Content Management and Capture

 View Only
  • 1.  Open ID Connect authentication for CPE

    Posted Tue February 08, 2022 07:07 AM
    Hello everyone, 

    I need to use Open ID Connect authentication for a CPE setup. CPE is supposed to support OIDC since ver. 5.5.4.

    Documentation in step 'Configuring Managed Users' describes the procedure to create a managed user directory. When creating a new Directory you must choose type "Managed" from the drop-down list

    I am using a 5.5.7 CPE but there is no "Managed option in the 'Type' drop-down list.

    Has anyone any idea what to do or succeeded using another way?

    BR 
    Christos


    ------------------------------
    Christos Chorattides
    Datatech
    ------------------------------


  • 2.  RE: Open ID Connect authentication for CPE

    Posted Wed February 09, 2022 01:02 PM
    We added support for OIDC/OAuth for traditional environments in CPE 5.5.8. Please refer to the following link for more information: https://www.ibm.com/docs/en/filenet-p8-platform/5.5.x?topic=ooip-configuring-identity-provider-traditional-websphere-application-server-environment

    ------------------------------
    RUTH Hildebrand-Lund
    ------------------------------



  • 3.  RE: Open ID Connect authentication for CPE

    Posted Wed February 09, 2022 03:30 PM
    "Managed" should be the last option in the Type drop-down list as described in https://www.ibm.com/docs/en/filenet-p8-platform/5.5.x?topic=providers-configuring-managed-users

    If you don't see it, make sure you are using the CPE 5.5.7 server you think you are by accessing it's ping page at https://host:port/FileNet/Engine.
    You should see the "Product Name" and "Build Version" there.

    Also, make sure you try from a private browser session to ensure you are not using a cached instance of ACCE that might be an older version.

    ------------------------------
    ROGER Bacalzo
    ------------------------------



  • 4.  RE: Open ID Connect authentication for CPE

    Posted Thu February 10, 2022 02:26 AM
    Thank you both.

    So pre-5.5.8. support was for container deployments only?

    I will upgrade to 5.5.8 and try again.

    @RUTH Hildebrand-Lund Do I skip the 'Configuring Managed Users' step where I create a new Directory Service provider and go directly to the "Configuring Identity Provider for a traditional WebSphere Application Server environment"?

    BR
    ​​​

    ------------------------------
    Christos Chorattides
    Datatech
    ------------------------------



  • 5.  RE: Open ID Connect authentication for CPE

    IBM Champion
    Posted Thu February 10, 2022 08:55 AM
    I believe you are correct that before 5.5.8 full OIDC support was container only.

    ------------------------------
    Eric Walk
    Director

    O: 617-453-9983 | NASDAQ: PRFT | Perficient.com
    ------------------------------



  • 6.  RE: Open ID Connect authentication for CPE

    Posted Thu February 10, 2022 01:05 PM
    Edited by ROGER Bacalzo Thu February 10, 2022 01:07 PM
    Yes, you will still need to do the "Configuring Managed Users" step to create your Managed Directory Service Provider in ACCE.

    In addition, to the knowledge center documentation, you might find these blogs useful when configuring OIDC support in traditional WebSphere
    How to Configure LTPA/OAuth/OIDC SSO with FileNet ICN, CS GraphQL, and CPE on WebSphere ND Application Server
    https://community.ibm.com/community/user/automation/blogs/roger-bacalzo1/2021/05/28/how-to-configure-sso-with-fncm-on-websphere-nd

    How to Configure LTPA/OAuth/OIDC SSO with FileNet ICN, CS GraphQL, and CPE on WebSphere traditional application server
    https://community.ibm.com/community/user/automation/blogs/roger-bacalzo1/2020/12/17/how-to-configure-sso-between-icn-and-cpe

    ------------------------------
    ROGER Bacalzo
    ------------------------------



  • 7.  RE: Open ID Connect authentication for CPE

    Posted Thu February 10, 2022 01:24 PM
    Thank you Roger,

    I am aware of the blog entry, just wasn't sure if it applied to my case.

    Thanks for clarifying.

    BR

    ------------------------------
    Christos Chorattides
    Datatech
    ------------------------------