Configuring a single sign-on database

In order to provide single sign-on capabilities, the User Management Service (UMS) issues and validates security tokens and registers each client (OpenID Connect Relying Party). When running multiple server clones in a fail-over enabled load-balancing environment, all servers must have access to a shared database to ensure that each server can validate tokens that are issued by the other servers.
Quick start: For a quick start configuration, no database configuration is needed.
  1. Create a database for single sign on according to the documentation for your database.
  2. Only for UMS versions before 1.1.0: Perform the database setup to create the database tables as described in Persisting OAuth services with a database store. Note that for UMS version 1.1.0 and later, these tables are created automatically during server start if they don't exist.
  3. Copy the Java Database Connectivity (JDBC) driver for the database to wlp/usr/shared/resources/db.type/.
  4. Ensure that the following properties are specified:
    • db.type
    • oauth.db.name
    • oauth.db.hostname
    • oauth.db.port
    • oauth.db.user
    • oauth.db.password
    For more information about these properties, see Specifying basic User Management Service configuration settings

Next, perform Securing the User Management Service.

Important: It is not necessary to add additional features, such as openidConnectServer-1.0 or oauth-2.0, because they are implicitly loaded by the ibmUserManagement:userManagementService-1.0 feature. Also, you do not need to add any registered clients as described in the Liberty documentation.