Obtain login tokens for OpenID client authentication

When single sign-on authentication is enabled through OpenID Connect, GET method to obtain user login tokens for session authentication within the RESTful API, which is used to submit workload from an IBM® Spectrum Symphony client. With this API, you are redirected to your OpenID identity provider (IdP) for authentication.

Method URL Description
GET https://host_name:port/platform/rest/symrest/v1/auth/loginIDP Redirects to the OpenID IdP's login page for authentication and for OpenIdClient authorization.

Prerequisite

Your OpenID identity provider (IdP) must be set up and the OpenID client must be registered to your IdP. See Configuring OpenID authentication for RESTful API client workload.

Request

GET https://host_name:port/platform/rest/symrest/v1/auth/loginIDP
If you use curl, the command might look like the following example when /tmp/cookie is the file in which to save cookies:
curl --cacert /opt/ibm/spectrumcomputing/wlp/usr/shared/resources/security/cacert.pem --tlsv1.2 -X GET -iSsL -c /tmp/cookie https://mysymresthost.example.com:8050/platform/rest/symrest/v1/auth/loginIDP

This example uses the default self-signed CA certificate for the --cacert option (which is Installation_top\wlp\usr\shared\resources\security\cacert.pem for Windows and $EGO_TOP/wlp/usr/shared/resources/security/cacert.pem for Linux). For your production cluster, use a properly chained certificate that is signed by a trusted CA. Alternatively, instead of the --cacert option, use the -k option to specify an insecure connection.

After IdP authentication is complete, call the auth/login API to obtain the CSRF token, which you must add as a request parameter in subsequent POST, PUT, and DELETE calls. See Obtain login tokens for client authentication.

Response

Table 1. Response codes
Status code Description
200 OK - Successfully authenticated.
400 Bad request
401 Unauthorized
403 Forbidden