Single Sign-On
IBM TRIRIGA Application Suite supports single sign-on (SSO) by using OIDC or SAML
OIDC
Create a secret like the following one to enable OIDC:
cat <<EOF | oc create -f -
kind: Secret
apiVersion: v1
metadata:
name: tas-oidc-secret
stringData:
method: oidc
cfg: |
<openidConnectClient
clientId="<application id from your registered app>"
clientSecret="<client secret that you created for your app>"
id="Azure"
issuerIdentifier="<issuer from OpenID Connect metadata document>"
tokenEndpointUrl="<token_endpoint from OpenID Connect metadata document>"
jwkEndpointUrl="<jwks_uri from OpenID Connect metadata document>"
authorizationEndpointUrl="<authorization_endpoint from OpenID Connect metadata document>"
signatureAlgorithm="RS256"
userIdentityToCreateSubject="preferred_username"
redirectToRPHostAndPort="https://<public host name>:<ssl port>"
>
</openidConnectClient>
EOF
SAML
Create a secret like the following one to enable SAML:
cat <<EOF | oc create -f -
kind: Secret
apiVersion: v1
metadata:
name: tas-saml-secret
stringData:
method: saml
cfg: |
<samlWebSso20 id="defaultSP" spLogout="true" authFilterRef="tasFilter"/>
<authFilter id="tasFilter">
<host id="myHost" name="<hostname to protect>" matchType="equals"/>
</authFilter>
idpMetadata.xml: |
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor entityID=...>
</md:EntityDescriptor>
EOF