Supporting OIDC provider login in Operator

Configure the application to support OIDC provider login from IBM® Sterling Order Management System Software Operator.

Procedure

  1. Obtain the SSL certificate from your OIDC provider (OKTA, Google, or ADFS).
  2. Add the certificate to the Operator. For more information, see security parameter.
  3. Add an OIDC section in the common parameter of OMEnvironment and configure the following properties.
    common:
        oidc:
          enabled: true
          provider: <oidc_provider>
          discoveryurl: <sample_discovery_url>
          logouturl: <sample_logout_url>
  4. Add the following properties in the secret that you created for the OMEnvironment.
    oidcClientId
    oidcSecret
  5. Set the following property in sandbox.cfg and build a custom image. For more information, see Customizing and generating container images.
    ENABLE_IBMID_AUTHENTICATION=true
  6. If you are using a custom server.xml, configure your OIDC provider as explained in the following topics:
  7. Create an OIDC user in Sterling Order Management System Software by using the ContactPersonInfo EMailID as shown in the following sample.
    <User Localecode="en_US_EST" Username="sampleUsername" Loginid="sampleID" Password="samplePassword">
    	<ContactPersonInfo EMailID="sampleContact@mail.com"/>
    </User>
    Note: You can enable or disable OIDC for each individual AppServers.