Enabling your system to use the OAuth 2.0 feature
Steps
- Install the OAuth 2.0 service provider application.
For each profile to be OAuth 2.0 enabled. For example:
cd app_server_root/bin
wsadmin -f installOAuth2Service.py install <nodeName> <serverName> -profileName <profileName>...or...
wsadmin -f installOAuth2Service.py install <clusterName>
where...
nodeName node name of the target application server serverName server name of the target application server. profileName name of the profile where the OAuth service provider is installed. clusterName Name of the cluster where the OAuth service provider is installed.
- Enable OAuth TAI using either the wsadmin command utility or the administrative console.
Commandline:
app_server_root/bin
./wsadmin -lang jython
AdminTask.enableOAuthTAI()
AdminConfig.save()
quitAdministrative console:
- Log on to the WebSphere Application Server administrative console and select...
Security > Global security > Expand Web and SIP security > Trust association > General Properties > Enable trust association (check box)
- Click...
Interceptors > New > Interceptor class name
...and enter...
com.ibm.ws.security.oauth20.tai.OAuthTAI
- Click...
OK > Global Security > Custom properties
...and set...
com.ibm.websphere.security.InvokeTAIbeforeSSO = com.ibm.ws.security.oauth20.tai.OAuthTAI
If this custom property exists, edit its value to add com.ibm.ws.security.oauth20.tai.OAuthTAI.
- Click OK.
- Restart WebSphere Application Server.
The OAuth 2.0 TAI is now enabled for WebSphere Application Server.
After enabling the OAuth 2.0 feature, configure WebSphere Application Server as an OAuth service provider by creating one or more OAuth providers.
Related concepts