Registering a Tenant

You can register a tenant by setting the identity provider type to Oracle, PostgreSQL, LDAP, or EXTERNAL. Separate databases are created for each registered tenant’s user.

Tenant registration API is shown as follows:

This operation registers tenant information. This API can handle only single tenant registration at a time.

Method: HTTP POST

Endpoint:http://<host_address>:<port_address>/v1/tenant

 
Parameter Cardinality Description
X-API-AppId Mandatory The application ID is used for getting the user details.
X-API-Key Mandatory This key is used for getting the user details.

If you set the identity provider as Oracle or PostgreSQL, then you have to create separate databases for each tenant.

The following sample is shown for RelationalSchema (Postgres/Oracle) identityProviderType:

{
  "tenantId": "TIBCO",
  "clientId": "order",
  "clientSecret": "order",
  "identityProviderType": "POSTGRES",
  "supportAlgorithm": "HS256",
  "signingKey": "100f4c1f-f333-4c25-bd8c-e4809722b6a7",
  "relationalSchema": {
    "dataSourceURL": "jdbc:postgresql://localhost:5432/userdbll?currentSchema=userschemall",
    "dataSourceUserName": "userll",
    "dataSourcePassword": "userll"
  }
}

When you have set the identity provider as LDAP, all the users and their roles are maintained in some Directory service.

The following sample is shown for LDAP identityProviderType:

{
  "tenantId": "TIBCOLDAP",
  "clientId": "tibco-ldap-client",
  "clientSecret": "tibco-ldap-secret",
  "identityProviderType": "LDAP",
  "supportAlgorithm": "HS256",
  "signingKey": "100f4c1f-f333-4c25-bd8c-e4809722b6a7",
  "ldapSchema": {
    "ldapURLForDirectoryService": "string",
    "directoryServiceDomainName": "string",    "directoryServiceRootDistinguishedName": "string"
  }
}

When you have set identity provider as EXTERNAL, you do not have to use the Order Management's Authentication service for user authentication and token generation. As of now, we support Microsoft Azure Active-Directory as the external authentication service. Even when you have set the identity provider as EXTERNAL, the tenant information is still stored in the Order Management's Authentication service's relational database.

The following sample is shown for EXTERNAL identityProviderType:

{
  "tenantId": "string",
  "clientId": "string",
  "clientSecret": "string",
  "identityProviderType": "EXTERNAL",
  "signingKey": "100f4c1f-f333-4c25-bd8c-e4809722b6a7",
  "supportAlgorithm": "RS256",
  "jwkSetUrl": "string",
  "issuer": "string",
  "oidcSchema": {
    "authUrl": "string",
    "accessTokenUrl": "string",
    "scope": "string"
  }
}

Authorization service can generate a token for all tenants. Each tenant can have a different token algorithm. The following algorithms are supported:

  • HMAC (HS256, HS384, HS512)

  • RSA (RS256, RS384, RS512)

Order Management Authorization service generates token with HS256. All services can decode or handle any of the above algorithms.

Note:
  • Supported algorithms must match with one, which is used at the time of registration, This is used for validating tokens (Only in the case of RSA).

  • Issuer is validated during registration while validating the token.