IBM Security Verify
Follow these guidelines to configure IBM Security Verify as an OAuth 2.0 provider for your instance of IDE Services.
Prerequisites
You have a registered IBM Verify Administrator account.
You have created an application.yaml file to configure your IDE Services Server.
Add IDE Services to IBM Security Verify
Start by creating and setting up a custom application using the IBM Security Verify administration console. For more details, refer to the official documentation.
Access the IBM Security Verify administration console and log in with your credentials.
Go to and click Add Application. Select Custom Application and click Add application.
On the General tab, specify the general application details as described in the official documentation.
Open the Sign-on tab and specify the following details:
Sign-on method: select Open ID Connect 1.0 from the list.
Application URL: provide your organization's public server URL. This value has to match the deployment URL set in your server configuration file.
Grant types: select Authorization code.
Require proof key for code exchange (PKCE) verification: deselect the checkbox.
Redirect URIs: specify
https://<ide_services_server_domain.com>/api/login/authenticated
Open the Entitlements tab and assign users entitled to access and use the application instance.
Click Save to complete the setup.
After setting up the custom application, open its details and save the following information, as you will need it for your server configuration:
Client ID and Client secret: you can find these values in the application details on the Sign-on tab. This information is automatically generated after you save the custom application.
Login URL, Token URL, JWT certs URL: access the Well-known configuration at
https://<your_domain>.verify.ibm.com/oidc/endpoint/default/.well-known/openid-configuration. You can find the exact URL on the right side in the application details.Save the following values:
authorization_endpoint,token_endpoint,jwks_uri.
Configure IBM Security Verify in your server configuration file
After adding IDE Services to IBM Security Verify, you need to configure the authentication provider's details in your server configuration file.
- login-url
Provide a URL for logging in via IBM Security Verify.
You can obtain
authorization_endpointby requesting the Well-known configuration athttps://<your_domain>.verify.ibm.com/oidc/endpoint/default/.well-known/openid-configuration.- token-url
Provide a URL for obtaining an authorization token on the IBM Security Verify side.
You can obtain
token_endpointby requesting the Well-known configuration athttps://<your_domain>.verify.ibm.com/oidc/endpoint/default/.well-known/openid-configuration.- jwt-certs-url
Specify a URL to the JSON Web Key (JWK) set that is used to validate JSON Web Tokens (JWT).
You can obtain this URL from the Well-known configuration on the OneLogin portal. Open the application details, go to the SSO tab and click the Well-known Configuration link. Alternatively, you can request the Well-known configuration at
https://<your_OneLogin_domain>.onelogin.com/oidc/2/.well-known/openid-configuration.- client-id
Specify the public identifier for IDE Services used in IBM Security Verify.
- client-secret
Specify the client secret for IDE Services used in IBM Security Verify.
- required-scopes
Set the value to
[ "profile", "email", "openid"].- root-admin-emails
List emails of users that will receive admin rights.