Previous Topic: Install OpenID ConnectNext Topic: Update the UserInfo Endpoint

Single Sign-On ServiceSSO Getting Started GuideSSO Using CloudMinder as an OAuth Authorization ServerUpdate the Authorize Endpoint

Update the Authorize Endpoint

Note: Perform this procedure for each tenant for which you configure CA CloudMinder as an external IdP using OAuth. You only need to do this once per tenant, not once per OAuth client for that tenant.

Follow these steps:

  1. In the lower-left pane of the Policy Server interface, enter the following into the Search field: 
    authorize
  2. If more than one search result is returned, select the one that ends with <PREFIX>/auth/oauth/v2/authorize in brackets. For example:

    OAuth 2.0/oauth/v2 [<PREFIX>/auth/oauth/v2/authorize]

  3. Double-click to open the policy assertions for this endpoint.

    The list of assertions for this endpoint appear.

  4. In the policy assertion pane, enter the following into the Search field: 
    CHANGEME

    The system highlights the appropriate assertion.

  5. Double-click to open the assertion.
  6. Set the siteminder.resource context variable to the known protected resource path. The path has the following format: 
    /chs/redirect/tenant/forms

    To locate the protected resource path for the tenant:

    1. Log in to the CSP console.
    2. Click Policies, then Domain.
    3. In the left-hand menu, click Realms.
    4. Click to open the <TENANT>_chsforms_realm_es realm.

      Where <TENANT> is the name you assigned your tenant upon creation. Keep in mind that ten realms are listed per page, and that this realm may be on a subsequent page.

    5. The Resource Filter is your protected resource path. Copy and paste this value into the Expression field for the siteminder.resource context variable in the Layer 7 Policy Server.
  7. Click OK.
  8. Click Save and Activate.