Supporting OIDC provider login in Operator
Configure the application to support OIDC provider login from IBM® Sterling Order Management System Software Operator.
Procedure
- Obtain the SSL certificate from your OIDC provider (OKTA, Google, or ADFS).
- Add the certificate to the Operator. For more information, see security parameter.
- Add an OIDC section in the
common
parameter of OMEnvironment and configure the following properties.common: oidc: enabled: true provider: <oidc_provider> discoveryurl: <sample_discovery_url> logouturl: <sample_logout_url>
- Add the following properties in the secret that you created for the OMEnvironment.
oidcClientId oidcSecret
- Set the following property in sandbox.cfg and build a custom image.
For more information, see Customizing and generating container images.
ENABLE_IBMID_AUTHENTICATION=true
- If you are using a custom server.xml, configure your OIDC provider as explained in the following topics:
- Create an OIDC user in Sterling Order Management System Software by using the
ContactPersonInfo EMailID
as shown in the following sample.<User Localecode="en_US_EST" Username="sampleUsername" Loginid="sampleID" Password="samplePassword"> <ContactPersonInfo EMailID="sampleContact@mail.com"/> </User>
Note: You can enable or disable OIDC for each individual AppServers.