For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.


Configure IBM WebSphere DataPower as the OAuth authorization server


Overview

The MobileFirst security framework is built around an authorization server that implements the OAuth protocol, and exposes the OAuth endpoints with which the client interacts. MobileFirst Server implements custom security logic and advanced security features on top of the authorization server. By default, MobileFirst Server functions also as the OAuth authorization server. However, we can configure IBM® WebSphere® DataPower® (DataPower) to act as the authorization server, and interact with MobileFirst Server. This design provides you with enhanced flexibility in setting up production topologies, for example, deploying the DataPower authorization server in the DMZ.

Note: The basic building blocks of the security framework (security checks and challenge handlers) are unaffected by this mode. The behavior of the building blocks is the same regardless of whether the authorization server is MobileFirst Server or DataPower.

The integration of the MobileFirst security framework with DataPower as the authorization server is achieved by using the provided MobileFirst DataPower pattern file, dp-external-az-pattern.zip. We can get this file from the IBM MobileFirst™ Platform Operations Console: from the console Dashboard, select Download Center, and then select the Tools tab. In the MobileFirst External Authorization Server Pattern section of the Tools tab, select Download and save the pattern to our preferred location..

To use DataPower as the authorization server, deploy the provided pattern to our DataPower appliance and configure MobileFirst Server to interact with DataPower as the authorization server, as outlined in the following procedure.

Note: When using DataPower as the authorization server, configure client applications to connect to the DataPower appliance instead of connecting directly to MobileFirst Server. For example, in an iOS application, set the wlServerHost and wlServerPort properties in mfpclient.plist to the host IP address and port of the DataPower appliance. If you are using a self-signed SSL certificate for DataPower, you also need to import this certificate into the client application.


Procedure

Parent topic: MobileFirst security framework