Enable the OIDC web browser SSO (Accelerated deployment)

To enable OIDC (RP-Initiated) web SSO (SSO), complete the following task.

1. Update the app_secrets.yaml file to set the OIDC secrets as follows.

   sso_company: "<Company code>"
   sso_config_adminui: "<AdminUI OIDC WebSSO configuration for IBM Liberty, in the format <oidcclientconnect>..</oidcclientconnect>>"
   sso_config_personaui: "<PersonaUI OIDC  WebSSO configuration for IBM Liberty, in the format <oidcclientconnect>..</oidcclientconnect>>"
   

   Example

   sso_company: “demo”
   sso_config_adminui:  |
   <openidConnectClient id="adminRP" clientId="<Application-client-id>" clientSecret="<application-secret>" discoveryEndpointUrl="https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration" authnSessionDisabled="false" authFilterRef="authFilter" responseType="code"  scope="openid profile" grantType="implicit">
       </openidConnectClient><authFilter id="authFilter"> <requestUrl id="url" urlPattern="/" matchType="contains" /></authFilter>
   sso_config_personaui: |
   <openidConnectClient id="personaRP" clientId="="<Application-client-id>" " clientSecret="="<application-secret>" discoveryEndpointUrl="https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration" authnSessionDisabled="false" authFilterRef="authFilter" responseType="code"  scope="openid profile" grantType="implicit">
       </openidConnectClient> 
   <authFilter id="authFilter"> <requestUrl id="url" urlPattern="mdm_ui" matchType="contains" /><requestUrl id="excludeUrl" urlPattern="mdm_ui/assets/json" matchType="notContain" /></authFilter>
   

2. Enable SSO in the ipm_12.0.x_cr.yaml file by setting the value of the sso=1 and oidc=1 properties.
3. Install the Product Master services. For more information, see Deploying on the Kubernetes cluster.