IDE Services 2024.4 Help

IBM Security Verify

Follow these guidelines to configure IBM Security Verify as an OAuth 2.0 provider for your instance of IDE Services.

Prerequisites

  • You have a registered IBM Verify Administrator account.

  • You have created an application.yaml file to configure your IDE Services Server.

Add IDE Services to IBM Security Verify

Start by creating and setting up a custom application using the IBM Security Verify administration console. For more details, refer to the official documentation.

  1. Access the IBM Security Verify administration console and log in with your credentials.

  2. Go to Applications | Applications and click Add Application. Select Custom Application and click Add application.

  3. On the General tab, specify the general application details as described in the official documentation.

  4. Open the Sign-on tab and specify the following details:

    • Sign-on method: select Open ID Connect 1.0 from the list.

    • Application URL: provide your organization's public server URL. This value has to match the deployment URL set in your server configuration file.

    • Grant types: select Authorization code.

    • Require proof key for code exchange (PKCE) verification: deselect the checkbox.

    • Redirect URIs: specify https://<ide_services_server_domain.com>/api/login/authenticated

  5. Open the Entitlements tab and assign users entitled to access and use the application instance.

  6. Click Save to complete the setup.

After setting up the custom application, open its details and save the following information, as you will need it for your server configuration:

  • Client ID and Client secret: you can find these values in the application details on the Sign-on tab. This information is automatically generated after you save the custom application.

  • Login URL, Token URL, JWT certs URL: access the Well-known configuration at https://<your_domain>.verify.ibm.com/oidc/endpoint/default/.well-known/openid-configuration. You can find the exact URL on the right side in the application details.

    Save the following values: authorization_endpoint, token_endpoint, jwks_uri.

Configure IBM Security Verify in your server configuration file

After adding IDE Services to IBM Security Verify, you need to configure the authentication provider's details in your server configuration file.

tbe: auth: login-url: "https://<your-domain>.verify.ibm.com/v1.0/endpoint/default/authorize" token-url: "https://<your-domain>.verify.ibm.com/v1.0/endpoint/default/token" jwt-certs-url: "https://<your-domain>.verify.ibm.com/v1.0/endpoint/default/jwks" client-id: "application_identifier" client-secret: "your_client_secret" required-scopes: [ "profile", "email", "openid"] root-admin-emails: - "your.company.admin@example.com"
ides: config: auth: login-url: "https://<your-domain>.verify.ibm.com/v1.0/endpoint/default/authorize" token-url: "https://<your-domain>.verify.ibm.com/v1.0/endpoint/default/token" jwt-certs-url: "https://<your-domain>.verify.ibm.com/v1.0/endpoint/default/jwks" client-id: "application_identifier" client-secret: "your_client_secret" required-scopes: [ "profile", "email", "openid"] root-admin-emails: - "your.company.admin@example.com"
login-url

Provide a URL for logging in via IBM Security Verify.

You can obtain jwks_uri by requesting the Well-known configuration at https://<your_domain>.verify.ibm.com/oidc/endpoint/default/.well-known/openid-configuration.

token-url

Provide a URL for obtaining an authorization token on the IBM Security Verify side.

You can obtain jwks_uri by requesting the Well-known configuration at https://<your_domain>.verify.ibm.com/oidc/endpoint/default/.well-known/openid-configuration.

jwt-certs-url

Specify a URL to the JSON Web Key (JWK) set that is used to validate JSON Web Tokens (JWT).

You can obtain this URL from the Well-known configuration on the OneLogin portal. Open the application details, go to the SSO tab and click the Well-known Configuration link. Alternatively, you can request the Well-known configuration at https://<your_OneLogin_domain>.onelogin.com/oidc/2/.well-known/openid-configuration.

client-id

Specify the public identifier for IDE Services used in IBM Security Verify.

client-secret

Specify the client secret for IDE Services used in IBM Security Verify.

required-scopes

Set the value to [ "profile", "email", "openid"].

root-admin-emails

List emails of users that will receive admin rights.

Last modified: 09 December 2024