Part 2: Generating Application Credentials
Follow the steps below to generate the SaaS application credentials using Sentinel EMS Swagger documentation required to consume Cloud LM endpoints.
NOTE The steps performed in Swagger are useful for understanding the procedure of obtaining client\application credentials. For production, make sure you obtain client\application credentials from production environment.
In this step, you will retrieve the details of the identity provider that is used to verify the user identities. The IDP details include the token endpoint and realm. The SaaS applications need these details to get the access tokens for consuming Cloud LM licenses.
1.Log on to Sentinel EMS Swagger documentation using the URL shared by Thales.
2.From the navigation pane, select Identities & Access > Sentinel IDP > Get Identity Provider (IDP) Details.
3.In the Get Identity Provider (IDP) Details, click Try It Out.
4.Click Execute.
You've configured the IDP details containing the tokenEndpoint and realm, which is required to generate an access token. Now, let's proceed to generate an access token.
1.From the navigation pane, select Identities & Access > OAuth Client > Search Clients.
2.In the Search Clients page, click the 
icon. This displays an Authorization dialog box.
3.In the user name and password fields, enter the Sentinel EMS credentials provided by Thales.
4.In the client_id field, enter the public client mentioned in the Authorization dialog. That is, ems-scl-public-client.
5.Leave the client_secret field empty.
6.Click Set Credentials.
This sets the EMS credentials to access the token service APIs.
In Sentinel EMS Swagger documentation, an access token is generated automatically and no explicit steps are required. However, for invoking client id and client secret endpoints from an application, you need to explicitly generate an access token. You will need the following to proceed with generating an access token:
| Elements | Description |
|---|---|
| Username and password | Sentinel EMS credentials provided by Thales. |
| Client ID | Specifies the public client. Set the value of this field to ems-scl-public-client. |
| Token URL |
Includes a tokenEndpoint and realm (highlighted in the sample token URL below), which are available in the IDP details.
Sample Token URL:
Refer, Step 1 to obtain tokenEndpoint and realm to build the token URL. Both these values are dynamic, therefore, ensure to update the URL by replacing the highlighted values retrieved from IDP details. |
You've set the EMS credentials to access the token service APIs. Next, you'll obtain the client ID.
1.From the navigation pane, select Identities & Access > OAuth Client > Search Clients.
2.In the Search Clients page, click Try It Out.
3.Click Execute.
4.Under the Current Response section, you'll see the id and clientId recieved in the Response body.
You've obtained the client ID. Now, copy the id from the Response body section and proceed to get the client secret.
1.From the navigation pane, select Identities & Access > OAuth Client > Get Client Secret.
2.In the Get Client Secret page, click Try It Out.
3.In the id field, paste the id value received in
Step 3.
4.Click Execute.
Now, you've obtained the client secret and can proceed to consume a license.