OAuth TAI custom properties

(WAS v8.5.0.1)

OAuth TAI custom properties

The following tables list the custom properties for the OAuth TAI. We can define these properties in the custom properties panel for the OAuth TAI using the console.
To assign unique property names that identify each possible OAuth provider, a provider_<id> is embedded in the property name and used to group the properties associated with each provider. The provider_<id>s are numbered sequentially for each service provider.
The following table describes the OAuth TAI custom properties:

Property name Values Description
provider_<id>.name We can specify any string value.
Name of the OAuth provider. This value must be the same as the name of the provider configuration file, without the .xml file extension.
Required.
provider_<id>.filter This property does not have a default value.
Specify a condition, that is checked against the HTTP request, to determine whether the HTTP request is selected for processing by the OAuth service provider.
Required.

For more information about this property, see the OAuth TAI filter property section.
provider_<id>.oauthOnly We can specify one of the following values:

true (Default)

false

If a client request does not contain the OAuth credentials, such as an access token, this property specifies whether a resource protected by OAuth TAI is allowed to be started by other authentication mechanisms like basic authentication.
This property is optional.

If false, OAuth protected resources can be started by other authentication methods when OAuth authentication fails.

OAuth TAI filter property

The provider_<id>.filter OAuth TAI filter property is a required property used to specify resources that are protected by the OAuth provider.
The filter property specifies a set of conditions that are compared against the HTTP request of the client to select an OAuth provider for processing the HTTP request. Each condition is specified by three elements:

input required - the input element usually specifies an HTTP header name, but request-url and remote-address can also be used as special elements

operator - the operator element specifies one of the following values: ==, !=, %=, ^=, <, and >

comparison value - this element usually specifies a string, but IP address ranges are also allowed

The conditions are evaluated from left to right, as specified by the comparison value. If all the filter conditions specified by an OAuth provider are met in an HTTP request, the OAuth provider is selected for the HTTP request.
The input element identifies an HTTP request header field to extract from the request and its value is compared with the value specified in the filter property. If the header field that is identified by the input element is not present in the HTTP request, the condition is treated as not being met. Any of the standard HTTP request header fields can be used as the input element in the filter condition. See the HTTP specification for the list of valid headers.
In addition to the standard HTTP header fields, the following special input elements can be used in the filter property:

request-url - the comparison value of this input is compared against the URL address used by the client application to make the request

request-uri - this element is similar to request-url, but the query string contained in the request URL address is not used in the comparison

remote-address - the comparison value of this input is compared against the TCP/IP address of the client application that sent the HTTP request

Examples

In the following example, the filter property specifies an HTTP header field From as the input with oauthuser@xyz.com as the comparison value and == as the operator:
provider_1.filter=From==oauthuser@xyz.com
In this case, if a client request contains an HTTP header field From with a value of oauthuser@xyz.com, the OAuth TAI selects the provider of this provider_1 filter for processing the client request.
In the following example, the filter property specifies a URL with ivtlanding.jsp as the comparison value and %= as the operator:
provider_2.filter=request-url%=ivtlanding.jsp
In this case, if the URL of the protected application started by the client contains the string ivtlanding.jsp, the OAuth TAI selects the provider of this provider_2 filter for processing the client request.
In the following example, the filter property specifies an application name with DefaultApplication as the comparison value and == as the operator:
provider_3.filter=applicationNames==DefaultApplication
In this case, if the name of the target application started by the client application is DefaultApplication, the OAuth TAI selects the provider of this provider_3 filter for processing the client request.
The following table lists the different operators used in the filter property:

Operator Condition Example
== This operator specifies an exact match. The input element must be equal to the comparison value. From==jones@my.company.com
%= This operator specifies a partial match. The input element contains the comparison value. user-agent%=IE 6
^= The input element contains one of the comparison values. request-url^=urlApp1|urlApp2| urlApp3
!= The input element does not contain the comparison value. request-url!=SPNEGO
> The input element is greater than the comparison value. remote-address>192.168.255.130
< The input element is less than the comparison value. remote-address<192.168.255.135

Reference topic

Operator	Condition	Example
==	This operator specifies an exact match. The input element must be equal to the comparison value.	From==jones@my.company.com
%=	This operator specifies a partial match. The input element contains the comparison value.	user-agent%=IE 6
^=	The input element contains one of the comparison values.	request-url^=urlApp1\|urlApp2\| urlApp3
!=	The input element does not contain the comparison value.	request-url!=SPNEGO
>	The input element is greater than the comparison value.	remote-address>192.168.255.130
<	The input element is less than the comparison value.	remote-address<192.168.255.135