Before you begin
This task assumes that you are familiar with the OAuth 2.0 feature.
About this task
Before you can use the OAuth 2.0 feature, you must install the OAuth 2.0 service provider
application and enable the OAuth 2.0 Trust Association Interceptor (TAI).
Procedure
- Install the OAuth 2.0 service provider application.
- Navigate to the app_server_root/bin directory.
- Run the installOAuth2Service.py script for each profile that you want
OAuth 2.0 enabled. For
example:
wsadmin -f installOAuth2Service.py install <nodeName> <serverName> -profileName <profileName>
orwsadmin -f installOAuth2Service.py install <clusterName>
where
nodeName is the node name of the target application server.
serverName is the server name of the target application server.
profileName is the name of the profile where the OAuth service provider is installed.
clusterName is the name of the cluster where the OAuth service provider is installed.
- Enable OAuth TAI. You can enable OAuth 2.0 TAI by using either the wsadmin
command utility or the administrative console. Choose one of the following procedures:
- Enable OAuth TAI by using the wsadmin command utility.
- Start the WebSphere® Application Server.
- Start the wsadmin command utility from the
app_server_root/bin directory by entering the command: wsadmin -lang
jython.
- At the wsadmin prompt, enter the following command:
AdminTask.enableOAuthTAI().
- Save the configuration by entering the following command:
AdminConfig.save().
- Exit the wsadmin command utility by entering the following command:
quit.
- Restart the WebSphere Application Server.
- Enable OAuth TAI by using the administrative console.
- Log on to the WebSphere Application Server
administrative console.
- Click .
- Expand and click .
- Under the heading, select the check box.
- Click .
- Click and enter com.ibm.ws.security.oauth20.tai.OAuthTAI in the field.
- Click .
- Click .
- Under , provide the following custom property information: Name:
com.ibm.websphere.security.InvokeTAIbeforeSSO and Value:
com.ibm.ws.security.oauth20.tai.OAuthTAI.
Avoid trouble: If this custom
property exists, edit its value to add
com.ibm.ws.security.oauth20.tai.OAuthTAI.
gotcha
- Click .
- Restart WebSphere Application Server.
Results
The OAuth 2.0 TAI is now enabled for WebSphere
Application Server.
What to do next
After enabling the OAuth 2.0 feature, you must configure WebSphere Application Server as an OAuth service provider by creating one
or more OAuth providers.