Create an OAuth service provider using wsadmin
The OAuth service provider includes the authorization server and the resource server.
- Enable the OAuth 2.0 feature.
- Create an OAuth provider configuration file.
For a template, use...
app_server_root/properties/OauthConfigSample.xml
Ensure that the value of the filter parameter in the provider configuration file matches the URL of the protected resource.
- Create OAuth provider.
We can create the OAuth provider using either wsadmin utility or the console.
- Create the OAuth provider using wsadmin.sh...
- Start wsadmin...
cd app_server_root/bin
wsadmin -lang jythonAt the wsadmin prompt, enter:
AdminTask.createOAuthProvider('[-providerName <OAuthProviderName> -fileName <ProviderConfigFile>]')
- AdminConfig.save()
quitFor example:
AdminTask.createOAuthProvider('[-providerName OAuthConfigSample -fileName c:/temp/OAuthConfigSample.xml]')
The command copies the provider configuration file to...
<was_profile_root>/config/cells/cell/oauth20
Restart the WAS.
- Create the OAuth provider using the console.
Copy the provider configuration file to...
<was_profile_home>/config/cells/cell/oauth20
- Log on to the WAS console and click...
Security | Global security | | Web and SIP security | Trust association | Interceptors | com.ibm.ws.security.oauth20.tai.OAuthTAI | Custom properties
- Add the the following properties:
Name: provider_1.name
Value: <OauthProviderName>The provider name must be the same as the provider configuration file name, without the file extension. For example, if the provider configuration file is OauthConfigSample.xml, specify OauthConfigSample as the provider name.gotcha
Name: provider_1.filter
Value: <filter_condition>The value of the filter property specifies the filter condition for the protected resource. For example:
request-url%=snoop, applicationNames==OAuthApplication
- Restart WAS.
- Register OAuth clients.
Before OAuth clients can access any resources protected by the OAuth trust association interceptor (TAI), the clients must be registered with the OAuth service provider.
- Register clients using an XML file.
The OauthConfigSample.xml template provider configuration file provides a class...
com.ibm.ws.security.oauth20.plugins.BaseClientProvider
...that stores the registered clients in...
was_profile_root/config/cells/cell/oauth20/base.clients.xml
Add one or more OAuth clients to base.clients.xml. For a template, use...
app_server_root/properties/base.clients.xml
- Register clients using a JDBC database store.
The OauthConfigSample.xml template provider configuration file contains example parameters for configuring a JDBC database store for registering OAuth clients.
Results
Your WebSphere Application Server is now configured as a service provider for OAuth 2.0.
What to do next
For additional configuration options for the service provider, see the following topics:
- OAuth TAI custom properties
- OAuth (AdminTask)
Related concepts
OAuth (AdminTask)OAuth TAI custom properties