Before you begin
This task assumes that you are familiar with the OAuth 2.0
feature.
About this task
Before you can use the OAuth 2.0 feature, you must install
the OAuth 2.0 service provider application and enable the OAuth 2.0
Trust Association Interceptor (TAI).
Procedure
- Install the OAuth 2.0 service provider application.
- Navigate to the app_server_root/bin directory.
- Run the installOAuth2Service.py script
for each profile that you want OAuth 2.0 enabled. For
example:
wsadmin -f installOAuth2Service.py install <nodeName> <serverName> -profileName <profileName>
orwsadmin -f installOAuth2Service.py install <clusterName>
where nodeName is the node name of the target application server.
serverName is the server name of the target application server.
profileName is the name of the profile where the OAuth service provider is installed.
clusterName is the name of the cluster where the OAuth service provider is installed.
- Enable OAuth TAI. You can enable OAuth 2.0 TAI
by using either the wsadmin command utility or the
administrative console.
- Enabling OAuth TAI by using the wsadmin command
utility.
- Start the WebSphere® Application
Server.
- Start the wsadmin command utility from
the app_server_root/bin directory by entering
the command: wsadmin -lang jython.
- At the wsadmin prompt, enter the
following command: AdminTask.enableOAuthTAI().
- Save the configuration by entering the following command: AdminConfig.save().
- Exit the wsadmin command utility by
entering the following command: quit.
- Restart the WebSphere Application
Server.
- Enabling OAuth TAI by using the administrative console.
- Log on to the WebSphere Application
Server administrative console.
- Click .
- Expand and click .
- Under the heading, select the check box and click .
- Click and enter com.ibm.ws.security.oauth20.tai.OAuthTAI in
the field.
- Click .
- Click .
- Under , provide the following custom property information:
Name: com.ibm.websphere.security.InvokeTAIbeforeSSO and
Value: com.ibm.ws.security.oauth20.tai.OAuthTAI.
Avoid trouble: If this custom property exists, edit
its value to add
com.ibm.ws.security.oauth20.tai.OAuthTAI.
gotcha
- Click .
- Restart WebSphere Application
Server.
Results
The OAuth 2.0 TAI is now enabled for WebSphere Application Server.
What to do next
After enabling the OAuth 2.0 feature, you must configure WebSphere Application Server
as an OAuth service provider by creating one or more OAuth providers.