID

      In ADFS, if OIDC_UNIQUECLAIM and OIDC_SECONDARYID are not provided, the default values are sub and email.

   Note: OIDC_LOGOUTURL and OIDC_UNIQUECLAIM and OIDC_SECONDARYID properties are applicable only for ADFS. For other OIDC providers, yfs.properties must be overridden for logout, secondaryId, and UniqueClaim. For example, yfs.yfs.ibmid.provisioner.google.secondaryid=emailId.
2. Add the properties and set the OIDC_ENABLE flag to Y in the om-compose.properties file.
   • OIDC_ENABLE – Y or N.
   • OIDC_PROVIDER – ibmid, adfs, google, or okta.
   • OIDC_CLIENTID
   • OIDC_SECRET
   • OIDC_DISCOVERYURL

   The following properties are applicable only for ADFS:

   • OIDC_LOGOUTURL
   • OIDC_UNIQUECLAIM – Default value is sub.
   • OIDC_SECONDARYID – Default value is email.
3. Optional: To enable OIDC login for Order Hub add the following additional property to the om-compose.properties file:

   OIDC_REDIRECT_TO_RP_HOST_PORT=https://<hostname of the machine where appserver is located at>:9443

4. Apply the configuration.
   1. Import the certificate with the .cer or .crt extension by placing the certificate under the certificates directory of the developer toolkit. For more information, see ./om-compose.sh import-cert docker compose command.
   2. Build EAR and redeploy. This deployment applies only to setup or setup-upg commands of the developer toolkit. For more information, see Docker Compose commands reference.