Example reverse proxy log for OAuth and OIDC configuration
The log file for the automated configuration of a reverse proxy instance lists the configuration actions taken.
Sample output:
- Junction
creation
Performing pdadmin cmd:
server task default-webseald-server create -t ssl -h localhost -p 443
-b ignore -c all -j -J inhead -k -r -e utf8_uri -f /mga
Created junction at /mga - Reverse proxy configuration file
changes
setting stanza value: [server] http-method-disabled-remote = TRACE,CONNECT setting stanza value: [eai] eai-auth = https setting stanza value: [eai] retain-eai-session = yes setting stanza value: [eai] eai-redir-url-priority = yes adding stanza value: [eai-trigger-urls] trigger = /mga/sps/oauth/oauth20/session* adding stanza value: [eai-trigger-urls] trigger = /mga/sps/auth* adding stanza value: [eai-trigger-urls] trigger = /mga/sps/authservice/authentication* setting stanza value: [azn-decision-info] HTTP_HOST_HDR = header:host setting stanza value: [azn-decision-info] HTTP_REQUEST_SCHEME = scheme setting stanza value: [azn-decision-info] HTTP_REQUEST_METHOD = method setting stanza value: [azn-decision-info] HTTP_REQUEST_URI = uri setting stanza value: [azn-decision-info] HTTP_AZN_HDR = header:authorization setting stanza value: [azn-decision-info] HTTP_CONTENT_TYPE_HDR = header:content-type setting stanza value: [azn-decision-info] HTTP_TRANSFER_ENCODING_HDR = header:transfer-encoding setting stanza value: [oauth] oauth-auth = https setting stanza value: [oauth] default-fed-id = https://localhost/sps/oauth/oauth20 setting stanza value: [oauth] fed-id-param = FederationId setting stanza value: [oauth] cluster-name = oauth-cluster setting stanza value: [oauth] user-identity-attribute = username setting stanza value: [tfim-cluster:oauth-cluster] handle-pool-size = 10 setting stanza value: [tfim-cluster:oauth-cluster] handle-idle-timeout = 240 setting stanza value: [tfim-cluster:oauth-cluster] timeout = 240setting stanza value:
[tfim-cluster:oauth-cluster] server = 9,
https://localhost:443/TrustServerWS/SecurityTokenServiceWST13
setting stanza value: [tfim-cluster:oauth-cluster] basic-auth-user = easuser setting stanza value: [tfim-cluster:oauth-cluster] basic-auth-passwd = #### setting stanza value: [tfim-cluster:oauth-cluster] ssl-keyfile = /var/pdweb/shared/keytab/pdsrv.kdb setting stanza value: [tfim-cluster:oauth-cluster] ssl-keyfile-stash = /var/pdweb/shared/keytab/pdsrv.sth setting stanza value: [session] require-mpa = no setting stanza value: [session] user-session-ids = yes setting stanza value: [session-http-headers] Authorization = https - Creating or modifying an
ACL
Performing pdadmin cmd: acl create isam_mobile_anyauth Performing pdadmin cmd: acl modify isam_mobile_anyauth description OAuth_Auto_Configuration Performing pdadmin cmd: acl modify isam_mobile_anyauth set user sec_master TcmdbsvaBRrxl Performing pdadmin cmd: acl modify isam_mobile_anyauth set group iv-admin TcmdbsvaBRrxl Performing pdadmin cmd: acl modify isam_mobile_anyauth set group webseal-servers Tgmdbsrxl Performing pdadmin cmd: acl modify isam_mobile_anyauth set any-other Tr Performing pdadmin cmd: acl modify isam_mobile_anyauth set unauth T Performing pdadmin cmd: acl create isam_mobile_nobody Performing pdadmin cmd: acl modify isam_mobile_nobody description OAuth_Auto_Configuration Performing pdadmin cmd: acl modify isam_mobile_nobody set user sec_master TcmdbsvaBRrxl Performing pdadmin cmd: acl modify isam_mobile_nobody set group iv-admin TcmdbsvaBRrxl Performing pdadmin cmd: acl modify isam_mobile_nobody set group webseal-servers Tgmdbsrxl Performing pdadmin cmd: acl modify isam_mobile_nobody set any-other T Performing pdadmin cmd: acl modify isam_mobile_nobody set unauth T - Attaching an
ACL
Performing pdadmin cmd: acl attach /WebSEAL/isam-default/mga/sps/oauth/oauth20/session isam_mobile_unauth Performing pdadmin cmd: acl attach /WebSEAL/isam-default/mga/sps/oauth/oauth20/token isam_mobile_unauth Performing pdadmin cmd: acl attach /WebSEAL/isam-default/mga/sps/static isam_mobile_unauth Performing pdadmin cmd: acl attach /WebSEAL/isam-default/mga/sps/wssoi isam_mobile_anyauth Performing pdadmin cmd: acl attach /WebSEAL/isam-default/mga/sps/xauth isam_mobile_anyauth