Obtain login tokens for OpenID client authentication
When single sign-on authentication is enabled through OpenID Connect, GET method to obtain user login tokens for session authentication within the RESTful API, which is used to submit workload from an IBM® Spectrum Symphony client. With this API, you are redirected to your OpenID identity provider (IdP) for authentication.
Method | URL | Description |
---|---|---|
GET | https://host_name:port/platform/rest/symrest/v1/auth/loginIDP | Redirects to the OpenID IdP's login page for authentication and for OpenIdClient authorization. |
Prerequisite
Your OpenID identity provider (IdP) must be set up and the OpenID client must be registered to your IdP. See Configuring OpenID authentication for RESTful API client workload.
Request
GET https://host_name:port/platform/rest/symrest/v1/auth/loginIDP
/tmp/cookie
is the file in which to save
cookies:curl --cacert /opt/ibm/spectrumcomputing/wlp/usr/shared/resources/security/cacert.pem --tlsv1.2 -X GET -iSsL -c /tmp/cookie https://mysymresthost.example.com:8050/platform/rest/symrest/v1/auth/loginIDP
This example uses the default self-signed CA certificate for the --cacert option (which is Installation_top\wlp\usr\shared\resources\security\cacert.pem for Windows and $EGO_TOP/wlp/usr/shared/resources/security/cacert.pem for Linux). For your production cluster, use a properly chained certificate that is signed by a trusted CA. Alternatively, instead of the --cacert option, use the -k option to specify an insecure connection.
After IdP authentication is complete, call the auth/login API to obtain the CSRF token, which you must add as a request parameter in subsequent POST, PUT, and DELETE calls. See Obtain login tokens for client authentication.
Response
Status code | Description |
---|---|
200 | OK - Successfully authenticated. |
400 | Bad request |
401 | Unauthorized |
403 | Forbidden |