Enabling your system to use the OAuth 2.0 feature

Before you begin

This task assumes that you are familiar with the OAuth 2.0 feature.

About this task

Before you can use the OAuth 2.0 feature, you must install the OAuth 2.0 service provider application and enable the OAuth 2.0 Trust Association Interceptor (TAI).

Procedure

  1. Install the OAuth 2.0 service provider application.
    1. Navigate to the app_server_root/bin directory.
    2. Run the installOAuth2Service.py script for each profile that you want OAuth 2.0 enabled.
      For example:
      wsadmin -f installOAuth2Service.py install <nodeName> <serverName> -profileName <profileName>
      or
      wsadmin -f installOAuth2Service.py install <clusterName>
      where
      nodeName is the node name of the target application server.
      serverName is the server name of the target application server.
      profileName is the name of the profile where the OAuth service provider is installed.
      clusterName is the name of the cluster where the OAuth service provider is installed.
  2. Enable OAuth TAI. You can enable OAuth 2.0 TAI by using either the wsadmin command utility or the administrative console. Choose one of the following procedures:
    1. Enable OAuth TAI by using the wsadmin command utility.
      1. Start the WebSphere® Application Server.
      2. Start the wsadmin command utility from the app_server_root/bin directory by entering the command: wsadmin -lang jython.
      3. At the wsadmin prompt, enter the following command: AdminTask.enableOAuthTAI().
      4. Save the configuration by entering the following command: AdminConfig.save().
      5. Exit the wsadmin command utility by entering the following command: quit.
      6. Restart the WebSphere Application Server.
    2. Enable OAuth TAI by using the administrative console.
      1. Log on to the WebSphere Application Server administrative console.
      2. Click Security > Global security.
      3. Expand Web and SIP security and click Trust association.
      4. Under the General Properties heading, select the Enable trust association check box.
      5. Click Interceptors.
      6. Click New and enter com.ibm.ws.security.oauth20.tai.OAuthTAI in the Interceptor class name field.
      7. Click OK.
      8. Click Global Security.
      9. Under Custom properties, provide the following custom property information: Name: com.ibm.websphere.security.InvokeTAIbeforeSSO and Value: com.ibm.ws.security.oauth20.tai.OAuthTAI.
        Avoid trouble: If this custom property exists, edit its value to add com.ibm.ws.security.oauth20.tai.OAuthTAI.
      10. Click OK.
      11. Restart WebSphere Application Server.

Results

The OAuth 2.0 TAI is now enabled for WebSphere Application Server.

What to do next

After enabling the OAuth 2.0 feature, you must configure WebSphere Application Server as an OAuth service provider by creating one or more OAuth providers.