Uninstalling Default Identity Provider (IdP)

The Default IdP is a temporary IdP until Corporate IdP is configured and required for all TIBCO Control Plane instances. For enhanced security and to free up idle resources running in your cluster, Default IdP can be uninstalled once the Corporate IdP is confirmed to be successfully integrated with TIBCO Control Plane.

Note: This is a non-revertible action and it cannot be undone. All default IdP related configurations and users' passwords are deleted.
Before you begin
  • You must have configured corporate IdP for all Control Planes and TIBCO Platform Console. You must have disabled default IdP for all users.
  • You must have Owner, IdP Manager, or Team Admin permission. For more information, see Permissions.
  • Ensure that kubectl is installed.
    Procedure
  1. Find the current installed version of platform-base:

    helm ls -A | grep platform-base
     
    Output:
    platform-base                   cp1-ns          2               2024-11-25 16:03:02.4285482 -0800 PST   deployed        platform-base-1.3.358           1.3.0-HF2

    For example, here the installed version is 1.3.358. Alternatively, you can fetch the chart version using the following command by using jq command-line JSON parser.

    helm ls -aA -o json | jq -r '.[] | select(.name=="platform-base") | .chart' | awk -F- '{print $NF}' 
     
    Output:
    1.3.358
     
    Note: this requires jq to be preinstalled on the machine.

    Use this platform-base chart version in the next step.

  2. Disable Default IdP component

    helm upgrade --install --reuse-values -n <namespace> platform-base platform-base --repo "https://tibcosoftware.github.io/tp-helm-charts" --version "<current_platform-base_chart_version>" --set tp-cp-core.identity-provider.enabled=false
    
    Note: Use the value obtained from step 1 for <current_platform-base_chart_version>.

    This will upgrade the platform-base chart to the same chart version but this will disable and delete all identity-provider pods and deployment.

  3. Confirm successful uninstall of the default IdP.

    kubectl get pods -n <namespace> | grep provider
     
    This should be empty
     
    kubectl get deployment -n <namespace> | grep provider
     
    This should be empty