To create an external authorization server aliasTo create an external authorization server aliasField | Description |
Name | Alias for the external authorization server. The following characters are prohibited: ? [ ] / \ = + < > : ; " , * | ^ @ |
Introspection Endpoint | The URL of the introspection endpoint for the external authorization server. Integration Server uses the introspection endpoint to determine if access tokens used in client requests are currently active. |
Client Id | The ID of the user account that Integration Server uses when sending requests to the introspection endpoint of the external authorization server. |
Client Secret | The password for the user account that Integration Server uses when sending requests to the introspection endpoint of the external authorization server. |
User | The Integration Server user account that Integration Server uses to execute the client request. If the client is requesting a service, this is the user account that Integration Server uses to execute the service, which occurs after Integration Server calls the introspection endpoint. If the client is requesting a file, this is the user account that Integration Server uses to access the file. The User value is used only if the introspection endpoint of the external authorization server indicates that the access token is currently active. Click  to search for and select your user. A user can be selected from the local or central directory. |
Keystore Alias (optional) | The alias of the keystore on Integration Server that holds the digital certificate that Integration Server sends to the external authorization server during the mutual (two-way) SSL handshake. You need to select a keystore alias only when the client account on the external authorization server is configured to use mutual (two-way) SSL. |
Key Alias (Optional) | The alias of the Integration Server private key and associated digital certificate that Integration Server sends to the external authorization server during the mutual (two-way) SSL handshake. You need to select a key alias only when the client account on the external authorization server is configured to use mutual (two-way) SSL. |
Truststore Alias (Optional) | The alias of the truststore on Integration Server that holds the Certificate Authority (CA) certificate of the external authorization server. You need to select a truststore alias only when all of the following are true:  The client account on the external authorization server is configured to use mutual (two-way) SSL, andThe authorization server’s Certificate Authority certificate is not in the set of well-known authorities trusted by the JVM in which Integration Server runs, andThe watt.security.cert.wmChainVarifier.trustByDefault property is set to false. |
Default Scope | Default scope that takes effect when no scope is explicitly stated in the response from the external authorization server's introspection endpoint. Enter the scope values in this field exactly as they are defined on the external authorization server. When responses from an external authorization server's introspection endpoint do not return a scope value and a Default Scope is not specified, Integration Server considers requests bearing the access token from the authorization server to be out of scope and rejects the requests with a 401 response. |