VIP AuthHub - Multiple tenants in AuthHub
search cancel

VIP AuthHub - Multiple tenants in AuthHub

book

Article ID: 267671

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction

A tenant has been created using the following SYSTEM API:

https://{{sspMgmtHost}}/system/admin/v1/Tenants

Response

{

    "tenant": {

        "tenantName": "mytenant",

        "tenantId": "2f02bc5b-wdr56-#############",

        "masterKey": "enF2ddds############",

        "status": "Active",

        "vanityHost": "",

        "vanityHosts": []

    },

    "clients": {

        "DefaultTenantClient": {

            "clientId": "2323233455-4a2a-################",

            "clientSecret": "dssdsdd33-a3b2-###############"

        }

    }

}

Above API has created tenant client id and secret. Can you suggest how to use this tenant instead of default tenant?

After following these steps it is giving error as Invalid Client id.

API request:

https://<ssp_Host>/mytenant/oauth2/v1/token

Request header – client id and secret created from Tenants.

 

Environment

Release : 2.2.x

VIP Authentication Hub

Resolution

Once you create the Tenant , you will get the DefaultTenantClient  clientID and ClientSecret

POST --> https://{{sspMgmtHost}}/system/admin/v1/Tenants

{
    "tenant": {
        "tenantName": "newtenant",
        "tenantId": "8de703bc-609f-4c5d##########",
        "masterKey": "Vmh2##########",
        "vanityHost": "<Vanity Host>",
        "status": "Active"
    },
    "clients": {
        "DemoClient": {
            "clientId": "b4654b88-1326#######################",
            "clientSecret": "1b01ebd4-#######################"
        },
        "DefaultTenantClient": {
           "clientId": "b3c2f708-2405-.......................",
           "clientSecret": "98141a10-023b-........................."
        }
    }
}
 

If you run POSTMAN from other tenant setting and just changing the Tenantanme in URL , then you will get the Invalid Cleint ID in the response 

What you need to do is duplicate your POSTMAN API collections and in the SetEnvironment 

you need to update the below 
 
// Tenant
pm.environment.set("apiPathTenant", "newtenant");
 
In addition , you need to update the following by using the clientID and Secret from the Tenant creation response
 
// kubectl get secret ${RELEASENAME}-ssp-secret-defaulttenantclient -n ${NAMESPACE} -o jsonpath="{.data.clientId}" | base64 --decode; echo
pm.environment.set("defaultTenantClientID", "b3c2f708-2405-42ab#############");
//kubectl get secret ${RELEASENAME}-ssp-secret-defaulttenantclient -n ${NAMESPACE} -o jsonpath="{.data.clientSecret}" | base64 --decode; echo
pm.environment.set("defaultTenantClientSecret", "98141a10-023b-41f3-###############");
 
 

Once done save and export your Variables and you should be able to run the below API with the new client name 

POST --> https://{{sspHost}}/joenewtenant/oauth2/v1/token 

Response 

{

    "access_token": "eyJ4NXQjUzI1NiI6InVxcWtaNVhMRHgtYT######################",
    "token_type": "Bearer",
    "expires_in": 3600
}