ELM 702 authentication with OIDC 2.0 Provider & LDAP ISDS
In my previous installation of CLM 6061, thick clients like Eclipse authenticates with LDAP Password (ie IBM Security Directory Server); web client authenticates with the corporate OIDC 2.0 Provider.
In ELM 702, thick client can authenticate with App Password; App password can be set up with a browser client. Do we still need ISDS for 702.
Please provide some instructions on how to configure ELM 702 with Jazz Authorization Server, IBM Security Directory Server & OIDC 702 provider like Google.
Please share the compatibility between ELM 702 & IBM Security Directory Server.
One answer
Hi,
Yes, you still need an LDAP server.
An Ldap server connection to JAS and JTS is always needed for User to Group Role mappings (JazzAdmins, JazzUsers etc). The LDAP server should ideally be the same as the Corporate OIDC provider, but we have customers who created a clone of the LDAP server to configure with JAS and JTS. ( ISDS in your configuration)
To configure with Google OIDC provider you can use the instructions below.:
https://www.ibm.com/docs/en/was-liberty/core?topic=liberty-configuring-social-login-in#twlp_sec_sociallogin__xgoogle
You would then need those users created in your LDAP server and map to the groups.
Comments
One of my client wants OIDC authentication for ELM 702. They are using Microsoft Identify Provider.
Please let me know if there would be compatibility issues.
Do we still need to install Jazz Authorization Server.
Hi
Yes. To configure ELM with a Third Party OIDC Provider or a SAML provider, Jazz Authorization Server is mandatory requirement.