Identity Cloud

Store client secrets in ESVs

To make your federation providers compatible with the promotion process, you must store the federation provider secrets for each of your environments in ESV secrets, set corresponding placeholders in your configuration, and promote the configuration to your environments.

Configure federation provider secrets in ESVs

Follow the instructions in Set up configuration placeholders to reference an ESV to configure your development, staging, and production environments:

Ensure that the IdP federation provider app for each environment is configured with a redirect URL. If you are using the same IdP federation provider app for your development, staging, and production environments, ensure that it is configured with all three redirect URLs.

Rotate a federation provider secret in an ESV

If you have set up Microsoft Azure or AD FS as a federation provider, you must create and use a new client secret before the old one expires. If the client secret is stored in an ESV, you can rotate it by creating a new secret version.

For your development, staging, or production environment:

  1. In the federation provider configured for the environment, create a new secret and make a note of it. Refer to Create a new federation provider secret.

  2. Add a new secret version to the ESV secret using the value of the new federation provider secret from the previous step. Refer to Update an ESV referenced by a configuration placeholder.

  3. Restart Identity Cloud services.

Create a new client secret

To create a new client secret:

Next step

Copyright © 2010-2023 ForgeRock, all rights reserved.