Single Sign-On

IBM TRIRIGA Application Suite supports single sign-on (SSO) by using OIDC or SAML

OIDC

Create a secret like the following one to enable OIDC:


cat <<EOF | oc create -f -
kind: Secret
apiVersion: v1
metadata:
  name: tas-oidc-secret
stringData:
  method: oidc
  cfg: |
    <openidConnectClient
      clientId="<application id from your registered app>"
      clientSecret="<client secret that you created for your app>"
      id="Azure"
      issuerIdentifier="<issuer from OpenID Connect metadata document>"
      tokenEndpointUrl="<token_endpoint from OpenID Connect metadata document>"
      jwkEndpointUrl="<jwks_uri from OpenID Connect metadata document>"
      authorizationEndpointUrl="<authorization_endpoint from OpenID Connect metadata document>"
      signatureAlgorithm="RS256"
      userIdentityToCreateSubject="preferred_username"
      redirectToRPHostAndPort="https://<public host name>:<ssl port>"
      >
    </openidConnectClient>
EOF 

SAML

Create a secret like the following one to enable SAML:


cat <<EOF | oc create -f -
kind: Secret
apiVersion: v1
metadata:
  name: tas-saml-secret
stringData:
  method: saml
  cfg: |
    <samlWebSso20 id="defaultSP" spLogout="true" authFilterRef="tasFilter"/>
    <authFilter id="tasFilter">
      <host id="myHost" name="<hostname to protect>" matchType="equals"/>
    </authFilter>
  idpMetadata.xml: |
    <?xml version="1.0" encoding="UTF-8"?>
    <md:EntityDescriptor entityID=...>
    </md:EntityDescriptor>
EOF