OAuth

This feature enables web applications to integrate OAuth 2.0 for authenticating and authorizing users.

Enable this feature

To enable the OAuth feature, add the following element declaration inside the featureManager element in the server.xml file:

<feature>oauth-2.0</feature>

Developing a feature that depends on this feature

If we are developing a feature that depends on the OAuth feature, include the following item in the Subsystem-Content header in the feature manifest file for the new feature:

com.ibm.websphere.appserver.oauth-2.0; type="osgi.subsystem.feature"

Features that this feature enables

• Application Security 2.0

• Distributed Map interface for Dynamic Caching

• JavaScript Object Notation for Java

• JavaServer Pages 2.2

• LDAP User Registry

• Java Servlets 3.0

• Secure Socket Layer

Features that enable this feature

• OpenID Connect Client

• OpenID Connect Provider

API packages provided by this feature

• com.ibm.oauth.core.api.attributes

• com.ibm.oauth.core.api.config

• com.ibm.oauth.core.api.error

• com.ibm.oauth.core.api.error.oauth20

• com.ibm.oauth.core.api.oauth20.mediator

• com.ibm.wsspi.security.oauth20.token

Feature configuration elements

We can use the following elements in the server.xml file to configure the OAuth feature:

• administrator-role

  • group

  • user

• authCache

• authentication

• authorization-roles

  • security-role

    • group

    • special-subject

    • user

• basicRegistry

  • group

    • member

  • user

• classloading

• jaasLoginContextEntry

• jaasLoginModule

  • library

    • file

    • fileset

    • folder

  • options

• library

  • file

  • fileset

  • folder

• ltpa

• oauth-roles

  • authenticated

    • group

    • special-subject

    • user

  • clientManager

    • group

    • special-subject

    • user

• oauthProvider

  • autoAuthorizeClient

  • databaseStore

    • dataSource

      • connectionManager

      • containerAuthData

      • jdbcDriver

        • library

          • file

          • fileset

          • folder

      • properties

      • properties.datadirect.sqlserver

      • properties.db2.i.native

      • properties.db2.i.toolbox

      • properties.db2.jcc

      • properties.derby.client

      • properties.derby.embedded

      • properties.informix

      • properties.informix.jcc

      • properties.microsoft.sqlserver

      • properties.oracle

      • properties.sybase

      • recoveryAuthData

  • grantType

  • jwtGrantType

  • library

    • file

    • fileset

    • folder

  • localStore

    • client

      • functionalUserGroupIds

      • grantTypes

      • postLogoutRedirectUris

      • redirect

      • responseTypes

  • mediatorClassname

• quickStartSecurity

• trustAssociation

  • interceptors

    • library

      • file

      • fileset

      • folder

    • properties

administrator-role

A collection of users and/or groups assigned the server administrator role.

administrator-role > group

Description: Group assigned a role.

Required: false

Data type: string

administrator-role > user

Description: User assigned a role.

Required: false

Data type: string

authCache

Controls the operation of the authentication cache.

Attribute name	Data type	Default value	Description
allowBasicAuthLookup	boolean	true	Allow lookup by user ID and hashed password.
initialSize	int Minimum: 1	50	Initial number of entries supported by the authentication cache.
maxSize	int Minimum: 1	25000	Maximum number of entries supported by the authentication cache.
timeout	A period of time with millisecond precision	600s	Amount of time after which an entry in the cache will be removed. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

authentication

Controls the built-in authentication service configuration.

Attribute name	Data type	Default value	Description
allowHashtableLoginWithIdOnly	boolean	false	Allow an application to login with just an identity in the hashtable properties. Use this option only when we have applications that require this and have other means to validate the identity.
cacheEnabled	boolean	true	Enables the authentication cache.

authorization-roles

A collection of role names and mappings of the roles to users, groups, or special subjects

Attribute name	Data type	Default value	Description
id	string		A unique configuration ID.

authorization-roles > security-role

Description: A role that is mapped to users and groups in a user registry.

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	string		Role name.

authorization-roles > security-role > group

Description: Group that has the security role.

Required: false

Data type:

Attribute name	Data type	Default value	Description
access-id	string		A group access ID in the general form group:realmName/groupUniqueId. A value will be generated if one is not specified.
name	string		Name of a group that has the security role.

authorization-roles > security-role > special-subject

Description: Special subject that has the security role.

Required: false

Data type:

Attribute name	Data type	Default value	Description
type	EVERYONE ALL_AUTHENTICATED_USERS		One of the following special subject types: ALL_AUTHENTICATED_USERS, EVERYONE. EVERYONE All users for every request, even if the request was not authenticated. ALL_AUTHENTICATED_USERS All authenticated users.

authorization-roles > security-role > user

Description: User who has the security role.

Required: false

Data type:

Attribute name	Data type	Default value	Description
access-id	string		A user access ID in the general form user:realmName/userUniqueId. A value will be generated if one is not specified.
name	string		Name of a user who has the security role.

basicRegistry

A simple XML-based user registry.

Attribute name	Data type	Default value	Description
id	string		A unique configuration ID.
ignoreCaseForAuthentication	boolean	false	Allow case-insensitive user name authentication.
realm	string	BasicRegistry	The realm name represents the user registry.

basicRegistry > group

Description: A group in a Basic User Registry.

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	string		Name of a group in a Basic User Registry.

basicRegistry > group > member

Description: A member of a Basic User Registry group.

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	string		Name of a user in a Basic User Registry group.

basicRegistry > user

Description: A user in a Basic User Registry.

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	string		Name of a user in a Basic User Registry.
password	One way hashable, or reversably encoded password (string)		Password of a user in a Basic User Registry. Stored in clear text or encoded form. It is recommended that you encode the password. To do so, use the securityUtility tool with the encode option.

classloading

Global classloading

Attribute name	Data type	Default value	Description
useJarUrls	boolean	false	Whether to use jar: or wsjar: URLs for referencing files in archives

jaasLoginContextEntry

The JAAS login context entry configuration.

Attribute name	Data type	Default value	Description
id	string		A unique configuration ID.
loginModuleRef	List of references to top level jaasLoginModule elements (comma-separated string).	hashtable,userNameAndPassword,certificate,token	A reference to the ID of a JAAS login module.
name	string		Name of a JAAS configuration entry.

jaasLoginModule

A login module in the JAAS configuration.

Attribute name	Data type	Default value	Description
className	string		Fully-qualified package name of the JAAS login module class.
controlFlag	SUFFICIENT REQUISITE REQUIRED OPTIONAL	REQUIRED	The login module's control flag. Valid values are REQUIRED, REQUISITE, SUFFICIENT, and OPTIONAL. SUFFICIENT This LoginModule is SUFFICIENT as per the JAAS specification. The LoginModule is not required to succeed. If authentication is successful, no other LoginModules will be called and control is returned to the caller. REQUISITE This LoginModule is REQUISITE as per the JAAS specification. The LoginModule is required to succeed. If authentication fails, no other LoginModules will be called and control is returned to the caller. REQUIRED This LoginModule is REQUIRED as per the JAAS specification. The LoginModule is required to succeed. OPTIONAL This LoginModule is OPTIONAL as per the JAAS specification. The LoginModule is not required to succeed.
id	string		A unique configuration ID.
libraryRef	A reference to top level library element (string).		A reference to the ID of the shared library configuration.

jaasLoginModule > library

Description: A reference to the ID of the shared library configuration.

Required: false

Data type:

Attribute name	Data type	Default value	Description
apiTypeVisibility	string	spec,ibm-api,api	The types of API package this library's class loader will be able to see, as a comma-separated list of any combination of the following: spec, ibm-api, api, third-party.
description	string		Description of shared library for administrators
filesetRef	List of references to top level fileset elements (comma-separated string).		Id of referenced Fileset
name	string		Name of shared library for administrators

jaasLoginModule > library > file

Description: Id of referenced File

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	Path to a file		Fully qualified filename

jaasLoginModule > library > fileset

Description: Id of referenced Fileset

Required: false

Data type:

Attribute name	Data type	Default value	Description
caseSensitive	boolean	true	Boolean to indicate whether or not the search should be case sensitive (default: true).
dir	Path to a directory	${server.config.dir}	The base directory to search for files.
excludes	string		The comma or space separated list of file name patterns to exclude from the search results, by default no files are excluded.
includes	string	*	The comma or space separated list of file name patterns to include in the search results (default: *).
scanInterval	A period of time with millisecond precision	0	Scanning interval to check the fileset for changes as a long with a time unit suffix h-hour, m-minute, s-second, ms-millisecond (e.g. 2ms or 5s). Disabled (scanInterval=0) by default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

jaasLoginModule > library > folder

Description: Id of referenced folder

Required: false

Data type:

Attribute name	Data type	Default value	Description
dir	Path to a directory		Directory or folder to be included in the library classpath for locating resource files

jaasLoginModule > options

Description: A collection of JAAS Login module options

Required: false

Data type:

library

Shared Library

Attribute name	Data type	Default value	Description
apiTypeVisibility	string	spec,ibm-api,api	The types of API package this library's class loader will be able to see, as a comma-separated list of any combination of the following: spec, ibm-api, api, third-party.
description	string		Description of shared library for administrators
filesetRef	List of references to top level fileset elements (comma-separated string).		Id of referenced Fileset
id	string		A unique configuration ID.
name	string		Name of shared library for administrators

library > file

Description: Id of referenced File

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	Path to a file		Fully qualified filename

library > fileset

Description: Id of referenced Fileset

Required: false

Data type:

Attribute name	Data type	Default value	Description
caseSensitive	boolean	true	Boolean to indicate whether or not the search should be case sensitive (default: true).
dir	Path to a directory	${server.config.dir}	The base directory to search for files.
excludes	string		The comma or space separated list of file name patterns to exclude from the search results, by default no files are excluded.
includes	string	*	The comma or space separated list of file name patterns to include in the search results (default: *).
scanInterval	A period of time with millisecond precision	0	Scanning interval to check the fileset for changes as a long with a time unit suffix h-hour, m-minute, s-second, ms-millisecond (e.g. 2ms or 5s). Disabled (scanInterval=0) by default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

library > folder

Description: Id of referenced folder

Required: false

Data type:

Attribute name	Data type	Default value	Description
dir	Path to a directory		Directory or folder to be included in the library classpath for locating resource files

ltpa

Lightweight Third Party Authentication (LTPA) token configuration.

Attribute name	Data type	Default value	Description
expiration	A period of time with minute precision	120m	Amount of time after which a token expires in minutes. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. We can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes.
keysFileName	Path to a file	${server.output.dir}/resources/security/ltpa.keys	Path of the file containing the token keys.
keysPassword	Reversably encoded password (string)	{xor}CDo9Hgw=	Password for the token keys. Stored in clear text or encoded form. It is recommended to encode the password, use the securityUtility tool with the encode option.
monitorInterval	A period of time with millisecond precision	0ms	Rate at which the server checks for updates to the LTPA token keys file. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

oauth-roles

OAuth web application security role map.

Attribute name	Data type	Default value	Description
id	string		A unique configuration ID.

oauth-roles > authenticated

Description: Security role for authorization code and token requests.

Required: false

Data type:

oauth-roles > authenticated > group

Description: Group that has the security role.

Required: false

Data type:

Attribute name	Data type	Default value	Description
access-id	string		A group access ID in the general form group:realmName/groupUniqueId. A value will be generated if one is not specified.
name	string		Name of a group that has the security role.

oauth-roles > authenticated > special-subject

Description: Special subject that has the security role.

Required: false

Data type:

Attribute name	Data type	Default value	Description
type	EVERYONE ALL_AUTHENTICATED_USERS		One of the following special subject types: ALL_AUTHENTICATED_USERS, EVERYONE. EVERYONE All users for every request, even if the request was not authenticated. ALL_AUTHENTICATED_USERS All authenticated users.

oauth-roles > authenticated > user

Description: User who has the security role.

Required: false

Data type:

Attribute name	Data type	Default value	Description
access-id	string		A user access ID in the general form user:realmName/userUniqueId. A value will be generated if one is not specified.
name	string		Name of a user who has the security role.

oauth-roles > clientManager

Description: Security role for client management requests.

Required: false

Data type:

oauth-roles > clientManager > group

Description: Group that has the security role.

Required: false

Data type:

Attribute name	Data type	Default value	Description
access-id	string		A group access ID in the general form group:realmName/groupUniqueId. A value will be generated if one is not specified.
name	string		Name of a group that has the security role.

oauth-roles > clientManager > special-subject

Description: Special subject that has the security role.

Required: false

Data type:

Attribute name	Data type	Default value	Description
type	EVERYONE ALL_AUTHENTICATED_USERS		One of the following special subject types: ALL_AUTHENTICATED_USERS, EVERYONE. EVERYONE All users for every request, even if the request was not authenticated. ALL_AUTHENTICATED_USERS All authenticated users.

oauth-roles > clientManager > user

Description: User who has the security role.

Required: false

Data type:

Attribute name	Data type	Default value	Description
access-id	string		A user access ID in the general form user:realmName/userUniqueId. A value will be generated if one is not specified.
name	string		Name of a user who has the security role.

oauthProvider

OAuth provider definition.

Attribute name	Data type	Default value	Description
accessTokenLength	long	40	Length of the generated OAuth access token. The equivalent provider parameter in the full application server profile is oauth20.access.token.length.
accessTokenLifetime	A period of time with second precision	7200	Time that access token is valid (seconds). The equivalent provider parameter in the full application server profile is oauth20.token.lifetime.seconds. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
allowPublicClients	boolean	false	A value of false disables the access of public clients as detailed in the OAuth specification. The equivalent provider parameter in the full application server profile is oauth20.allow.public.clients.
authorizationCodeLength	long	30	Length of the generated authorization code. The equivalent provider parameter in the full application server profile is oauth20.code.length.
authorizationCodeLifetime	A period of time with second precision	60	Authorization code lifetime (seconds). The equivalent provider parameter in the full application server profile is oauth20.code.lifetime.seconds. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
authorizationErrorTemplate	string		URL of a custom authorization error page template. The equivalent provider parameter in the full application server profile is oauth20.authorization.error.template.
authorizationFormTemplate	string	template.html	URL of a custom authorization page template. The equivalent provider parameter in the full application server profile is oauth20.authorization.form.template.
authorizationGrantLifetime	A period of time with second precision	604800	Authorization grant lifetime (seconds). The equivalent provider parameter in the full application server profile is oauth20.max.authorization.grant.lifetime.seconds. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
autoAuthorize	boolean	false	To use auto authorization, append the autoAuthorize parameter to requests with a value of true. The equivalent provider parameter in the full application server profile is oauth20.autoauthorize.param.
autoAuthorizeParam	string	autoauthz	To use auto authorization, append the autoAuthorize parameter to requests with a value of true. The equivalent provider parameter in the full application server profile is oauth20.autoauthorize.param.
certAuthentication	boolean	false	Enable the authentication of client certificate in the https request.
characterEncoding	string		Set request character encoding to this value. The equivalent provider parameter in the full application server profile is characterEncoding.
clientTokenCacheSize	long		Maximum number of entries in the client token cache.
clientURISubstitutions	string		Optional value to replace client URI strings for dynamic hostnames. The equivalent provider parameter in the full application server profile is oauth20.client.uri.substitutions.
consentCacheEntryLifetime	A period of time with second precision	1800	Time that an entry in the consent cache is valid (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
consentCacheSize	long Minimum: 0	1000	Maximum number of entries allowed in the consent cache.
coverageMapSessionMaxAge	A period of time with second precision	600	The max-age value (seconds) for the cache-control header of the coverage map service. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
customLoginURL	string	login.jsp	URL of a custom login page. The equivalent provider parameter in the full application server profile is oauth20.authorization.loginURL.
filter	string		URI filter selects requests to be authorized by this provider. The equivalent provider parameter in the full application server profile is Filter.
httpsRequired	boolean	true	SSL communication between the OAuth client and provider is required.
id	string		A unique configuration ID.
includeTokenInSubject	boolean	true	If the value is true, add the com.ibm.wsspi.security.oauth20.token.WSOAuth20Token as a private credential. The equivalent provider parameter in the full application server profile is includeToken.
issueRefreshToken	boolean	true	A value of false disables generation and the use of refresh tokens. The equivalent provider parameter in the full application server profile is oauth20.issue.refresh.token.
libraryRef	A reference to top level library element (string).		Reference to shared library containing the mediator plugin class.
oauthOnly	boolean	true	If the value is true, then requests matching the filter must have an access token or they will be failed. If false, then matching requests will be checked for other authentication data if no access token is present. The equivalent provider parameter in the full application server profile is oauthOnly.
refreshTokenLength	long	50	Length of generated refresh token. The equivalent provider parameter in the full application server profile is oauth20.refresh.token.length.
userClientTokenLimit	long		Token limit for each user and client combination.

oauthProvider > autoAuthorizeClient

Description: Name of a client that is allowed to use auto authorization. The equivalent provider parameter in the full application server profile is oauth20.autoauthorize.clients.

Required: false

Data type: string

oauthProvider > databaseStore

Description: Clients are defined and tokens are cached in the database.

Required: false

Data type:

Attribute name	Data type	Default value	Description
cleanupExpiredTokenInterval	A period of time with second precision	3600	Expired token cleanup interval (seconds). The equivalent provider parameter in the full application server profile is oauthjdbc.CleanupInterval. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
dataSourceRef	A reference to top level dataSource element (string).		Reference to the data source for the store.
password	Reversably encoded password (string)		Password used to access the database.
user	string		User

oauthProvider > databaseStore > dataSource

Description: Reference to the data source for the store.

Required: false

Data type:

Attribute name	Data type	Default value	Description
beginTranForResultSetScrollingAPIs	boolean	true	Attempt transaction enlistment when result set scrolling interfaces are used.
beginTranForVendorAPIs	boolean	true	Attempt transaction enlistment when vendor interfaces are used.
commitOrRollbackOnCleanup	commit rollback		Determines how to clean up connections that might be in a database unit of work (AutoCommit=false) when the connection is closed or returned to the pool. commit Clean up the connection by committing. rollback Clean up the connection by rolling back.
connectionManagerRef	A reference to top level connectionManager element (string).		Connection manager for a data source.
connectionSharing	MatchOriginalRequest MatchCurrentState	MatchOriginalRequest	Specifies how connections are matched for sharing. MatchOriginalRequest When sharing connections, match based on the original connection request. MatchCurrentState When sharing connections, match based on the current state of the connection.
containerAuthDataRef	A reference to top level authData element (string).		Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER.
isolationLevel	TRANSACTION_REPEATABLE_READ TRANSACTION_READ_COMMITTED TRANSACTION_SERIALIZABLE TRANSACTION_READ_UNCOMMITTED TRANSACTION_SNAPSHOT		Default transaction isolation level. TRANSACTION_REPEATABLE_READ Dirty reads and non-repeatable reads are prevented; phantom reads can occur. TRANSACTION_READ_COMMITTED Dirty reads are prevented; non-repeatable reads and phantom reads can occur. TRANSACTION_SERIALIZABLE Dirty reads, non-repeatable reads and phantom reads are prevented. TRANSACTION_READ_UNCOMMITTED Dirty reads, non-repeatable reads and phantom reads can occur. TRANSACTION_SNAPSHOT Snapshot isolation for Microsoft SQL Server JDBC Driver and DataDirect Connect for JDBC driver.
jdbcDriverRef	A reference to top level jdbcDriver element (string).		JDBC driver for a data source.
jndiName	string		JNDI name for a data source.
queryTimeout	A period of time with second precision		Default query timeout for SQL statements. In a JTA transaction, syncQueryTimeoutWithTransactionTimeout can override this default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
recoveryAuthDataRef	A reference to top level authData element (string).		Authentication data for transaction recovery.
statementCacheSize	int Minimum: 0	10	Maximum number of cached statements per connection.
supplementalJDBCTrace	boolean		Supplements the JDBC driver trace that is logged when JDBC driver trace is enabled in bootstrap.properties. JDBC driver trace specifications include: com.ibm.ws.database.logwriter, com.ibm.ws.db2.logwriter, com.ibm.ws.derby.logwriter, com.ibm.ws.informix.logwriter, com.ibm.ws.oracle.logwriter, com.ibm.ws.sqlserver.logwriter, com.ibm.ws.sybase.logwriter.
syncQueryTimeoutWithTransactionTimeout	boolean	false	Use the time remaining (if any) in a JTA transaction as the default query timeout for SQL statements.
transactional	boolean	true	Enable participation in transactions managed by the application server.
type	javax.sql.DataSource javax.sql.XADataSource javax.sql.ConnectionPoolDataSource		Type of data source. javax.sql.DataSource javax.sql.DataSource javax.sql.XADataSource javax.sql.XADataSource javax.sql.ConnectionPoolDataSource javax.sql.ConnectionPoolDataSource

oauthProvider > databaseStore > dataSource > connectionManager

Description: Connection manager for a data source.

Required: false

Data type:

Attribute name	Data type	Default value	Description
agedTimeout	A period of time with second precision	-1	Amount of time before a physical connection can be discarded by pool maintenance. A value of -1 disables this timeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
connectionTimeout	A period of time with second precision	30s	Amount of time after which a connection request times out. A value of -1 disables this timeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
maxConnectionsPerThread	int Minimum: 0		Limits the number of open connections on each thread.
maxIdleTime	A period of time with second precision	30m	Amount of time after which an unused or idle connection can be discarded during pool maintenance, if doing so does not reduce the pool below the minimum size. A value of -1 disables this timeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
maxPoolSize	int Minimum: 0	50	Maximum number of physical connections for a pool. A value of 0 means unlimited.
minPoolSize	int Minimum: 0		Minimum number of physical connections to maintain in the pool. The pool is not pre-populated. Aged timeout can override the minimum.
numConnectionsPerThreadLocal	int Minimum: 0		Caches the specified number of connections for each thread.
purgePolicy	ValidateAllConnections FailingConnectionOnly EntirePool	EntirePool	Specifies which connections to destroy when a stale connection is detected in a pool. ValidateAllConnections When a stale connection is detected, connections are tested and those found to be bad are closed. FailingConnectionOnly When a stale connection is detected, only the connection which was found to be bad is closed. EntirePool When a stale connection is detected, all connections in the pool are marked stale, and when no longer in use, are closed.
reapTime	A period of time with second precision	3m	Amount of time between runs of the pool maintenance thread. A value of -1 disables pool maintenance. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.

oauthProvider > databaseStore > dataSource > containerAuthData

Description: Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER.

Required: false

Data type:

Attribute name	Data type	Default value	Description
password	Reversably encoded password (string)		Password of the user to use when connecting to the EIS. Stored in clear text or encoded form. It is recommended that you encode the password. To do so, use the securityUtility tool with the encode option.
user	string		Name of the user to use when connecting to the EIS.

oauthProvider > databaseStore > dataSource > jdbcDriver

Description: JDBC driver for a data source.

Required: false

Data type:

Attribute name	Data type	Default value	Description
javax.sql.ConnectionPoolDataSource	string		JDBC driver implementation of javax.sql.ConnectionPoolDataSource.
javax.sql.DataSource	string		JDBC driver implementation of javax.sql.DataSource.
javax.sql.XADataSource	string		JDBC driver implementation of javax.sql.XADataSource.
libraryRef	A reference to top level library element (string).		Identifies JDBC driver JARs and native files.

oauthProvider > databaseStore > dataSource > jdbcDriver > library

Description: Identifies JDBC driver JARs and native files.

Required: false

Data type:

Attribute name	Data type	Default value	Description
apiTypeVisibility	string	spec,ibm-api,api	The types of API package this library's class loader will be able to see, as a comma-separated list of any combination of the following: spec, ibm-api, api, third-party.
description	string		Description of shared library for administrators
filesetRef	List of references to top level fileset elements (comma-separated string).		Id of referenced Fileset
name	string		Name of shared library for administrators

oauthProvider > databaseStore > dataSource > jdbcDriver > library > file

Description: Id of referenced File

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	Path to a file		Fully qualified filename

oauthProvider > databaseStore > dataSource > jdbcDriver > library > fileset

Description: Id of referenced Fileset

Required: false

Data type:

Attribute name	Data type	Default value	Description
caseSensitive	boolean	true	Boolean to indicate whether or not the search should be case sensitive (default: true).
dir	Path to a directory	${server.config.dir}	The base directory to search for files.
excludes	string		The comma or space separated list of file name patterns to exclude from the search results, by default no files are excluded.
includes	string	*	The comma or space separated list of file name patterns to include in the search results (default: *).
scanInterval	A period of time with millisecond precision	0	Scanning interval to check the fileset for changes as a long with a time unit suffix h-hour, m-minute, s-second, ms-millisecond (e.g. 2ms or 5s). Disabled (scanInterval=0) by default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

oauthProvider > databaseStore > dataSource > jdbcDriver > library > folder

Description: Id of referenced folder

Required: false

Data type:

Attribute name	Data type	Default value	Description
dir	Path to a directory		Directory or folder to be included in the library classpath for locating resource files

oauthProvider > databaseStore > dataSource > properties

Description: List of JDBC vendor properties for the data source. For example, databaseName="dbname" serverName="localhost" portNumber="50000".

Required: false

Data type:

Attribute name	Data type	Default value	Description
URL	string		URL for connecting to the database.
databaseName	string		JDBC driver property: databaseName.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int		Port on which to obtain database connections.
serverName	string		Server where the database is running.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

oauthProvider > databaseStore > dataSource > properties.datadirect.sqlserver

Description: Data source properties for the DataDirect Connect for JDBC driver for Microsoft SQL Server.

Required: false

Data type:

Attribute name	Data type	Default value	Description
JDBCBehavior	1 0	0	JDBC driver property: JDBCBehavior. Values are: 0 (JDBC 4.0) or 1 (JDBC 3.0). 1 JDBC 3.0 0 JDBC 4.0
XATransactionGroup	string		JDBC driver property: XATransactionGroup.
XMLDescribeType	longvarbinary longvarchar		JDBC driver property: XMLDescribeType. longvarbinary longvarbinary longvarchar longvarchar
accountingInfo	string		JDBC driver property: accountingInfo.
alternateServers	string		JDBC driver property: alternateServers.
alwaysReportTriggerResults	boolean		JDBC driver property: alwaysReportTriggerResults.
applicationName	string		JDBC driver property: applicationName.
authenticationMethod	ntlm userIdPassword kerberos auto		JDBC driver property: authenticationMethod. ntlm ntlm userIdPassword userIdPassword kerberos kerberos auto auto
bulkLoadBatchSize	long		JDBC driver property: bulkLoadBatchSize.
bulkLoadOptions	long		JDBC driver property: bulkLoadOptions.
clientHostName	string		JDBC driver property: clientHostName.
clientUser	string		JDBC driver property: clientUser.
codePageOverride	string		JDBC driver property: codePageOverride.
connectionRetryCount	int		JDBC driver property: connectionRetryCount.
connectionRetryDelay	A period of time with second precision		JDBC driver property: connectionRetryDelay. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
convertNull	int		JDBC driver property: convertNull.
databaseName	string		JDBC driver property: databaseName.
dateTimeInputParameterType	dateTime dateTimeOffset auto		JDBC driver property: dateTimeInputParameterType. dateTime dateTime dateTimeOffset dateTimeOffset auto auto
dateTimeOutputParameterType	dateTime dateTimeOffset auto		JDBC driver property: dateTimeOutputParameterType. dateTime dateTime dateTimeOffset dateTimeOffset auto auto
describeInputParameters	describeIfString noDescribe describeIfDateTime describeAll		JDBC driver property: describeInputParameters. describeIfString describeIfString noDescribe noDescribe describeIfDateTime describeIfDateTime describeAll describeAll
describeOutputParameters	describeIfString noDescribe describeIfDateTime describeAll		JDBC driver property: describeOutputParameters. describeIfString describeIfString noDescribe noDescribe describeIfDateTime describeIfDateTime describeAll describeAll
enableBulkLoad	boolean		JDBC driver property: enableBulkLoad.
enableCancelTimeout	boolean		JDBC driver property: enableCancelTimeout.
encryptionMethod	loginSSL requestSSL SSL noEncryption		JDBC driver property: encryptionMethod. loginSSL loginSSL requestSSL requestSSL SSL SSL noEncryption noEncryption
failoverGranularity	disableIntegrityCheck atomicWithRepositioning nonAtomic atomic		JDBC driver property: failoverGranularity. disableIntegrityCheck disableIntegrityCheck atomicWithRepositioning atomicWithRepositioning nonAtomic nonAtomic atomic atomic
failoverMode	connect select extended		JDBC driver property: failoverMode. connect connect select select extended extended
failoverPreconnect	boolean		JDBC driver property: failoverPreconnect.
hostNameInCertificate	string		JDBC driver property: hostNameInCertificate.
initializationString	string		JDBC driver property: initializationString.
insensitiveResultSetBufferSize	int		JDBC driver property: insensitiveResultSetBufferSize.
javaDoubleToString	boolean		JDBC driver property: javaDoubleToString.
loadBalancing	boolean		JDBC driver property: loadBalancing.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
longDataCacheSize	int Minimum: -1		JDBC driver property: longDataCacheSize.
netAddress	string		JDBC driver property: netAddress.
packetSize	int Minimum: -1 Maximum: 128		JDBC driver property: packetSize.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	1433	Port on which to obtain database connections.
queryTimeout	A period of time with second precision		JDBC driver property: queryTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
resultsetMetaDataOptions	int		JDBC driver property: resultsetMetaDataOptions.
selectMethod	direct cursor		JDBC driver property: selectMethod. direct direct cursor cursor
serverName	string	localhost	Server where the database is running.
snapshotSerializable	boolean		JDBC driver property: snapshotSerializable.
spyAttributes	string		JDBC driver property: spyAttributes.
stringInputParameterType	varchar nvarchar	varchar	JDBC driver property: stringInputParameterType. varchar varchar nvarchar nvarchar
stringOutputParameterType	varchar nvarchar	varchar	JDBC driver property: stringOutputParameterType. varchar varchar nvarchar nvarchar
suppressConnectionWarnings	boolean		JDBC driver property: suppressConnectionWarnings.
transactionMode	explicit implicit		JDBC driver property: transactionMode. explicit explicit implicit implicit
truncateFractionalSeconds	boolean		JDBC driver property: truncateFractionalSeconds.
trustStore	string		JDBC driver property: trustStore.
trustStorePassword	Reversably encoded password (string)		JDBC driver property: trustStorePassword.
useServerSideUpdatableCursors	boolean		JDBC driver property: useServerSideUpdatableCursors.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.
validateServerCertificate	boolean		JDBC driver property: validateServerCertificate.

oauthProvider > databaseStore > dataSource > properties.db2.i.native

Description: Data source properties for the IBM DB2 for i Native JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
access	read only all read call	all	JDBC driver property: access. read only read only all all read call read call
autoCommit	boolean	true	JDBC driver property: autoCommit.
batchStyle	2.1 2.0	2.0	JDBC driver property: batchStyle. 2.1 2.1 2.0 2.0
behaviorOverride	int		JDBC driver property: behaviorOverride.
blockSize	512 128 0 32 64 16 8 256	32	JDBC driver property: blockSize. 512 512 128 128 0 0 32 32 64 64 16 16 8 8 256 256
cursorHold	boolean	false	JDBC driver property: cursorHold.
cursorSensitivity	asensitive sensitive	asensitive	JDBC driver property: cursorSensitivity. Values are: 0 (TYPE_SCROLL_SENSITIVE_STATIC), 1 (TYPE_SCROLL_SENSITIVE_DYNAMIC), 2 (TYPE_SCROLL_ASENSITIVE). asensitive asensitive sensitive sensitive
dataTruncation	string	true	JDBC driver property: dataTruncation.
databaseName	string	*LOCAL	JDBC driver property: databaseName.
dateFormat	dmy iso eur ymd julian jis usa mdy		JDBC driver property: dateFormat. dmy dmy iso iso eur eur ymd ymd julian julian jis jis usa usa mdy mdy
dateSeparator	\, b . / -		JDBC driver property: dateSeparator. \, The comma character (,). b The character b . The period character (.). / The forward slash character (/). - The dash character (-).
decimalSeparator	\, .		JDBC driver property: decimalSeparator. \, The comma character (,). . The period character (.).
directMap	boolean	true	JDBC driver property: directMap.
doEscapeProcessing	boolean	true	JDBC driver property: doEscapeProcessing.
fullErrors	boolean		JDBC driver property: fullErrors.
libraries	string		JDBC driver property: libraries.
lobThreshold	int Maximum: 500000	0	JDBC driver property: lobThreshold.
lockTimeout	A period of time with second precision	0	JDBC driver property: lockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
maximumPrecision	31 63	31	JDBC driver property: maximumPrecision. 31 31 63 63
maximumScale	int Minimum: 0 Maximum: 63	31	JDBC driver property: maximumScale.
minimumDivideScale	int Minimum: 0 Maximum: 9	0	JDBC driver property: minimumDivideScale.
networkProtocol	int		JDBC driver property: networkProtocol.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int		Port on which to obtain database connections.
prefetch	boolean	true	JDBC driver property: prefetch.
queryOptimizeGoal	2 1	2	JDBC driver property: queryOptimizeGoal. Values are: 1 (*FIRSTIO) or 2 (*ALLIO). 2 *ALLIO 1 *FIRSTIO
reuseObjects	boolean	true	JDBC driver property: reuseObjects.
serverName	string		Server where the database is running.
serverTraceCategories	int	0	JDBC driver property: serverTraceCategories.
systemNaming	boolean	false	JDBC driver property: systemNaming.
timeFormat	iso eur jis usa hms		JDBC driver property: timeFormat. iso iso eur eur jis jis usa usa hms hms
timeSeparator	\, b : .		JDBC driver property: timeSeparator. \, The comma character (,). b The character b : The colon character (:). . The period character (.).
trace	boolean		JDBC driver property: trace.
transactionTimeout	A period of time with second precision	0	JDBC driver property: transactionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
translateBinary	boolean	false	JDBC driver property: translateBinary.
translateHex	binary character	character	JDBC driver property: translateHex. binary binary character character
useBlockInsert	boolean	false	JDBC driver property: useBlockInsert.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

oauthProvider > databaseStore > dataSource > properties.db2.i.toolbox

Description: Data source properties for the IBM DB2 for i Toolbox JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
access	read only all read call	all	JDBC driver property: access. read only read only all all read call read call
behaviorOverride	int		JDBC driver property: behaviorOverride.
bidiImplicitReordering	boolean	true	JDBC driver property: bidiImplicitReordering.
bidiNumericOrdering	boolean	false	JDBC driver property: bidiNumericOrdering.
bidiStringType	int		JDBC driver property: bidiStringType.
bigDecimal	boolean	true	JDBC driver property: bigDecimal.
blockCriteria	2 1 0	2	JDBC driver property: blockCriteria. Values are: 0 (no record blocking), 1 (block if FOR FETCH ONLY is specified), 2 (block if FOR UPDATE is specified). 2 2 1 1 0 0
blockSize	512 128 0 32 64 16 8 256	32	JDBC driver property: blockSize. 512 512 128 128 0 0 32 32 64 64 16 16 8 8 256 256
cursorHold	boolean	false	JDBC driver property: cursorHold.
cursorSensitivity	asensitive sensitive insensitive	asensitive	JDBC driver property: cursorSensitivity. Values are: 0 (TYPE_SCROLL_SENSITIVE_STATIC), 1 (TYPE_SCROLL_SENSITIVE_DYNAMIC), 2 (TYPE_SCROLL_ASENSITIVE). asensitive asensitive sensitive sensitive insensitive insensitive
dataCompression	boolean	true	JDBC driver property: dataCompression.
dataTruncation	boolean	true	JDBC driver property: dataTruncation.
databaseName	string		JDBC driver property: databaseName.
dateFormat	dmy iso eur ymd julian jis usa mdy		JDBC driver property: dateFormat. dmy dmy iso iso eur eur ymd ymd julian julian jis jis usa usa mdy mdy
dateSeparator	\, . / -		JDBC driver property: dateSeparator. The space character ( ). \, The comma character (,). . The period character (.). / The forward slash character (/). - The dash character (-).
decimalSeparator	\, .		JDBC driver property: decimalSeparator. \, The comma character (,). . The period character (.).
driver	toolbox native	toolbox	JDBC driver property: driver. toolbox toolbox native native
errors	full basic	basic	JDBC driver property: errors. full full basic basic
extendedDynamic	boolean	false	JDBC driver property: extendedDynamic.
extendedMetaData	boolean	false	JDBC driver property: extendedMetaData.
fullOpen	boolean	false	JDBC driver property: fullOpen.
holdInputLocators	boolean	true	JDBC driver property: holdInputLocators.
holdStatements	boolean	false	JDBC driver property: holdStatements.
isolationLevelSwitchingSupport	boolean	false	JDBC driver property: isolationLevelSwitchingSupport.
keepAlive	boolean		JDBC driver property: keepAlive.
lazyClose	boolean	false	JDBC driver property: lazyClose.
libraries	string		JDBC driver property: libraries.
lobThreshold	int Minimum: 0 Maximum: 16777216	0	JDBC driver property: lobThreshold.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
maximumPrecision	31 63	31	JDBC driver property: maximumPrecision. 31 31 63 64
maximumScale	int Minimum: 0 Maximum: 63	31	JDBC driver property: maximumScale.
metaDataSource	int Minimum: 0 Maximum: 1	1	JDBC driver property: metaDataSource.
minimumDivideScale	int Minimum: 0 Maximum: 9	0	JDBC driver property: minimumDivideScale.
naming	system sql	sql	JDBC driver property: naming. system system sql sql
package	string		JDBC driver property: package.
packageAdd	boolean	true	JDBC driver property: packageAdd.
packageCCSID	13488 1200	13488	JDBC driver property: packageCCSID. Values are: 1200 (UCS-2) or 13488 (UTF-16). 13488 13488 (UTF-16) 1200 1200 (UCS-2)
packageCache	boolean	false	JDBC driver property: packageCache.
packageCriteria	default select	default	JDBC driver property: packageCriteria. default default select select
packageError	exception none warning	warning	JDBC driver property: packageError. exception exception none none warning warning
packageLibrary	string	QGPL	JDBC driver property: packageLibrary.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
prefetch	boolean	true	JDBC driver property: prefetch.
prompt	boolean	false	JDBC driver property: prompt.
proxyServer	string		JDBC driver property: proxyServer.
qaqqiniLibrary	string		JDBC driver property: qaqqiniLibrary.
queryOptimizeGoal	int Minimum: 0 Maximum: 2	0	JDBC driver property: queryOptimizeGoal. Values are: 1 (*FIRSTIO) or 2 (*ALLIO).
receiveBufferSize	int Minimum: 1		JDBC driver property: receiveBufferSize.
remarks	system sql	system	JDBC driver property: remarks. system system sql sql
rollbackCursorHold	boolean	false	JDBC driver property: rollbackCursorHold.
savePasswordWhenSerialized	boolean	false	JDBC driver property: savePasswordWhenSerialized.
secondaryUrl	string		JDBC driver property: secondaryUrl.
secure	boolean	false	JDBC driver property: secure.
sendBufferSize	int Minimum: 1		JDBC driver property: sendBufferSize.
serverName	string		Server where the database is running.
serverTraceCategories	int	0	JDBC driver property: serverTraceCategories.
soLinger	A period of time with second precision		JDBC driver property: soLinger. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
soTimeout	A period of time with millisecond precision		JDBC driver property: soTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
sort	hex table language	hex	JDBC driver property: sort. hex hex table table language language
sortLanguage	string		JDBC driver property: sortLanguage.
sortTable	string		JDBC driver property: sortTable.
sortWeight	unqiue shared		JDBC driver property: sortWeight. unqiue unique shared shared
tcpNoDelay	boolean		JDBC driver property: tcpNoDelay.
threadUsed	boolean	true	JDBC driver property: threadUsed.
timeFormat	iso eur jis usa hms		JDBC driver property: timeFormat. iso iso eur eur jis jis usa usa hms hms
timeSeparator	\, : .		JDBC driver property: timeSeparator. The space character ( ). \, The comma character (,). : The colon character (:). . The period character (.).
toolboxTrace	diagnostic information conversion error thread proxy none datastream pcml all jdbc warning		JDBC driver property: toolboxTrace. diagnostic diagnostic information information conversion conversion error error thread thread proxy proxy none none datastream datastream pcml pcml all all jdbc jdbc warning warning
trace	boolean		JDBC driver property: trace.
translateBinary	boolean	false	JDBC driver property: translateBinary.
translateBoolean	boolean	true	JDBC driver property: translateBoolean.
translateHex	binary character	character	JDBC driver property: translateHex. binary binary character character
trueAutoCommit	boolean	false	JDBC driver property: trueAutoCommit.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.
xaLooselyCoupledSupport	int Minimum: 0 Maximum: 1	0	JDBC driver property: xaLooselyCoupledSupport.

oauthProvider > databaseStore > dataSource > properties.db2.jcc

Description: Data source properties for the IBM Data Server Driver for JDBC and SQLJ for DB2.

Required: false

Data type:

Attribute name	Data type	Default value	Description
activateDatabase	int		JDBC driver property: activateDatabase.
alternateGroupDatabaseName	string		JDBC driver property: alternateGroupDatabaseName.
alternateGroupPortNumber	string		JDBC driver property: alternateGroupPortNumber.
alternateGroupServerName	string		JDBC driver property: alternateGroupServerName.
blockingReadConnectionTimeout	A period of time with second precision		JDBC driver property: blockingReadConnectionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
clientAccountingInformation	string		JDBC driver property: clientAccountingInformation.
clientApplicationInformation	string		JDBC driver property: clientApplicationInformation.
clientRerouteServerListJNDIName	string		JDBC driver property: clientRerouteServerListJNDIName.
clientUser	string		JDBC driver property: clientUser.
clientWorkstation	string		JDBC driver property: clientWorkstation.
connectionCloseWithInFlightTransaction	2 1		JDBC driver property: connectionCloseWithInFlightTransaction. 2 CONNECTION_CLOSE_WITH_ROLLBACK 1 CONNECTION_CLOSE_WITH_EXCEPTION
currentAlternateGroupEntry	int		JDBC driver property: currentAlternateGroupEntry.
currentFunctionPath	string		JDBC driver property: currentFunctionPath.
currentLocaleLcCtype	string		JDBC driver property: currentLocaleLcCtype.
currentLockTimeout	A period of time with second precision		JDBC driver property: currentLockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
currentPackagePath	string		JDBC driver property: currentPackagePath.
currentPackageSet	string		JDBC driver property: currentPackageSet.
currentSQLID	string		JDBC driver property: currentSQLID.
currentSchema	string		JDBC driver property: currentSchema.
cursorSensitivity	2 1 0		JDBC driver property: cursorSensitivity. Values are: 0 (TYPE_SCROLL_SENSITIVE_STATIC), 1 (TYPE_SCROLL_SENSITIVE_DYNAMIC), 2 (TYPE_SCROLL_ASENSITIVE). 2 TYPE_SCROLL_ASENSITIVE 1 TYPE_SCROLL_SENSITIVE_DYNAMIC 0 TYPE_SCROLL_SENSITIVE_STATIC
databaseName	string		JDBC driver property: databaseName.
deferPrepares	boolean	true	JDBC driver property: deferPrepares.
driverType	2 4	4	JDBC driver property: driverType. 2 Type 2 JDBC driver. 4 Type 4 JDBC driver.
enableAlternateGroupSeamlessACR	boolean		JDBC driver property: enableAlternateGroupSeamlessACR.
enableClientAffinitiesList	2 1		JDBC driver property: enableClientAffinitiesList. Values are: 1 (YES) or 2 (NO). 2 NO 1 YES
enableExtendedDescribe	2 1		JDBC driver property: enableExtendedDescribe. 2 NO 1 YES
enableExtendedIndicators	2 1		JDBC driver property: enableExtendedIndicators. 2 NO 1 YES
enableNamedParameterMarkers	2 1		JDBC driver property: enableNamedParameterMarkers. Values are: 1 (YES) or 2 (NO). 2 NO 1 YES
enableSeamlessFailover	2 1		JDBC driver property: enableSeamlessFailover. Values are: 1 (YES) or 2 (NO). 2 NO 1 YES
enableSysplexWLB	boolean		JDBC driver property: enableSysplexWLB.
fetchSize	int		JDBC driver property: fetchSize.
fullyMaterializeInputStreams	boolean		JDBC driver property: fullyMaterializeInputStreams.
fullyMaterializeInputStreamsOnBatchExecution	2 1		JDBC driver property: fullyMaterializeInputStreamsOnBatchExecution. 2 NO 1 YES
fullyMaterializeLobData	boolean		JDBC driver property: fullyMaterializeLobData.
implicitRollbackOption	2 1 0		JDBC driver property: implicitRollbackOption. 2 IMPLICIT_ROLLBACK_OPTION_CLOSE_CONNECTION 1 IMPLICIT_ROLLBACK_OPTION_NOT_CLOSE_CONNECTION 0 IMPLICIT_ROLLBACK_OPTION_NOT_SET
interruptProcessingMode	2 1 0		JDBC driver property: interruptProcessingMode. 2 INTERRUPT_PROCESSING_MODE_CLOSE_SOCKET 1 INTERRUPT_PROCESSING_MODE_STATEMENT_CANCEL 0 INTERRUPT_PROCESSING_MODE_DISABLED
keepAliveTimeOut	A period of time with second precision		JDBC driver property: keepAliveTimeOut. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
keepDynamic	int		JDBC driver property: keepDynamic.
kerberosServerPrincipal	string		JDBC driver property: kerberosServerPrincipal.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
maxConnCachedParamBufferSize	int		JDBC driver property: maxConnCachedParamBufferSize.
maxRetriesForClientReroute	int		JDBC driver property: maxRetriesForClientReroute.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	50000	Port on which to obtain database connections.
profileName	string		JDBC driver property: profileName.
queryCloseImplicit	2 1		JDBC driver property: queryCloseImplicit. Values are: 1 (QUERY_CLOSE_IMPLICIT_YES) or 2 (QUERY_CLOSE_IMPLICIT_NO). 2 QUERY_CLOSE_IMPLICIT_NO 1 QUERY_CLOSE_IMPLICIT_YES
queryDataSize	int Minimum: 4096 Maximum: 65535		JDBC driver property: queryDataSize.
queryTimeoutInterruptProcessingMode	2 1		JDBC driver property: queryTimeoutInterruptProcessingMode. 2 INTERRUPT_PROCESSING_MODE_CLOSE_SOCKET 1 INTERRUPT_PROCESSING_MODE_STATEMENT_CANCEL
readOnly	boolean		JDBC driver property: readOnly.
recordTemporalHistory	2 1		JDBC driver property: recordTemporalHistory. 2 NO 1 YES
resultSetHoldability	2 1		JDBC driver property: resultSetHoldability. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). 2 CLOSE_CURSORS_AT_COMMIT 1 HOLD_CURSORS_OVER_COMMIT
resultSetHoldabilityForCatalogQueries	2 1		JDBC driver property: resultSetHoldabilityForCatalogQueries. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). 2 CLOSE_CURSORS_AT_COMMIT 1 HOLD_CURSORS_OVER_COMMIT
retrieveMessagesFromServerOnGetMessage	boolean	true	JDBC driver property: retrieveMessagesFromServerOnGetMessage.
retryIntervalForClientReroute	A period of time with second precision		JDBC driver property: retryIntervalForClientReroute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
securityMechanism	3 7 4 15 9 16 13 11 12		JDBC driver property: securityMechanism. Values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY), 11 (KERBEROS_SECURITY), 12 (ENCRYPTED_USER_AND_DATA_SECURITY"), (ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY"), 15 (PLUGIN_SECURITY), 16 (ENCRYPTED_USER_ONLY_SECURITY). 3 CLEAR_TEXT_PASSWORD_SECURITY 7 ENCRYPTED_PASSWORD_SECURITY 4 USER_ONLY_SECURITY 15 PLUGIN_SECURITY 9 ENCRYPTED_USER_AND_PASSWORD_SECURITY 16 ENCRYPTED_USER_ONLY_SECURITY 13 ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY 11 KERBEROS_SECURITY 12 ENCRYPTED_USER_AND_DATA_SECURITY
sendDataAsIs	boolean		JDBC driver property: sendDataAsIs.
serverName	string	localhost	Server where the database is running.
sessionTimeZone	string		JDBC driver property: sessionTimeZone.
sqljCloseStmtsWithOpenResultSet	boolean		JDBC driver property: sqljCloseStmtsWithOpenResultSet.
sqljEnableClassLoaderSpecificProfiles	boolean		JDBC driver property: sqljEnableClassLoaderSpecificProfiles.
sslConnection	boolean		JDBC driver property: sslConnection.
streamBufferSize	int		JDBC driver property: streamBufferSize.
stripTrailingZerosForDecimalNumbers	2 1		JDBC driver property: stripTrailingZerosForDecimalNumbers. 2 NO 1 YES
sysSchema	string		JDBC driver property: sysSchema.
timerLevelForQueryTimeOut	2 1 -1		JDBC driver property: timerLevelForQueryTimeOut. 2 QUERYTIMEOUT_CONNECTION_LEVEL 1 QUERYTIMEOUT_STATEMENT_LEVEL -1 QUERYTIMEOUT_DISABLED
traceDirectory	string		JDBC driver property: traceDirectory.
traceFile	string		JDBC driver property: traceFile.
traceFileAppend	boolean		JDBC driver property: traceFileAppend.
traceFileCount	int		JDBC driver property: traceFileCount.
traceFileSize	int		JDBC driver property: traceFileSize.
traceLevel	int	0	Bitwise combination of the following constant values: TRACE_NONE=0, TRACE_CONNECTION_CALLS=1, TRACE_STATEMENT_CALLS=2, TRACE_RESULT_SET_CALLS=4, TRACE_DRIVER_CONFIGURATION=16, TRACE_CONNECTS=32, TRACE_DRDA_FLOWS=64, TRACE_RESULT_SET_META_DATA=128, TRACE_PARAMETER_META_DATA=256, TRACE_DIAGNOSTICS=512, TRACE_SQLJ=1024, TRACE_META_CALLS=8192, TRACE_DATASOURCE_CALLS=16384, TRACE_LARGE_OBJECT_CALLS=32768, TRACE_SYSTEM_MONITOR=131072, TRACE_TRACEPOINTS=262144, TRACE_ALL=-1.
traceOption	1 0		JDBC driver property: traceOption 1 1 0 0
translateForBitData	2 1		JDBC driver property: translateForBitData. 2 SERVER_ENCODING_REPRESENTATION 1 HEX_REPRESENTATION
updateCountForBatch	2 1		JDBC driver property: updateCountForBatch. 2 TOTAL_UPDATE_COUNT 1 NO_UPDATE_COUNT
useCachedCursor	boolean		JDBC driver property: useCachedCursor.
useIdentityValLocalForAutoGeneratedKeys	boolean		JDBC driver property: useIdentityValLocalForAutoGeneratedKeys.
useJDBC41DefinitionForGetColumns	2 1		JDBC driver property: useJDBC41DefinitionForGetColumns. 2 NO 1 YES
useJDBC4ColumnNameAndLabelSemantics	2 1		JDBC driver property: useJDBC4ColumnNameAndLabelSemantics. Values are: 1 (YES) or 2 (NO). 2 NO 1 YES
useTransactionRedirect	boolean		JDBC driver property: useTransactionRedirect.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.
xaNetworkOptimization	boolean		JDBC driver property: xaNetworkOptimization.

oauthProvider > databaseStore > dataSource > properties.derby.client

Description: Data source properties for Derby Network Client JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
connectionAttributes	string		JDBC driver property: connectionAttributes.
createDatabase	false create		JDBC driver property: createDatabase. false Do not automatically create the database. create When the first connection is established, automatically create the database if it doesn't exist.
databaseName	string		JDBC driver property: databaseName.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	1527	Port on which to obtain database connections.
retrieveMessageText	boolean	true	JDBC driver property: retrieveMessageText.
securityMechanism	3 7 4 9 8	3	JDBC driver property: securityMechanism. Values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 8 (STRONG_PASSWORD_SUBSTITUTE_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY). 3 CLEAR_TEXT_PASSWORD_SECURITY 7 ENCRYPTED_PASSWORD_SECURITY 4 USER_ONLY_SECURITY 9 ENCRYPTED_USER_AND_PASSWORD_SECURITY 8 STRONG_PASSWORD_SUBSTITUTE_SECURITY
serverName	string	localhost	Server where the database is running.
shutdownDatabase	false shutdown		JDBC driver property: shutdownDatabase. false Do not shut down the database. shutdown Shut down the database when a connection is attempted.
ssl	basic off peerAuthentication		JDBC driver property: ssl. basic basic off off peerAuthentication peerAuthentication
traceDirectory	string		JDBC driver property: traceDirectory.
traceFile	string		JDBC driver property: traceFile.
traceFileAppend	boolean		JDBC driver property: traceFileAppend.
traceLevel	int		Bitwise combination of the following constant values: TRACE_NONE=0, TRACE_CONNECTION_CALLS=1, TRACE_STATEMENT_CALLS=2, TRACE_RESULT_SET_CALLS=4, TRACE_DRIVER_CONFIGURATION=16, TRACE_CONNECTS=32, TRACE_DRDA_FLOWS=64, TRACE_RESULT_SET_META_DATA=128, TRACE_PARAMETER_META_DATA=256, TRACE_DIAGNOSTICS=512, TRACE_XA_CALLS=2048, TRACE_ALL=-1.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

oauthProvider > databaseStore > dataSource > properties.derby.embedded

Description: Data source properties for Derby Embedded JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
connectionAttributes	string		JDBC driver property: connectionAttributes.
createDatabase	false create		JDBC driver property: createDatabase. false Do not automatically create the database. create When the first connection is established, automatically create the database if it doesn't exist.
databaseName	string		JDBC driver property: databaseName.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
shutdownDatabase	false shutdown		JDBC driver property: shutdownDatabase. false Do not shut down the database. shutdown Shut down the database when a connection is attempted.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

oauthProvider > databaseStore > dataSource > properties.informix

Description: Data source properties for the Informix JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
databaseName	string		JDBC driver property: databaseName.
ifxCLIENT_LOCALE	string		JDBC driver property: ifxCLIENT_LOCALE.
ifxCPMAgeLimit	A period of time with second precision		JDBC driver property: ifxCPMAgeLimit. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
ifxCPMInitPoolSize	int		JDBC driver property: ifxCPMInitPoolSize.
ifxCPMMaxConnections	int		JDBC driver property: ifxCPMMaxConnections.
ifxCPMMaxPoolSize	int		JDBC driver property: ifxCPMMaxPoolSize.
ifxCPMMinAgeLimit	A period of time with second precision		JDBC driver property: ifxCPMMinAgeLimit. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
ifxCPMMinPoolSize	int		JDBC driver property: ifxCPMMinPoolSize.
ifxCPMServiceInterval	A period of time with millisecond precision		JDBC driver property: ifxCPMServiceInterval. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
ifxDBANSIWARN	boolean		JDBC driver property: ifxDBANSIWARN.
ifxDBCENTURY	string		JDBC driver property: ifxDBCENTURY.
ifxDBDATE	string		JDBC driver property: ifxDBDATE.
ifxDBSPACETEMP	string		JDBC driver property: ifxDBSPACETEMP.
ifxDBTEMP	string		JDBC driver property: ifxDBTEMP.
ifxDBTIME	string		JDBC driver property: ifxDBTIME.
ifxDBUPSPACE	string		JDBC driver property: ifxDBUPSPACE.
ifxDB_LOCALE	string		JDBC driver property: ifxDB_LOCALE.
ifxDELIMIDENT	boolean		JDBC driver property: ifxDELIMIDENT.
ifxENABLE_TYPE_CACHE	boolean		JDBC driver property: ifxENABLE_TYPE_CACHE.
ifxFET_BUF_SIZE	int		JDBC driver property: ifxFET_BUF_SIZE.
ifxGL_DATE	string		JDBC driver property: ifxGL_DATE.
ifxGL_DATETIME	string		JDBC driver property: ifxGL_DATETIME.
ifxIFXHOST	string	localhost	JDBC driver property: ifxIFXHOST.
ifxIFX_AUTOFREE	boolean		JDBC driver property: ifxIFX_AUTOFREE.
ifxIFX_DIRECTIVES	string		JDBC driver property: ifxIFX_DIRECTIVES.
ifxIFX_LOCK_MODE_WAIT	A period of time with second precision	2s	JDBC driver property: ifxIFX_LOCK_MODE_WAIT. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
ifxIFX_SOC_TIMEOUT	A period of time with millisecond precision		JDBC driver property: ifxIFX_SOC_TIMEOUT. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
ifxIFX_USEPUT	boolean		JDBC driver property: ifxIFX_USEPUT.
ifxIFX_USE_STRENC	boolean		JDBC driver property: ifxIFX_USE_STRENC.
ifxIFX_XASPEC	string	y	JDBC driver property: ifxIFX_XASPEC.
ifxINFORMIXCONRETRY	int		JDBC driver property: ifxINFORMIXCONRETRY.
ifxINFORMIXCONTIME	A period of time with second precision		JDBC driver property: ifxINFORMIXCONTIME. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
ifxINFORMIXOPCACHE	string		JDBC driver property: ifxINFORMIXOPCACHE.
ifxINFORMIXSTACKSIZE	int		JDBC driver property: ifxINFORMIXSTACKSIZE.
ifxJDBCTEMP	string		JDBC driver property: ifxJDBCTEMP.
ifxLDAP_IFXBASE	string		JDBC driver property: ifxLDAP_IFXBASE.
ifxLDAP_PASSWD	string		JDBC driver property: ifxLDAP_PASSWD.
ifxLDAP_URL	string		JDBC driver property: ifxLDAP_URL.
ifxLDAP_USER	string		JDBC driver property: ifxLDAP_USER.
ifxLOBCACHE	int		JDBC driver property: ifxLOBCACHE.
ifxNEWCODESET	string		JDBC driver property: ifxNEWCODESET.
ifxNEWLOCALE	string		JDBC driver property: ifxNEWLOCALE.
ifxNODEFDAC	string		JDBC driver property: ifxNODEFDAC.
ifxOPTCOMPIND	string		JDBC driver property: ifxOPTCOMPIND.
ifxOPTOFC	string		JDBC driver property: ifxOPTOFC.
ifxOPT_GOAL	string		JDBC driver property: ifxOPT_GOAL.
ifxPATH	string		JDBC driver property: ifxPATH.
ifxPDQPRIORITY	string		JDBC driver property: ifxPDQPRIORITY.
ifxPLCONFIG	string		JDBC driver property: ifxPLCONFIG.
ifxPLOAD_LO_PATH	string		JDBC driver property: ifxPLOAD_LO_PATH.
ifxPROTOCOLTRACE	int		JDBC driver property: ifxPROTOCOLTRACE.
ifxPROTOCOLTRACEFILE	string		JDBC driver property: ifxPROTOCOLTRACEFILE.
ifxPROXY	string		JDBC driver property: ifxPROXY.
ifxPSORT_DBTEMP	string		JDBC driver property: ifxPSORT_DBTEMP.
ifxPSORT_NPROCS	boolean		JDBC driver property: ifxPSORT_NPROCS.
ifxSECURITY	string		JDBC driver property: ifxSECURITY.
ifxSQLH_FILE	string		JDBC driver property: ifxSQLH_FILE.
ifxSQLH_LOC	string		JDBC driver property: ifxSQLH_LOC.
ifxSQLH_TYPE	string		JDBC driver property: ifxSQLH_TYPE.
ifxSSLCONNECTION	string		JDBC driver property: ifxSSLCONNECTION.
ifxSTMT_CACHE	string		JDBC driver property: ifxSTMT_CACHE.
ifxTRACE	int		JDBC driver property: ifxTRACE.
ifxTRACEFILE	string		JDBC driver property: ifxTRACEFILE.
ifxTRUSTED_CONTEXT	string		JDBC driver property: ifxTRUSTED_CONTEXT.
ifxUSEV5SERVER	boolean		JDBC driver property: ifxUSEV5SERVER.
ifxUSE_DTENV	boolean		JDBC driver property: ifxUSE_DTENV.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	1526	Port on which to obtain database connections.
roleName	string		JDBC driver property: roleName.
serverName	string		Server where the database is running.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

oauthProvider > databaseStore > dataSource > properties.informix.jcc

Description: Data source properties for the IBM Data Server Driver for JDBC and SQLJ for Informix.

Required: false

Data type:

Attribute name	Data type	Default value	Description
DBANSIWARN	boolean		JDBC driver property: DBANSIWARN.
DBDATE	string		JDBC driver property: DBDATE.
DBPATH	string		JDBC driver property: DBPATH.
DBSPACETEMP	string		JDBC driver property: DBSPACETEMP.
DBTEMP	string		JDBC driver property: DBTEMP.
DBUPSPACE	string		JDBC driver property: DBUPSPACE.
DELIMIDENT	boolean		JDBC driver property: DELIMIDENT.
IFX_DIRECTIVES	ON OFF		JDBC driver property: IFX_DIRECTIVES. ON ON OFF OFF
IFX_EXTDIRECTIVES	ON OFF		JDBC driver property: IFX_EXTDIRECTIVES. ON ON OFF OFF
IFX_UPDDESC	string		JDBC driver property: IFX_UPDDESC.
IFX_XASTDCOMPLIANCE_XAEND	1 0		JDBC driver property: IFX_XASTDCOMPLIANCE_XAEND. 1 1 0 0
INFORMIXOPCACHE	string		JDBC driver property: INFORMIXOPCACHE.
INFORMIXSTACKSIZE	string		JDBC driver property: INFORMIXSTACKSIZE.
NODEFDAC	yes no		JDBC driver property: NODEFDAC. yes yes no no
OPTCOMPIND	2 1 0		JDBC driver property: OPTCOMPIND. 2 2 1 1 0 0
OPTOFC	1 0		JDBC driver property: OPTOFC. 1 1 0 0
PDQPRIORITY	HIGH LOW OFF		JDBC driver property: PDQPRIORITY. HIGH HIGH LOW LOW OFF OFF
PSORT_DBTEMP	string		JDBC driver property: PSORT_DBTEMP.
PSORT_NPROCS	string Maximum: 10		JDBC driver property: PSORT_NPROCS.
STMT_CACHE	1 0		JDBC driver property: STMT_CACHE. 1 1 0 0
currentLockTimeout	A period of time with second precision	2s	JDBC driver property: currentLockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
databaseName	string		JDBC driver property: databaseName.
deferPrepares	boolean		JDBC driver property: deferPrepares.
driverType	int	4	JDBC driver property: driverType.
enableNamedParameterMarkers	int		JDBC driver property: enableNamedParameterMarkers. Values are: 1 (YES) or 2 (NO).
enableSeamlessFailover	int		JDBC driver property: enableSeamlessFailover. Values are: 1 (YES) or 2 (NO).
enableSysplexWLB	boolean		JDBC driver property: enableSysplexWLB.
fetchSize	int		JDBC driver property: fetchSize.
fullyMaterializeLobData	boolean		JDBC driver property: fullyMaterializeLobData.
keepDynamic	int		JDBC driver property: keepDynamic.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	1526	Port on which to obtain database connections.
progressiveStreaming	2 1		JDBC driver property: progressiveStreaming. Values are: 1 (YES) or 2 (NO). 2 NO 1 YES
queryDataSize	int Minimum: 4096 Maximum: 10485760		JDBC driver property: queryDataSize.
resultSetHoldability	2 1		JDBC driver property: resultSetHoldability. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). 2 CLOSE_CURSORS_AT_COMMIT 1 HOLD_CURSORS_OVER_COMMIT
resultSetHoldabilityForCatalogQueries	2 1		JDBC driver property: resultSetHoldabilityForCatalogQueries. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). 2 CLOSE_CURSORS_AT_COMMIT 1 HOLD_CURSORS_OVER_COMMIT
retrieveMessagesFromServerOnGetMessage	boolean	true	JDBC driver property: retrieveMessagesFromServerOnGetMessage.
securityMechanism	3 7 4 9		JDBC driver property: securityMechanism. Values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY). 3 CLEAR_TEXT_PASSWORD_SECURITY 7 ENCRYPTED_PASSWORD_SECURITY 4 USER_ONLY_SECURITY 9 ENCRYPTED_USER_AND_PASSWORD_SECURITY
serverName	string	localhost	Server where the database is running.
traceDirectory	string		JDBC driver property: traceDirectory.
traceFile	string		JDBC driver property: traceFile.
traceFileAppend	boolean		JDBC driver property: traceFileAppend.
traceLevel	int		Bitwise combination of the following constant values: TRACE_NONE=0, TRACE_CONNECTION_CALLS=1, TRACE_STATEMENT_CALLS=2, TRACE_RESULT_SET_CALLS=4, TRACE_DRIVER_CONFIGURATION=16, TRACE_CONNECTS=32, TRACE_DRDA_FLOWS=64, TRACE_RESULT_SET_META_DATA=128, TRACE_PARAMETER_META_DATA=256, TRACE_DIAGNOSTICS=512, TRACE_SQLJ=1024, TRACE_META_CALLS=8192, TRACE_DATASOURCE_CALLS=16384, TRACE_LARGE_OBJECT_CALLS=32768, TRACE_SYSTEM_MONITOR=131072, TRACE_TRACEPOINTS=262144, TRACE_ALL=-1.
useJDBC4ColumnNameAndLabelSemantics	int		JDBC driver property: useJDBC4ColumnNameAndLabelSemantics. Values are: 1 (YES) or 2 (NO).
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

oauthProvider > databaseStore > dataSource > properties.microsoft.sqlserver

Description: Data source properties for Microsoft SQL Server JDBC Driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
URL	string		URL for connecting to the database. Example: jdbc:sqlserver://localhost:1433;databaseName=myDB.
applicationIntent	ReadOnly ReadWrite		JDBC driver property: applicationIntent. ReadOnly ReadOnly ReadWrite ReadWrite
applicationName	string		JDBC driver property: applicationName.
authenticationScheme	NativeAuthentication JavaKerberos		JDBC driver property: authenticationScheme. NativeAuthentication NativeAuthentication JavaKerberos JavaKerberos
databaseName	string		JDBC driver property: databaseName.
encrypt	boolean		JDBC driver property: encrypt.
failoverPartner	string		JDBC driver property: failoverPartner.
hostNameInCertificate	string		JDBC driver property: hostNameInCertificate.
instanceName	string		JDBC driver property: instanceName.
integratedSecurity	boolean		JDBC driver property: integratedSecurity.
lastUpdateCount	boolean		JDBC driver property: lastUpdateCount.
lockTimeout	A period of time with millisecond precision		JDBC driver property: lockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
multiSubnetFailover	boolean		JDBC driver property: multiSubnetFailover.
packetSize	int Minimum: 512 Maximum: 32767		JDBC driver property: packetSize.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	1433	Port on which to obtain database connections.
responseBuffering	full adaptive		JDBC driver property: responseBuffering. full full adaptive adaptive
selectMethod	direct cursor		JDBC driver property: selectMethod. direct direct cursor cursor
sendStringParametersAsUnicode	boolean	false	JDBC driver property: sendStringParametersAsUnicode.
sendTimeAsDatetime	boolean		JDBC driver property: sendTimeAsDatetime.
serverName	string	localhost	Server where the database is running.
trustServerCertificate	boolean		JDBC driver property: trustServerCertificate.
trustStore	string		JDBC driver property: trustStore.
trustStorePassword	Reversably encoded password (string)		JDBC driver property: trustStorePassword.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.
workstationID	string		JDBC driver property: workstationID.
xopenStates	boolean		JDBC driver property: xopenStates.

oauthProvider > databaseStore > dataSource > properties.oracle

Description: Data source properties for Oracle JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
ONSConfiguration	string		JDBC driver property: ONSConfiguration.
TNSEntryName	string		JDBC driver property: TNSEntryName.
URL	string		URL for connecting to the database. Examples: jdbc:oracle:thin:@//localhost:1521/sample or jdbc:oracle:oci:@//localhost:1521/sample.
connectionProperties	string		JDBC driver property: connectionProperties.
databaseName	string		JDBC driver property: databaseName.
driverType	oci thin	thin	JDBC driver property: driverType. oci oci thin thin
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
networkProtocol	string		JDBC driver property: networkProtocol.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	1521	Port on which to obtain database connections.
serverName	string	localhost	Server where the database is running.
serviceName	string		JDBC driver property: serviceName.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

oauthProvider > databaseStore > dataSource > properties.sybase

Description: Data source properties for Sybase JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
SERVER_INITIATED_TRANSACTIONS	false true	false	JDBC driver property: SERVER_INITIATED_TRANSACTIONS. false false true true
connectionProperties	string	SELECT_OPENS_CURSOR=true	JDBC driver property: connectionProperties.
databaseName	string		JDBC driver property: databaseName.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
networkProtocol	SSL socket		JDBC driver property: networkProtocol. SSL SSL socket socket
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	5000	Port on which to obtain database connections.
resourceManagerName	string		JDBC driver property: resourceManagerName.
serverName	string	localhost	Server where the database is running.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.
version	int		JDBC driver property: version.

oauthProvider > databaseStore > dataSource > recoveryAuthData

Description: Authentication data for transaction recovery.

Required: false

Data type:

Attribute name	Data type	Default value	Description
password	Reversably encoded password (string)		Password of the user to use when connecting to the EIS. Stored in clear text or encoded form. It is recommended that you encode the password. To do so, use the securityUtility tool with the encode option.
user	string		Name of the user to use when connecting to the EIS.

oauthProvider > grantType

Description: An access token grant type (as detailed in the OAuth specification) that is allowed for the provider. The equivalent provider parameter in the full application server profile is oauth20.grant.types.allowed.

Required: false

Data type: string

oauthProvider > jwtGrantType

Description: The grant_type for JWT Token handler

Required: false

Data type:

Attribute name	Data type	Default value	Description
clockSkew	A period of time with second precision	300s	The time difference allowed between OpenID Connect Client and OpenID Connect Provider systems when they are not synchronized. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
iatRequired	boolean	false	The iat claim in a jwt token is required.
maxJtiCacheSize	long Minimum: 1	10000	The maximum size of cache, which keeps jti data of jwt token, to prevent the jti from being reused.
tokenMaxLifetime	A period of time with second precision	7200s	The time indicates the maximum lifetime of an alive jwt token since its issued-at-time. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.

oauthProvider > library

Description: Reference to shared library containing the mediator plugin class.

Required: false

Data type:

Attribute name	Data type	Default value	Description
apiTypeVisibility	string	spec,ibm-api,api	The types of API package this library's class loader will be able to see, as a comma-separated list of any combination of the following: spec, ibm-api, api, third-party.
description	string		Description of shared library for administrators
filesetRef	List of references to top level fileset elements (comma-separated string).		Id of referenced Fileset
name	string		Name of shared library for administrators

oauthProvider > library > file

Description: Id of referenced File

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	Path to a file		Fully qualified filename

oauthProvider > library > fileset

Description: Id of referenced Fileset

Required: false

Data type:

Attribute name	Data type	Default value	Description
caseSensitive	boolean	true	Boolean to indicate whether or not the search should be case sensitive (default: true).
dir	Path to a directory	${server.config.dir}	The base directory to search for files.
excludes	string		The comma or space separated list of file name patterns to exclude from the search results, by default no files are excluded.
includes	string	*	The comma or space separated list of file name patterns to include in the search results (default: *).
scanInterval	A period of time with millisecond precision	0	Scanning interval to check the fileset for changes as a long with a time unit suffix h-hour, m-minute, s-second, ms-millisecond (e.g. 2ms or 5s). Disabled (scanInterval=0) by default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

oauthProvider > library > folder

Description: Id of referenced folder

Required: false

Data type:

Attribute name	Data type	Default value	Description
dir	Path to a directory		Directory or folder to be included in the library classpath for locating resource files

oauthProvider > localStore

Description: Clients are defined in server.xml and tokens are cached in the server.

Required: false

Data type:

Attribute name	Data type	Default value	Description
tokenStoreSize	long	2000	Token store size

oauthProvider > localStore > client

Description: OAuth client definition. Only clients defined here can access the provider.

Required: false

Data type:

Attribute name	Data type	Default value	Description
applicationType	native web	web	The type of application best describing the client. native native web web
displayname	string		Display name of the client.
enabled	boolean	true	Client is enabled if true, disabled if false.
functionalUserId	string		A user identifier to be associated with access tokens obtained by this client using the client credentials grant type. When this client parameter is specified, the value is returned in the functional_user_id response parameter from the introspect endpoint.
introspectTokens	boolean	false	Boolean value specifying whether the client is allowed to access the introspection endpoint to introspect tokens issued by the authorization server.
name	string		Name of the client (sometimes referred to as the Id).
preAuthorizedScope	string		Space separated list of scope values that the client can use when requesting access tokens that are deemed to have been pre-approved by the resource owner and therefore does not require the resource owner's consent.
scope	string		Specify by spaces the list of scopes of the client.
secret	Reversably encoded password (string)		Secret key of the client.
sessionManaged	boolean	false	Boolean indicating whether the client participates in OpenID session management.
subjectType	public		Subject type requested for response to this client. public public
tokenEndpointAuthMethod	client_secret_post none client_secret_basic	client_secret_basic	The requested authentication method for the token endpoint of the client. client_secret_post client_secret_post none none client_secret_basic client_secret_basic

oauthProvider > localStore > client > functionalUserGroupIds

Description: A list of group ids to be to be associated with access tokens obtained by this client using the client credentials grant type. When this client parameter is specified, the value is returned in the functional_user_groupIds response parameter from the introspect endpoint.

Required: false

Data type: string

oauthProvider > localStore > client > grantTypes

Description: Grant types the client may use.

Required: false

Data type:

oauthProvider > localStore > client > postLogoutRedirectUris

Description: Array of URLs supplied by the RP to which it may request that the end-user's user agent be redirected using the post_logout_redirect_uri parameter after a logout has been performed.

Required: false

Data type: string

oauthProvider > localStore > client > redirect

Description: Array of redirect URIs for use in redirect-based flows such as the authorization code and implicit grant types of the client. The first redirect URI is used as a default, when none is specified in a request.

Required: false

Data type: string

oauthProvider > localStore > client > responseTypes

Description: Response types the client may use.

Required: false

Data type:

oauthProvider > mediatorClassname

Description: Mediator plugin class name. The equivalent provider parameter in the full application server profile is oauth20.mediator.classnames.

Required: false

Data type: string

quickStartSecurity

Simple administrative security configuration.

Attribute name	Data type	Default value	Description
userName	string		Single user defined as part of the quick start security configuration. This user is granted the Administrator role.
userPassword	Reversably encoded password (string)		Password for the single user defined as part of the quick start security configuration. It is recommended that you encode this password. To do so, use the securityUtility tool with the encode option.

trustAssociation

Controls the operation of the trust association interceptor (TAI).

Attribute name	Data type	Default value	Description
failOverToAppAuthType	boolean	false	Allow an interceptor to fall back to the application authentication mechanism.
id	string		A unique configuration ID.
invokeForUnprotectedURI	boolean	false	Controls whether the TAI is invoked for an unprotected URI.

trustAssociation > interceptors

Description: Defines a trust association interceptor.

Required: false

Data type:

Attribute name	Data type	Default value	Description
className	string		Fully-qualified package name of the interceptor class.
enabled	boolean	true	Enables or disables the interceptor.
invokeAfterSSO	boolean	false	Invoke an interceptor after single sign-on (SSO).
invokeBeforeSSO	boolean	true	Invoke an interceptor before single sign-on (SSO).
libraryRef	A reference to top level library element (string).		A reference to the ID of the shared library configuration.

trustAssociation > interceptors > library

Description: A reference to the ID of the shared library configuration.

Required: false

Data type:

Attribute name	Data type	Default value	Description
apiTypeVisibility	string	spec,ibm-api,api	The types of API package this library's class loader will be able to see, as a comma-separated list of any combination of the following: spec, ibm-api, api, third-party.
description	string		Description of shared library for administrators
filesetRef	List of references to top level fileset elements (comma-separated string).		Id of referenced Fileset
name	string		Name of shared library for administrators

trustAssociation > interceptors > library > file

Description: Id of referenced File

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	Path to a file		Fully qualified filename

trustAssociation > interceptors > library > fileset

Description: Id of referenced Fileset

Required: false

Data type:

Attribute name	Data type	Default value	Description
caseSensitive	boolean	true	Boolean to indicate whether or not the search should be case sensitive (default: true).
dir	Path to a directory	${server.config.dir}	The base directory to search for files.
excludes	string		The comma or space separated list of file name patterns to exclude from the search results, by default no files are excluded.
includes	string	*	The comma or space separated list of file name patterns to include in the search results (default: *).
scanInterval	A period of time with millisecond precision	0	Scanning interval to check the fileset for changes as a long with a time unit suffix h-hour, m-minute, s-second, ms-millisecond (e.g. 2ms or 5s). Disabled (scanInterval=0) by default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

trustAssociation > interceptors > library > folder

Description: Id of referenced folder

Required: false

Data type:

Attribute name	Data type	Default value	Description
dir	Path to a directory		Directory or folder to be included in the library classpath for locating resource files

trustAssociation > interceptors > properties

Description: Collection of properties for the interceptor.

Required: false

Data type: