Example reverse proxy log for OAuth and OIDC configuration
The log file for the automated configuration of a reverse proxy instance lists the
configuration actions taken.
Sample output:
- Junction creation
Created junction at /mga
- Reverse proxy configuration file changes
setting stanza value:
[server] http-method-disabled-remote = TRACE,CONNECT
setting stanza value:
[eai] eai-auth = https
setting stanza value:
[eai] retain-eai-session = yes
setting stanza value:
[eai] eai-redir-url-priority = yes
adding stanza value:
[eai-trigger-urls] trigger = /mga/sps/oauth/oauth20/session*
adding stanza value:
[eai-trigger-urls] trigger = /mga/sps/auth*
adding stanza value:
[eai-trigger-urls] trigger = /mga/sps/authservice/authentication*
setting stanza value:
[azn-decision-info] HTTP_HOST_HDR = header:host
setting stanza value:
[azn-decision-info] HTTP_REQUEST_SCHEME = scheme
setting stanza value:
[azn-decision-info] HTTP_REQUEST_METHOD = method
setting stanza value:
[azn-decision-info] HTTP_REQUEST_URI = uri
setting stanza value:
[azn-decision-info] HTTP_AZN_HDR = header:authorization
setting stanza value:
[azn-decision-info] HTTP_CONTENT_TYPE_HDR = header:content-type
setting stanza value:
[azn-decision-info] HTTP_TRANSFER_ENCODING_HDR = header:transfer-encoding
setting stanza value:
[oauth] oauth-auth = https
setting stanza value:
[oauth] default-fed-id = https://localhost/sps/oauth/oauth20
setting stanza value:
[oauth] fed-id-param = FederationId
setting stanza value:
[oauth] cluster-name = oauth-cluster
setting stanza value:
[oauth] user-identity-attribute = username
setting stanza value:
[tfim-cluster:oauth-cluster] handle-pool-size = 10
setting stanza value:
[tfim-cluster:oauth-cluster] handle-idle-timeout = 240
setting stanza value:
[tfim-cluster:oauth-cluster] timeout = 240
setting stanza value:
[tfim-cluster:oauth-cluster] server = 9,https://localhost:443/TrustServerWS/SecurityTokenServiceWST13
setting stanza value:
[tfim-cluster:oauth-cluster] basic-auth-user = easuser
setting stanza value:
[tfim-cluster:oauth-cluster] basic-auth-passwd = ####
setting stanza value:
[tfim-cluster:oauth-cluster] ssl-keyfile = /var/pdweb/shared/keytab/pdsrv.kdb
setting stanza value:
[tfim-cluster:oauth-cluster] ssl-keyfile-stash = /var/pdweb/shared/keytab/pdsrv.sth
setting stanza value:
[session] require-mpa = no
setting stanza value:
[session] user-session-ids = yes
setting stanza value:
[session-http-headers] Authorization = https
Create or modify an ACL
Performing pdadmin cmd:
acl create isam_mobile_anyauth
Performing pdadmin cmd:
acl modify isam_mobile_anyauth description OAuth_Auto_Configuration
Performing pdadmin cmd:
acl modify isam_mobile_anyauth set user sec_master TcmdbsvaBRrxl
Performing pdadmin cmd:
acl modify isam_mobile_anyauth set group iv-admin TcmdbsvaBRrxl
Performing pdadmin cmd:
acl modify isam_mobile_anyauth set group webseal-servers Tgmdbsrxl
Performing pdadmin cmd:
acl modify isam_mobile_anyauth set any-other Tr
Performing pdadmin cmd:
acl modify isam_mobile_anyauth set unauth T
Performing pdadmin cmd:
acl create isam_mobile_nobody
Performing pdadmin cmd:
acl modify isam_mobile_nobody description OAuth_Auto_Configuration
Performing pdadmin cmd:
acl modify isam_mobile_nobody set user sec_master TcmdbsvaBRrxl
Performing pdadmin cmd:
acl modify isam_mobile_nobody set group iv-admin TcmdbsvaBRrxl
Performing pdadmin cmd:
acl modify isam_mobile_nobody set group webseal-servers Tgmdbsrxl
Performing pdadmin cmd:
acl modify isam_mobile_nobody set any-other T
Performing pdadmin cmd:
acl modify isam_mobile_nobody set unauth T
Attaching an ACL
Performing pdadmin cmd:
acl attach /WebSEAL/isam-default/mga/sps/oauth/oauth20/session isam_mobile_unauth
Performing pdadmin cmd:
acl attach /WebSEAL/isam-default/mga/sps/oauth/oauth20/token isam_mobile_unauth
Performing pdadmin cmd:
acl attach /WebSEAL/isam-default/mga/sps/static isam_mobile_unauth
Performing pdadmin cmd:
acl attach /WebSEAL/isam-default/mga/sps/wssoi isam_mobile_anyauth
Performing pdadmin cmd:
acl attach /WebSEAL/isam-default/mga/sps/xauth isam_mobile_anyauth
Parent topic: Reverse proxy configuration for OAuth and OIDC provider