Enable IBMid for WebSphere Commerce

We can optionally enable IBMid authentication so that business users can use their IBMid credentials as a single sign-on to access web-based tools such as Management Center, IBM Commerce Insights, and IBM Watson Content Hub.

We can use an IBM provided Run Engine command to enable IBMid. There are multiple ways to enable IBMid single sign-on, depending on how we want to update ts-app.

Procedure

• Enable IBMid by building a new Docker image and deploying the new image.

  1. Create a Dockerfile to build a new ts-app image.

  2. Add the following Run Engine command to configure IBMid single sign-on.
     run set-oidc-configuration BLUE_ID_SERVER OIDC_CLIENT_ID OIDC_CLIENT_SECRET BLUE_ID_PROVIDERHOST

     Where

     BLUE_ID_SERVER	The IBMid server. For example, idaas.iam.ibm.com.
     OIDC_CLIENT_ID	The Client ID for IBMid.
     OIDC_CLIENT_SECRET	The Client secret for IBMid.
     BLUE_ID_PROVIDERHOST	The registered machine's full hostname and port.

     For example,

     FROM mydockerrepo.com/commerce/ts-app:latest
     run set-oidc-configuration idaas.iam.ibm.com YmNlND1yN1WtMzg4YiOO zmU4MTdj0DgtZDJmYyoo https://myurl:<port>

     Note: If you do not have a client ID or client secret, contact IBM Support.

  3. Build the new Docker image.
     docker build -t ts-app:tag

     For example,

     docker build -t ts-app:v2-20180101

  4. Deploy the image to the environment.

  5. Login to Management Center by using your IBMid username and password to verify that single sign-on is enabled.
     https://hostname:8000/lobtools

  6. If your IBMid is not linked with your account, we are prompted to link accounts. Enter the WebSphere Commerce username and password and click Link. After your IBMid is linked with the WebSphere Commerce username, the tool opens.

• Enable IBMid dynamically when starting the ts-app container.

  This method is suitable if you have multiple environments, such as QA, test, and production. By calling the Run Engine command during docker run, we can specify the target environment and additional required configurations.

  1. Stop your existing ts-app container.

  2. Start the ts-app container in CUSTOM mode with your specific environment values.

     docker run -it \
                       -e LICENSE=accept  \
                       <ts-app_image_id>  \
                       OVERRIDE_PRECONFIG=true set-oidc-configuration BLUE_ID_SERVER OIDC_CLIENT_ID OIDC_CLIENT_SECRET BLUE_ID_PROVIDERHOST  \
                       TENANT=<tenant_value>  \
                       ENVIRONMENT=<env_value> ENVTYPE=<env_type>  \
                       STOREWEB_HOST=<InternalWebHost>  \
                       DBHOST=<DBHOST>  \
                       DBNAME=<DBNAME>  \
                       DBPASS=<DBPASS>  \
                       DBPORT=<DBPORT>  \
                       DBUSER=<DBUSER>  \
                       DBHOST_LIVE=<DBHOST_LIVE>  \
                       DBNAME_LIVE=<DBNAME_LIVE>  \
                       DBPASS_LIVE=<DBPASS_LIVE>  \
                       DBPORT_LIVE=<DBPORT_LIVE>