+

Search Tips   |   Advanced Search

(WAS v8.5.0.1)

Enable the system to use the OAuth 2.0 feature

This task assumes that you are familiar with the OAuth 2.0 feature.

Before we can use the OAuth 2.0 feature, install the OAuth 2.0 service provider application and enable the OAuth 2.0 Trust Association Interceptor (TAI).

  1. Install the OAuth 2.0 service provider application.

    1. Navigate to the app_server_root/bin directory.

    2. Run the installOAuth2Service.py script for each profile we want OAuth 2.0 enabled. For example:

        wsadmin -f installOAuth2Service.py install <nodeName> <serverName> -profileName <profileName>

      or

        wsadmin -f installOAuth2Service.py install <clusterName>

      where

      nodeName is the node name of the target application server.
      serverName is the server name of the target application server.
      profileName is the name of the profile where the OAuth service provider is installed.
      clusterName is the name of the cluster where the OAuth service provider is installed.

  2. Enable OAuth TAI. We can enable OAuth 2.0 TAI by using either wsadmin utility or the console.

    • Enable OAuth TAI using wsadmin utility.

    1. Start the WAS.

    2. Start wsadmin utility from the app_server_root/bin directory by entering the command: wsadmin -lang jython.

    3. At the wsadmin prompt, enter the following command: AdminTask.enableOAuthTAI().

    4. Save the configuration: AdminConfig.save().

    5. Exit wsadmin utility by entering the following command: quit.

    6. Restart the WAS.

    • Enable OAuth TAI using the console.

    1. Log on to the WAS console.

    2. Click Security | Global security

    3. Expand Web and SIP security and click Trust association.

    4. Under the General Properties heading, select the Enable trust association check box and click Interceptors.

    5. Click New and enter com.ibm.ws.security.oauth20.tai.OAuthTAI in the Interceptor class name field.

    6. Click OK.

    7. Click Global Security.

    8. Under Custom properties, provide the following custom property information: Name: com.ibm.websphere.security.InvokeTAIbeforeSSO and Value: com.ibm.ws.security.oauth20.tai.OAuthTAI.

      Avoid trouble: If this custom property exists, edit its value to add com.ibm.ws.security.oauth20.tai.OAuthTAI.gotcha

    9. Click OK.

    10. Restart WebSphere Application Server.


Results

The OAuth 2.0 TAI is now enabled for WebSphere Application Server.


What to do next

After enabling the OAuth 2.0 feature, configure WebSphere Application Server as an OAuth service provider by creating one or more OAuth providers.