API Management 10.4 | Administering Integration Server | Configuring OAuth | Configuring Integration Server for OAuth | Configuring OAuth Settings
 
Configuring OAuth Settings
The OAuth global settings for the authorization server control whether HTTPS is required for OAuth communications. You can also specify global values for authorization code and access token expiration intervals. The expiration intervals can be set globally or configured for each individual client.
* To configure the OAuth settings
1. Open Integration Server Administrator if it is not already open.
2. In the Security menu of the Navigational Panel, click OAuth.
3. Click Edit OAuth Global Settings.
4. Under Authorization Server Settings, complete the following fields for when Integration Server acts as the authorization sever.
Field
Description
Require HTTPS
Indicates whether the authorization server should require an HTTPS connection to authorize requests.
If enabled (the default), Integration Server requires that the authorization server uses HTTPS to invoke the pub.oauth services. If disabled, Integration Server allows client applications to use HTTP to access the pub.oauth services.
If Require HTTPS is enabled and the client application accesses any of the pub.oauth services over HTTP, Integration Server issues an HTTP 400 error response to the client and writes a service exception to the error log.
Important: You can disable Require HTTPS to simplify development, but you should use HTTPS in production in accordance with the OAuth Framework. If you do not require HTTPS, the authorization server transmits access tokens in clear text, making them vulnerable to theft.
Authorization code expiration interval
Specifies the length of time (in seconds) that the authorization code issued by the authorization server is valid.
Valid values are between 1 and 2147483647. The default value is 600.
Access token expiration interval
Specifies the length of time (in seconds) that access tokens issued by the authorization server are valid.
Select
To.
Never Expires
Indicate that the access token never expires
Expires in and enter the number of seconds. The maximum value is 2147483647. The default is 3600.
Specify the length of time that the access token is valid
Token endpoint authorization
Specifies whether the token endpoint accepts an existing session or requires credentials for authentication. The pub.oauth:getToken service functions as the token endpoint. Clients invoke this service to requests an access token from the Integration Server authorization server.
Select
To
Accept existing session
Indicate that the token endpoint service will accept requests from clients that have an active session on Integration Server. If these clients supply a valid session identified in the Cookie request header, the clients do not have to provide credentials to use the pub.oauth:getToken service. This is the default behavior and matches the behavior that existed prior to the Integration Server version 10.3.
Require credentials
Require clients to provide their credentials in the Authorization request header every time they request a new access token or refresh an existing access token by calling the pub.oauth:getToken service.
Note: The pub.oauth:getToken service replaces the pub.oauth:getAccessToken and pub.oauth:refreshAccessToken services which are deprecated.
Note: Token endpoint authorization impacts clients using the authorization code grant type, resource owner password credentials grant type, and client credentials grant type.
5. Under Resource Server Settings, if you are configuring Integration Server as a resource server, in the Authorization server list, select the server that will be the authorization server.
You can use an Integration Server as the authorization server or you can use an external authorization server. The Authorization server list displays the configured remote server aliases and external authorization server aliases that are available for use.
If you intend to use a remote Integration Server as the authorization server and you have not already defined an alias for the authorization server, click the Authorization server link to go to the Settings > Remote Servers screen. For information about creating a remote server alias, see Setting Up Aliases for Remote Integration Servers.
If you intend to use an external authorization server and you have not already defined an alias for the authorization server, click the Add External Authorization Server link to go to the External Authorization Server > Add screen. For information about creating an alias for an external authorization server, see Using an External Authorization Server.
If you are configuring Integration Server as the authorization server only, Integration Server ignores the value of the Authorization server field.
6. Click Save Changes.

Copyright © 2015- 2019 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release