WebSphere Application Server & Liberty

 View Only
  • 1.  WebSphere & FileNet OIDC configuration

    Posted Sat March 25, 2023 02:03 PM

    Hi All,

    After the IBM Content Navigator configured deployed with OIDC In the login page as shown below . If we click on Authenticate with google sign in it's not redirecting refreshing and staying in the same page any thoughts on this please. If i change the relay properties to auto redirection then It's able to login with IDP users but LDAP users can't login as it's auto redirecting to the IDP login page. As i want to login from both the entities any thoughts.



    ------------------------------
    Nreddy Nreddy
    ------------------------------


  • 2.  RE: WebSphere & FileNet OIDC configuration

    Posted Mon March 27, 2023 12:21 PM

    Hi RN,

    Are you using WebSphere Application Server or Liberty?  Also, which version?  If you're using Liberty, are you using openidConnectClient or socialLogin features?

    With each runtime, there is a property to map users to the registry?  WebSphere: provider_(id).mapIdentityToRegistryUser, Liberty (openidConnectClient): mapIdentityToRegistryUser.  In both, the default is false.   I'm not sure if you have a choice with social.  Do you have that property set to true?  Do your google users exist in your LDAP registry?  If so, is there a specific claim in the id_token that matches up to the principal name?



    ------------------------------
    Barbara Jensen
    ------------------------------



  • 3.  RE: WebSphere & FileNet OIDC configuration

    Posted Mon March 27, 2023 03:31 PM

    Hi Barbara,

    I'm using the WebSphere Application Server 9.0.5.13. 

     mapIdentityToRegistryUser --> false 

    The  user does not exist in ldap.



    ------------------------------
    RN
    ------------------------------



  • 4.  RE: WebSphere & FileNet OIDC configuration

    Posted Tue March 28, 2023 02:28 PM

    Take a look at this blog on configuring OIDC with ICN on traditional WebSphere
    https://community.ibm.com/community/user/automation/blogs/roger-bacalzo1/2021/05/28/how-to-configure-sso-with-fncm-on-websphere-nd

    Make sure you set the JVM arguments as described on Step 10.3  ICN JVM Options for Multiple Identity Provider Configuration of that blog.



    ------------------------------
    ROGER Bacalzo
    ------------------------------