WAS v8.5 > Secure applications > Authorizing access to resources > OAuth > OAuth 2.0 services

Enable your system to use the OAuth 2.0 feature

This task assumes that you are familiar with the OAuth 2.0 feature.

Before we can use the OAuth 2.0 feature, install the OAuth 2.0 service provider application and enable the OAuth 2.0 Trust Association Interceptor (TAI).

  1. Install the OAuth 2.0 service provider application.

    1. cd app_server_root/bin directory.

    2. Run the installOAuth2Service.py script for each profile you want OAuth 2.0 enabled. For example:

        wsadmin -f installOAuth2Service.py install node server -profileName <profileName>
      or

        wsadmin -f installOAuth2Service.py install clusterName
      where

      nodeName is the node name of the target application server.
      serverName is the server name of the target application server.
      profileName is the name of the profile where the OAuth service provider is installed.
      clusterName is the name of the cluster where the OAuth service provider is installed.

  2. Enable OAuth TAI. We can enable OAuth 2.0 TAI using either wsadmin utility or the dmgr console.

    • Enabling OAuth TAI using wsadmin utility.

    1. Start the WebSphere Application Server.
    2. Start wsadmin utility from the app_server_root/bin directory by entering the command: wsadmin -lang jython.
    3. At the wsadmin prompt, enter the following command: AdminTask.enableOAuthTAI().

    4. Save the configuration by entering the following command: AdminConfig.save().
    5. Exit wsadmin utility by entering the following command: quit.

    6. Restart the WAS.

    1. Log on to the dmgr console.

    2. Click SecurityGlobal security.

    3. Expand Web and SIP security and click Trust association.

    4. Under the General Properties heading, select the Enable trust association check box and click Interceptors.

    5. Click New and enter com.ibm.ws.security.oauth20.tai.OAuthTAI in the Interceptor class name field.

    6. Click OK.

    7. Click Global Security.

    8. Under Custom properties, provide the following custom property information: Name: com.ibm.websphere.security.InvokeTAIbeforeSSO and Value: com.ibm.ws.security.oauth20.tai.OAuthTAI.

      If this custom property exists, edit its value to add com.ibm.ws.security.oauth20.tai.OAuthTAI.

    9. Click OK.

    10. Restart WAS.


Results

The OAuth 2.0 TAI is now enabled for WAS.

After enabling the OAuth 2.0 feature, configure WAS as an OAuth service provider by creating one or more OAuth providers.


+

Search Tips   |   Advanced Search