Single Sign-On Service › SSO Getting Started Guide › SSO Using CloudMinder as an OAuth Authorization Server › Update the Tenant Web Services Fragment

Update the Tenant Web Services Fragment

Note: Perform this procedure for each tenant for which you configure CA CloudMinder as an external IdP using OAuth. Perform this procedure once per tenant, not once per OAuth client for the tenant.

The connection to the tenant web service (TWS) will need to be set up to fetch tenant information for the presentation of the OAuth grant page. The necessary values can typically be found inside the chsConfig.properties file on the Secure Proxy Server.

Follow these steps:

1. Add logo to the tenant configuration using the User Console. Expand Tenant Administration and click Tenant Settings.
2. In the lower-left pane of the Policy Server interface, enter the following into the Search field:

   tws
   

3. If more than one search result is returned, select the one that ends with <PREFIX>/…/tws/TWS Fetch Tenant Information. For example:

   Policy Fragments/tws/TWS Fetch Tenant Information
   

4. Double-click to open the policy assertions for this fragment.

   The list of assertions for this fragment appear.

5. In the policy assertion pane, enter the following into the Search field:

   CHANGEME
   

   The system displays 4 assertions that must be modified.

6. Change WS Fetch Tenant Information (the ChangeMe variables). The necessary values usually exist in the chsConfig.properties file on the Secure Proxy Server in this location:

   /opt/CA/secure-proxy/Tomcat/webapps/chs/WEB-INF/classes/config
   

   Note: The password in the config file is encrypted, but it has the decrypted value in the fragment.

   #Provide hostname and port of the deployed tenant-services application
   

   For example: tenantwebservicebaseurl=http://west_ex:9090/tenant-services/cm/tenantws

   #Provide shared secret key to authenticate client by tenant-services application
   

   Supply a clear text password, when prompted by Layer 7.

   #Provide tenant-services configuration Id
   

   For example: configurationid=tenantwebservice

   #connection time out in milliseconds. The value zero means timeout of infinity. 
   #default value is 30 seconds if no value specified
   

   For example:connection_timeout=30000

7. For each of the 4 assertions, double-click to supply these values for the context variables:
   • For tws.shared_secret, supply the unencrypted password for TWS.
   • For context variable tws.base_url, supply the base URL for TWS.
   • For context variable tws.configuration_id, supply the configuration ID for TWS
   • For context variable tws.tenant_name, supply the name of the tenant.
8. For each of the 4 assertions, click OK to close prompt.
9. Click Save and Activate.