4.8.4 Post-Installation Steps for NodePort
For all installation types, if you are using nodeport as oppose to ingress, you must update the OAuth client with the relevant redirect URLs. Perform the following steps:
- Find the URLs for the
spui
,oaa-admin-ui
, andfido
pods as described in Printing Deployment Details, for example:AdminUrl=https://worker1.example.com:32701/oaa-admin SpuiUrl=https://worker1.example.com:32721/oaa/rui Fido=https://worker1.example.com:30414/fido
Note:
For OARM only installation, you only need to find the URL for theoaa-admin-ui
pod. - Encode the OAM administrator user and its password by using the
command:
For example:echo -n <username>:<password> | base64
This value should be used forecho -n weblogic:<password> | base64
<ENCODED_OAMADMIN>
in the examples below. - For OAA, OAA-OARM, and OAA-OARM-OUA installations, update the OAuth
Client using REST APIs as
follows:
curl --location --request PUT 'http://<OAuth_Host>:<OAuth_Port>/oam/services/rest/ssa/api/v1/oauthpolicyadmin/client?name=OAAClient' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic <ENCODED_OAMADMIN>' \ --data '{ "id": "OAAClient", "clientType": "PUBLIC_CLIENT", "idDomain": "OAADomain", "name": "OAAClient", "redirectURIs": [ { "url": "https://worker1.example.com:32701/oaa/rui", "isHttps": true }, { "url": "https://worker1.example.com:32701/oaa/rui/oidc/redirect", "isHttps": true }, { "url": "https://worker1.example.com:32721/oaa-admin", "isHttps": true }, { "url": "https://worker1.example.com:32721/oaa-admin/oidc/redirect", "isHttps": true }, { "url": "https://worker1.example.com:30414/fido", "isHttps": true }, { "url": "https://worker1.example.com:30414/fido/oidc/redirect", "isHttps": true } ] }'
Note: For details about the REST API see, REST API for OAuth in Oracle Access Manager
For OARM only installations, update the OAuth Client as follows:curl --location --request PUT 'http://<OAuth_Host>:<OAuth_Port>/oam/services/rest/ssa/api/v1/oauthpolicyadmin/client?name=OAAClient' \ --header 'Content-Type: application/json' \ --header 'Authorization: Basic <ENCODED_OAMADMIN>' \ --data '{ "id": "OAAClient", "clientType": "PUBLIC_CLIENT", "idDomain": "OAADomain", "name": "OAAClient", "redirectURIs": [ { "url": "https://worker1.example.com:32721/oaa-admin", "isHttps": true }, { "url": "https://worker1.example.com:32721/oaa-admin/oidc/redirect", "isHttps": true } ] }'