My webMethods Server 10.7 | My webMethods Server Webhelp | Administering My webMethods Server | System Administrator Functions | Managing Security | Configuring OAuth 2.0 Authentication | Configuring an OAuth 2.0 Service
 
Configuring an OAuth 2.0 Service
Both Administrator and sysadmin users can add, remove, or modify OAuth 2.0 services.
*To configure a new OAuth 2.0 service
1. Navigate to the OAuth2 Administration page and click the Add OAuth Configuration tab.
*As sysadmin: Folders > My webMethods Applications > Fabric Tasks > Administration > My webMethods > OAuth2 Administration
*As Administrator: Applications > Administration > My webMehods > OAuth2 Administration
2. On the Add OAuth Configuration tab, specify:
The following table lists the properties, required to configure an OAuth service:
Field
Description
Name
Required. The name of the OAuth 2.0 service.
Service Enabled
Required. Select an option from the drop-down list to enable or disable the OAuth 2.0 service. By default, newly created services are enabled.
Discovery Document URL
Required. The URL of the discovery service of the OpenID Connect provider, from your registration with the provider.
OAuth 2.0 Client Identifier
Required. The OAuth 2.0 client identifier, valid at the authorization server, from your registration with the provider.
OAuth 2.0 Client Secret
Required. The client secret to use for OAuh 2.0 authorization, from your registration with the provider.
OpenID Connect Scopes
Required. The scope of the requested authorization, as defined by OpenID Connect. The default is openid,profile,email. For more information about available scopes, see the identity provider documentation.
Redirection URI
Required. The My webMethods Server URL that you provided when registering with the identity provider.
OpenID Connect Provider Name
Required. The name of the OpenID Connect provider. My webMethods Server displays this name on the preconfigured Login with provider_name button. For more information, see Customizing the My webMethods Login Page for OAuth 2.0 Authentication.
Access Claim
Required. The access claim that allows registering users in My webMethods Server. For more information about available claims, see the identity provider documentation.
Subject Claim
Required. The subject claim that identifies the user.
User Service Name
Optional. The name of a custom service that creates internal My webMethods users for the external accounts, authenticated using the OAuth 2.0 flow. For more information about users and roles in the OAuth 2.0 authentication flow, see Configuring OAuth 2.0 Authentication.
Role Name
Optional. The name of the role to inject with custom OAuth attributes. My webMethods users that authenticate using the OAuth 2.0 flow will be assigned to this role. The default is OAuthSinkRole.
Role Member Attributes
Optional. The list of claims to add to the membership attributes of the role. Specify a comma-separated list of claims. For more information about available claims, see the identity provider documentation.
Prompt
Optional. The type of prompt that the identity provider uses to authenticate a user. The default value is login - the identity provider asks the user to log in.
Create New User
Optional. Whether to register a new My webMethods system user for each user that logs in using the OAuth authentication flow. The default value is Yes. Create a new user..
3. Click Submit.
When you submit the configuration, My webMethods Server generates an authentication URL in the Auth URL field. This URL is required to add the OAuth 2.0 configuration as a login option. For more information about adding OAuth 2.0 authentication to the My webMethods login page, see Customizing the My webMethods Login Page for OAuth 2.0 Authentication.