Uninstalling Default Identity Provider (IdP)

The Default IdP is a temporary IdP until Corporate IdP is configured and required for all TIBCO Control Plane instances. For enhanced security and to free up idle resources running in your cluster, Default IdP can be uninstalled once the Corporate IdP is confirmed to be successfully integrated with TIBCO Control Plane.

Note: This is a non-revertible action and it cannot be undone. All default IdP related configurations and users' passwords are deleted.

Before you begin

You must have configured corporate IdP for all control planes and TIBCO Platform Console. You must have disabled default IdP for all users.
You must have Owner, IdP Manager, or Team Admin permission. For more information, see Permissions.
Ensure that kubectl is installed.

Procedure

On the Configure IdP page, click Uninstall Default IdP. In your Kubernetes cluster, run the following commands.
Delete IdP deployment from the cluster.
```
kubectl delete deployment -n <namespace> tp-cp-identity-provider
```
This deletes one or more tp-cp-identity-provider pods, which might be running.

Delete IdP related secrets from the cluster.

kubectl delete secret -n <namespace> identity-provider-key-store-password

Delete security-certs job from the cluster.
```
kubectl delete jobs -n <namespace> tp-cp-core-security-certs
```
This deletes tp-cp-core-security-certs pod, which might be running.
Delete IdP related certs and keystores from EFS location. Locate the following certificate files on EFS and delete them:
- on-prem-idm.p12
- on-prem-idm.pem
- on-prem-idp.p12
- on-prem-idp.pem

Drop IdP tables.

DROP TABLE IF EXISTS DATA CASCADE;
DROP TABLE IF EXISTS ARCHIVED_DATA CASCADE;
DROP TABLE IF EXISTS SCHEMA_VERSION CASCADE;

Drop IdP Database.

DROP DATABASE IF EXISTS <CP_INSTANCE_ID>_defaultidpdb

To get the value for <CP_INSTANCE_ID>, run the following command.

kubectl get cm cp-env -n <namespace> -o yaml | grep CP_INSTANCE_ID

Did you find this helpful?

Yes No