Integration Server Administrator's Guide : Configuring OAuth : Configuring the Authorization Server : Configuring OAuth Settings
Configuring OAuth Settings
The OAuth global settings for the authorization server control whether HTTPS is required for OAuth communications. You can also specify global values for authorization code and access token expiration intervals. The expiration intervals can be set globally or configured for each individual client.
To configure the OAuth settings
1. Open Integration Server Administrator if it is not already open.
2. In the Security menu of the Navigational Panel, click OAuth.
3. Click Edit OAuth Global Settings.
4. Complete the fields as follows:
Field
Description
Require HTTPS
Indicates whether the authorization server should require an HTTPS connection to authorize requests.
If enabled (the default), Integration Server requires that the authorization server uses HTTPS to invoke the pub.oauth services. If disabled, Integration Server allows client applications to use HTTP to access the pub.oauth services.
Note:  
If Require HTTPS is enabled and the client application accesses any of the pub.oauth services over HTTP, Integration Server issues an HTTP 500 error response to the client and writes a service exception to the error log.
Important:  
You can disable Require HTTPS to simplify development, but you should use HTTPS in production in accordance with the OAuth Framework. If you do not require HTTPS, the authorization server transmits access tokens in clear text, making them vulnerable to theft.
Authorization code expiration interval
Specifies the length of time (in seconds) that the authorization code issued by the authorization server is valid.
Valid values are between 1 and 2147483647. The default value is 600.
Access token expiration interval
Specifies the length of time (in seconds) that access tokens issued by the authorization server are valid.
Select...
To...
Never Expires
Indicate that the access token never expires
Expires in and enter the number of seconds. The maximum value is 2147483647. The default is 3600.
Specify the length of time that the access token is valid
Authorization server
If you are configuring Integration Server as a resource server, this indicates a local or remote Integration Server to use as the authorization server. If you have not already defined an alias for the authorization server, click the link to go to the Remote Servers screen.
If the resource server is the same Integration Server as the authorization server, set to local.
If you are configuring Integration Server as the authorization server only, Integration Server ignores the value of this field.
The list displays the configured remote server aliases that are available for use. For information about creating a remote server alias, see Setting Up Aliases for Remote Integration Servers.
5. Click Save Changes.
Copyright © 2015- 2017 Software AG, Darmstadt, Germany. (Innovation Release)
Product LogoContact Support   |   Community   |   Feedback